On Thu, Feb 20, 2025 at 11:28:58AM +0200, Jarkko Sakkinen wrote:
> On Wed, Feb 19, 2025 at 02:10:10PM -0600, Stuart Yoder wrote:
> > The Arm specification TPM Service CRB over FF-A specification
> > defines the FF-A messages to interact with a CRB-based TPM
> > implemented as an FF-A secure partiti
Hello,
On Wed, Feb 19, 2025 at 10:29:45PM +, Jonathan McDowell wrote:
> On Wed, Jan 29, 2025 at 04:27:15PM +0100, Michal Suchánek wrote:
> > Hello,
> >
> > there is a problem report that booting a specific type of system about
> > 0.1% of the time encrypted volume (using a PCR to release the
On Wed, Feb 19, 2025 at 02:10:11PM -0600, Stuart Yoder wrote:
> Refactor TPM idle check to tpm_crb_has_idle(), and reduce paraentheses
> usage in start method checks
>
> Signed-off-by: Stuart Yoder
> ---
> drivers/char/tpm/tpm_crb.c | 36 +---
> 1 file changed, 21
On Wed, Feb 19, 2025 at 02:10:10PM -0600, Stuart Yoder wrote:
> The Arm specification TPM Service CRB over FF-A specification
> defines the FF-A messages to interact with a CRB-based TPM
> implemented as an FF-A secure partition.
>
> Spec URL:
> https://developer.arm.com/documentation/den0138/late
On Wed, Feb 19, 2025 at 02:10:14PM -0600, Stuart Yoder wrote:
> Add documentation providing details of how the CRB driver interacts
> with FF-A.
>
> Signed-off-by: Stuart Yoder
> ---
> Documentation/security/tpm/tpm_ffa_crb.rst | 65 ++
> 1 file changed, 65 insertions(+)
> c
On Thu, 2025-02-20 at 22:43 +0100, Petr Vorel wrote:
> > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote:
> > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote:
> > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote:
> > > > > > Hi Mimi,
>
> > > > > > > Kernel patch "ima: limit the
On 2/19/25 11:21 AM, Mimi Zohar wrote:
Each time a file in policy, that is already opened for read, is opened
for write a Time-of-Measure-Time-of-Use (ToMToU) integrity violation
audit message is emitted and a violation record is added to the IMA
measurement list, even if a ToMToU violation ha
On 2/19/25 11:21 AM, Mimi Zohar wrote:
Each time a file in policy, that is already opened for write, is opened
for read an open-writers integrity violation audit message is emitted
and a violation record is added to the IMA measurement list, even if an
open-writers violation has already been r
Kernel patch "ima: limit the number of open-writers integrity
violations" prevents superfluous "open-writers" violations. Add
corresponding LTP tests.
Link:
https://lore.kernel.org/linux-integrity/20250219162131.416719-2-zo...@linux.ibm.com/
Signed-off-by: Mimi Zohar
---
.../integrity/ima/test
Add support for the number of expected violations. Include the
expected number of violations in the output.
Signed-off-by: Mimi Zohar
---
.../security/integrity/ima/tests/ima_violations.sh | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/securi
Kernel patch "ima: limit the number of ToMToU integrity violations"
prevents superfluous ToMToU violations. Add corresponding LTP tests.
Link:
https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zo...@linux.ibm.com/
Signed-off-by: Mimi Zohar
---
.../integrity/ima/tests/ima_violatio
Hi Mimi,
> Kernel patch "ima: limit the number of ToMToU integrity violations"
> prevents superfluous ToMToU violations. Add corresponding LTP tests.
> Link:
> https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zo...@linux.ibm.com/
> Signed-off-by: Mimi Zohar
Unfortunately tests
Hi Mimi,
> Each time a file in policy, that is already opened for write, is opened
> for read an open-writers integrity violation audit message is emitted
> and a violation record is added to the IMA measurement list, even if an
> open-writers violation has already been recorded.
