On 16-08-10 14:40:13, David Laight wrote:
> From: Linuxppc-dev
> [mailto:linuxppc-dev-bounces+david.laight=aculab@lists.ozlabs.org] On
> Behalf Of
> > > > So given what you have above, you'd use something like:
> > > >
> > > > struct ima_kexec_hdr {
> > > > u16 version;
> > > >
On 16-08-10 08:54:36, Mimi Zohar wrote:
> On Wed, 2016-08-10 at 19:52 +1000, Michael Ellerman wrote:
> > Thiago Jung Bauermann writes:
> >
> > > Am Mittwoch, 10 August 2016, 13:41:08 schrieb Michael Ellerman:
> > >> Thiago Jung Bauermann
On 16-08-05 09:34:38, Mimi Zohar wrote:
> Hi Petko,
>
> Thank you for review!
>
> On Fri, 2016-08-05 at 11:44 +0300, Petko Manolov wrote:
> > On 16-08-04 08:24:29, Mimi Zohar wrote:
> > > The TPM PCRs are only reset on a hard reboot. In order to validate a
> &g
On 16-08-04 08:24:29, Mimi Zohar wrote:
> The TPM PCRs are only reset on a hard reboot. In order to validate a
> TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> of the running kernel must be saved and restored on boot. This patch
> restores the measurement list.
>
>
On 16-02-08 09:58:16, Dmitry Kasatkin wrote:
>
>
> From: Petko Manolov [pet...@mip-labs.com]
> Sent: Sunday, February 07, 2016 9:59 PM
> To: Mimi Zohar
> Cc: linux-security-mod...@vger.kernel.org; Luis R. Rodriguez;
> kexec@lists.infr
On 16-02-08 16:12:16, Mimi Zohar wrote:
> On Mon, 2016-02-08 at 10:45 +, Dmitry Kasatkin wrote:
>
> > > > @@ -286,9 +322,12 @@ static ssize_t ima_write_policy(struct file *file,
> > > > const char __user *buf,
> > > > result = mutex_lock_interruptible(_write_mutex);
> > > > if
On 16-02-03 14:06:30, Mimi Zohar wrote:
> Require the IMA policy to be signed when additional rules can be added.
>
> v1:
> - initialize the policy flag
> - include IMA_APPRAISE_POLICY in the policy flag
>
> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
A
On 16-02-03 14:06:29, Mimi Zohar wrote:
> Add support for measuring and appraising the IMA policy itself.
>
> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Petko Manolov <pet...@mip-labs.com>
> ---
> security/integrity/ima/ima.h| 2 +
On 16-02-03 14:06:28, Mimi Zohar wrote:
> From: Dmitry Kasatkin
>
> We currently cannot do appraisal or signature vetting of IMA policies
> since we currently can only load IMA policies by writing the contents
> of the policy directly in, as follows:
>
> cat policy-file
gt; };
>
> Option 3: incorportate the ima_hooks enumeration into kernel_read_file_id,
> perhaps changing the enumeration name.
>
> For now, duplicate the new READING_KEXEC_IMAGE/INITRAMFS in ima_hooks.
>
> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Option 3 seems
On 16-02-03 14:06:10, Mimi Zohar wrote:
> Define and call a function to display the "ima_hooks" rules.
>
> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Petko Manolov <pet...@mip-labs.com>
> ---
> sec
On 16-02-03 14:06:11, Mimi Zohar wrote:
> Cleanup the function arguments by using "ima_hooks" enumerator as needed.
>
> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Petko Manolov <pet...@mip-labs.com>
> ---
> secur
cache status with a generic one named read_file.
>
> This change simplifies adding support for other files read by the kernel.
>
> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Petko Manolov <pet...@mip-labs.com>
> ---
> security/integrity/iint.c
On 15-12-28 09:42:22, Mimi Zohar wrote:
> On Mon, 2015-12-28 at 16:29 +0200, Petko Manolov wrote:
> >
> > I kind of wonder isn't it possible to optimize the file read? If the file
> > is relatively small (a few megabytes, for example) it will fit into any
> > modern
On 15-12-28 07:51:15, Mimi Zohar wrote:
> On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote:
> > On 12/25/15 at 09:45am, Mimi Zohar wrote:
> > > IMA calculates the file hash, in this case, based on the buffer
> > > contents. The hash is calculated once and used for both measurement
> > > and
15 matches
Mail list logo