On Thu, Feb 14, 2013 at 03:51:24PM -0500, Mimi Zohar wrote: > On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote: > > Hi, > > > > Currently ima appraises all the files as specified by the rule. > > Currently IMA appraises files based on policy.
And policy is composed of multiple rules. Ok, will change it. > > > So > > if one wants to create a system where only few executables are > > signed, that system will not work with IMA. > > This statement misrepresents the IMA policy. You can definitely define > a policy that only measures/appraises a few specific files. In your > usecase scenario, you are not willing to rely on LSM labels. Policy > rules can also be based on file owner. We could also add support for > gid. Ok, will change it. How about following. We want to create a system where only few executables are signed. This patch extends IMA policy syntax so that one can specify that signatures are optional. > > > With secureboot, one needs to disable kexec so that unsigned kernels > > can't be booted. To avoid this problem, it was proposed that sign > > /sbin/kexec binary and if signatures are verified successfully, give > > an special capability to the /sbin/kexec process. And in secureboot > > mode processes with that special capability can invoke sys_kexec() > > system call. > > Please add here that you then rely on /sbin/kexec to verify the > integrity of the kernel image. Ok, will do that. This is infact a grey area. Yet to be figured out how /sbin/kexec will ensure a signed kernel is being loaded. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