> Limit the numb
Hi Mimi,
LGTM.
Reviewed-by: Petr Vorel
Kind regards,
Petr
Hi Mimi,
> Hi Mimi,
> > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > prevents superfluous ToMToU violations. Add corresponding LTP tests.
> > Link:
> > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zo...@linux.ibm.com/
> > Signed-off-by: Mimi Zohar
Hi Mimi,
> Add support for the number of expected violations. Include the
> expected number of violations in the output.
> Signed-off-by: Mimi Zohar
> ---
> .../security/integrity/ima/tests/ima_violations.sh | 10 --
> 1 file changed, 8 insertions(+), 2 deletions(-)
> diff --git a
On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote:
> Hi Mimi,
>
> > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > prevents superfluous ToMToU violations. Add corresponding LTP tests.
>
> > Link:
> > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zo...
On 2/20/25 3:29 AM, Jarkko Sakkinen wrote:
On Wed, Feb 19, 2025 at 02:10:11PM -0600, Stuart Yoder wrote:
Refactor TPM idle check to tpm_crb_has_idle(), and reduce paraentheses
usage in start method checks
Signed-off-by: Stuart Yoder
---
drivers/char/tpm/tpm_crb.c | 36
On 2/20/25 3:28 AM, Jarkko Sakkinen wrote:
On Wed, Feb 19, 2025 at 02:10:10PM -0600, Stuart Yoder wrote:
The Arm specification TPM Service CRB over FF-A specification
defines the FF-A messages to interact with a CRB-based TPM
implemented as an FF-A secure partition.
Spec URL:
https://develope
Hi Mimi,
> Kernel patch "ima: limit the number of open-writers integrity
> violations" prevents superfluous "open-writers" violations. Add
> corresponding LTP tests.
> Link:
> https://lore.kernel.org/linux-integrity/20250219162131.416719-2-zo...@linux.ibm.com/
> Signed-off-by: Mimi Zohar
> ---
Dear Stuart,
Thank you for the patch. Should you respin, you could spell *clean up*
in the summary/title with a space.
The diff looks good.
Kind regards,
Paul
> On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote:
> > Hi Mimi,
> > > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > > prevents superfluous ToMToU violations. Add corresponding LTP tests.
> > > Link:
> > > https://lore.kernel.org/linux-integrity/20250219162131.416719
On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote:
> > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote:
> > > Hi Mimi,
>
> > > > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > > > prevents superfluous ToMToU violations. Add corresponding LTP tests.
>
> > > > Link:
Hi Petr,
On Thu, 2025-02-20 at 19:46 +0100, Petr Vorel wrote:
> Is it this considered as a security feature? If yes, than failures on vanilla
> kernel are ok, we just need to later add kernel hashes to let testers know
> about
> missing backports. If it's a feature (not to be backported) we shou
On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote:
> On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote:
> > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote:
> > > > Hi Mimi,
> >
> > > > > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > > > > prevents superfluous T
On Thu, 2025-02-20 at 13:04 -0600, Stuart Yoder wrote:
>
>
> On 2/20/25 3:29 AM, Jarkko Sakkinen wrote:
> > On Wed, Feb 19, 2025 at 02:10:11PM -0600, Stuart Yoder wrote:
> > > Refactor TPM idle check to tpm_crb_has_idle(), and reduce
> > > paraentheses
> > > usage in start method checks
> > >
>
On Thu, 2025-02-20 at 20:09 +0100, Paul Menzel wrote:
> Dear Stuart,
>
>
> Thank you for the patch. Should you respin, you could spell *clean
> up*
> in the summary/title with a space.
>
> The diff looks good.
>
>
> Kind regards,
>
> Paul
So for the sake of overall good it is better maybe t
> On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote:
> > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote:
> > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote:
> > > > > Hi Mimi,
> > > > > > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > > > > > prevents super
28 matches
Mail list logo
