Re: [Linux-ima-user] [PATCH] evm: provide portable EVM signature version.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi, Mimi

> On Sat, 2016-12-24 at 01:59 +0300, Mikhail Kurinnoi wrote:
> > I am not sure, if portable EVM signature version is still in
> > discussion or not, but, in case of someone interested in this
> > feature too, I propose to discuss patch that I am using. This patch
> > are used for custom kernels in order to provide initial EVM signed
> > files in packages from package build server to desktop PCs.  
> 
> A portable EVM signature, which can be included in an archive, is
> important.   There were good reasons for including file system
> specific information in the HMAC calculation.  By removing these
> fields,  the new format does not provide the same security guarantees
> as the existing format.  
> 
> Instead of converting the EVM signature to an HMAC on first access,  I
> would prefer that the new format never be written out to the file
> system, but converted to an HMAC after verification in
> evm_inode_post_setxattr().  This would provide the benefits of a
> portable EVM format, without loosing the existing security guarantees.

Yes, I think, we can use additional verification in
evm_inode_post_setxattr() since we have xattr_value and could use it
directly in evm_calc_hash() and integrity_digsig_verify(). In the same
time, all work with EVM portable signature version must be prohibited in
evm_verify_hmac() in order to prevent any work with it for sure.

I will think more about this. I hope, Dmitry will take a part in this
thread discussion, probably, he have some ideas too.

-- 
Best regards,
Mikhail Kurinnoi