> On Thu, 2015-05-07 at 15:50 +0200, Zbigniew Jasiński wrote:
> > 'ima_appraise_tcb' is default appraise policy. All files with 'root'
> > as owner are appraised. It can lock your system if hashes/signatures
> > differs.
>
> This only seems useful for read-only root file systems. As soon as root
> processes need to rewrite files, they'll run into problems. Not wrong per-se,
> but not exactly obvious from the available documentation.
>
Well, yes and no. Mostly yes.
It's the most useful case scenario for read-only file systems. But I can
imagine scenario in multi-user platform where each user has his own private
key, of course protected with password. For each change in protected files
(documents?) one would be asked for a password for re-signing files. Besides
how annoying it could be - it's possible.
Tizen Wiki was to be only use-case scenario. We focused on 'how to run IMA/EVM
on tizen platform' rather than 'how integrity works'.
Of course your feedback is valuable and I will edit Wiki to make it more
self-explanatory.
>
> My hypothesis is that EVM is active, but fails to initialize properly
> ("evm: init_desc failed"), and thus gets in the way. I would test that
> hypothesis if I knew how to turn it off - I can try by compiling it out of the
> kernel, but is that really the only option?
>
Without our patches I think it's only option.
> > If you add/modify file to protected system in which you use digital
> > signatures you need to provide private key for that.
>
> I'm unsure about this part here. How do I tell the kernel for ima_appraise=fix
> which private key it is meant to use?
>
If you use only hashes for IMA you don't need key at all. If you use digital
signatures I think you need to manually recalculate them.
You need to add encrypted key (or trusted if used with TPM) to the kernel
keyring for EVM.
Regards
Zbigniew Jasinski
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
