Re: [PATCH 0/3] support for duplicate measurement of integrity critical data

2021-02-09 Thread Tushar Sugandhi
On 2021-02-09 10:53 a.m., Mimi Zohar wrote: On Tue, 2021-02-09 at 10:23 -0800, Tushar Sugandhi wrote: On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote: On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote: IMA does not measure duplicate buffer data since TPM extend is a very expensiv

Re: [PATCH 0/3] support for duplicate measurement of integrity critical data

2021-02-09 Thread Mimi Zohar
On Tue, 2021-02-09 at 10:23 -0800, Tushar Sugandhi wrote: > > On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote: > >> On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote: > >>> IMA does not measure duplicate buffer data since TPM extend is a very > >>> expensive operation. However, in some

Re: [PATCH 0/3] support for duplicate measurement of integrity critical data

2021-02-09 Thread Tushar Sugandhi
Thank you Mimi for reviewing this series. On 2021-02-08 1:10 p.m., Mimi Zohar wrote: Hi Tushar, On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote: On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote: IMA does not measure duplicate buffer data since TPM extend is a very expensive opera

Re: [PATCH 0/3] support for duplicate measurement of integrity critical data

2021-02-08 Thread Mimi Zohar
Hi Tushar, On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote: > On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote: > > IMA does not measure duplicate buffer data since TPM extend is a very > > expensive operation. However, in some cases for integrity critical > > data, the measurement o

Re: [PATCH 0/3] support for duplicate measurement of integrity critical data

2021-02-08 Thread Mimi Zohar
Hi Tushar, On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote: > IMA does not measure duplicate buffer data since TPM extend is a very > expensive operation. However, in some cases for integrity critical > data, the measurement of duplicate data is necessary to accurately > determine the cu

[PATCH 0/3] support for duplicate measurement of integrity critical data

2021-01-30 Thread Tushar Sugandhi
IMA does not measure duplicate buffer data since TPM extend is a very expensive operation. However, in some cases for integrity critical data, the measurement of duplicate data is necessary to accurately determine the current state of the system. Eg, SELinux state changing from 'audit', to 'enfor