On Wed, Jul 3, 2019 at 9:11 AM Jarkko Sakkinen
wrote:
> +Before calling ExitBootServices() Linux EFI stub copies the event log to
> +a custom configuration table defined by the stub itself. Unfortanely,
> +the events generated by ExitBootServices() do end up to the table.
"Unfortunately, the even
On Tue, Nov 7, 2017 at 2:36 AM, Roberto Sassu wrote:
> Finally, digest lists address also the third issue because Linux
> distribution vendors already provide the digests of files included in each
> RPM package. The digest list is stored in the RPM header, signed by the
> vendor.
RPM's hardly uni
On Tue, Nov 7, 2017 at 12:53 PM, Roberto Sassu wrote:
> On 11/7/2017 3:49 PM, Matthew Garrett wrote:
>> RPM's hardly universal, and distributions are in the process of moving
>> away from using it for distributing non-core applications (Flatpak and
>> Snap are becoming
On Wed, Nov 8, 2017 at 7:00 AM, Roberto Sassu wrote:
> On 11/7/2017 7:06 PM, Matthew Garrett wrote:
>> But we're still left in a state where the kernel has to end up
>> supporting a number of very niche formats, and userland agility is
>> tied to the kernel. I think i
On Thu, Nov 9, 2017 at 4:51 AM, Roberto Sassu wrote:
> On 11/8/2017 4:48 PM, Matthew Garrett wrote:
>> The code doing the parsing is in the initramfs, which has already been
>> measured at boot time. You can guarantee that it's being done by
>> trusted code.
>
>
On Thu, Nov 9, 2017 at 11:13 AM, Roberto Sassu wrote:
> On 11/9/2017 3:47 PM, Matthew Garrett wrote:
>> There's no need to have a policy that measures those files, because
>> they're part of the already-measured initramfs. Just set the IMA
>> policy after you'
