Menu
▾
▴
Re: [Linux-ima-user] EVM/IMA invalid hash or public key not found
|
From: Subscription A. <4su...@gm...> - 2017-01-28 14:37:18
|
On Fri, Jan 27, 2017 at 3:18 PM, Mimi Zohar <zo...@li...> wrote: > On Fri, 2017-01-27 at 19:42 +0000, Subscription Account wrote: > > Yup, I did reboot in fix mode and saw folowing errors in dmesg/audit log. > > But don't know why would the hmac be wrong. > > > > All of the files below are signed using imasig option to evmctl. > > > > How do I troubleshoot this 😔 > > [Please inline/bottom post in the future.] > Sure > > One reason could be that you've replaced the builtin policy with a > custom policy, that does not include all of the files in the builtin > policy in the custom policy. As a result, if a file's metadata changes > on these files, the EVM hmac would not be updated appropriately. > > I have not written any policy at this point. I am just using ima_tcb and ima_appraise_tcb on the kernel commandline. > Included in the EVM hmac calculation, in addition to the security > xattrs, are some other fields (eg. ino, generation, uid, gid, mode). > > How do I verify or even do a manual calculation of HMAC? Thanks -- Raj > Mimi > > |
