Mimi Zohar <zo...@linux.vnet.ibm.com> writes: > Please remind me why you can't use IMA-appraisal, which was upstreamed > in Linux 3.7? Why another method is needed?
Good question Vivek? I remeber there was a slight mismatch in the desired attributes. In particular we want signatures that are not generated on the local machine. > With IMA-appraisal, there are a couple of issues that would still need > to be addressed: > - missing the ability to specify the validation method required. > - modify the ima_appraise_tcb policy policy to require elf executables > to be digitally signed. > - security_bprm_check() is called before the binary handler is known. > > The first issue is addressed by a set of patches queued to be upstreamed > in linux-integrity/next-ima-appraise-status. > > To address the last issue would either require moving the existing > bprm_check or defining a new hook after the binary handler is known. Even if there is a small mismatch it certainly sounds like something to investigate. There are a lot of pieces flying around with IMA so an appropriate model of what needs to happen isn't in my head. As opposed to a signature in an ELF executable and a key in the kernel. Hooks aside in an IMA world where does the signing key live? Where does the signature live? Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
