On Mon, 2014-12-29 at 18:25 -0800, David Lang wrote: > On Mon, 29 Dec 2014, Mimi Zohar wrote: > > > Thanks Rob for the explanation. The problem is that ramfs does not > > support extended attributes, while tmpfs does. The boot loader could > > "measure" (trusted boot) the initramfs, but as the initramfs is > > generated on the target system, the initramfs is not signed, preventing > > it from being appraised (secure Boot). To close the initramfs integrity > > appraisal gap requires verifying the individual initramfs file > > signatures, which are stored as extended attributes. > > what's the point of checking the files on the filesystem against signatures > stored on the same filesystem? If someone could alter the file contents they > can > alter the signatures as well.
It's all about limiting which public keys can be used to verify the file signatures. As of 3.17, only keys signed by a "trusted" key on the system keyring may be added to the IMA keyring. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
