On Mon, 29 Dec 2014, Mimi Zohar wrote:
Thanks Rob for the explanation. The problem is that ramfs does not support extended attributes, while tmpfs does. The boot loader could "measure" (trusted boot) the initramfs, but as the initramfs is generated on the target system, the initramfs is not signed, preventing it from being appraised (secure Boot). To close the initramfs integrity appraisal gap requires verifying the individual initramfs file signatures, which are stored as extended attributes.
what's the point of checking the files on the filesystem against signatures stored on the same filesystem? If someone could alter the file contents they can alter the signatures as well.
David Lang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
