On 8/12/2020 7:18 AM, Chuck Lever wrote:
On Aug 11, 2020, at 5:03 PM, James Morris wrote:
On Sat, 8 Aug 2020, Chuck Lever wrote:
My interest is in code integrity enforcement for executables stored
in NFS files.
My struggle with IPE is that due to its dependence on dm-verity, it
does no
On Wed, 2020-08-12 at 09:56 -0400, Chuck Lever wrote:
> > On Aug 11, 2020, at 2:28 PM, James Bottomley > nPartnership.com> wrote:
> >
> > On Tue, 2020-08-11 at 10:48 -0400, Chuck Lever wrote:
> > > Mimi's earlier point is that any IMA metadata format that
> > > involves unsigned digests is expose
On Wed, 2020-08-12 at 10:15 -0400, Chuck Lever wrote:
> > On Aug 11, 2020, at 11:53 AM, James Bottomley
> > wrote:
> >
> > On Tue, 2020-08-11 at 10:48 -0400, Chuck Lever wrote:
[...]
> > > >
> > > > and what is nice to have to speed up the verification
> > > > process. The choice for the latter
> On Aug 11, 2020, at 11:32 AM, James Bottomley
> wrote:
>
> On Tue, 2020-08-11 at 10:48 -0400, Chuck Lever wrote:
>>> On Aug 11, 2020, at 1:43 AM, James Bottomley
>>> wrote:
>>> On Mon, 2020-08-10 at 19:36 -0400, Chuck Lever wrote:
> [...]
Thanks for the help! I just want to emphasize
> On Aug 11, 2020, at 5:03 PM, James Morris wrote:
>
> On Sat, 8 Aug 2020, Chuck Lever wrote:
>
>> My interest is in code integrity enforcement for executables stored
>> in NFS files.
>>
>> My struggle with IPE is that due to its dependence on dm-verity, it
>> does not seem to able to protec
> On Aug 11, 2020, at 11:53 AM, James Bottomley
> wrote:
>
> On Tue, 2020-08-11 at 10:48 -0400, Chuck Lever wrote:
>>> On Aug 11, 2020, at 1:43 AM, James Bottomley >> nPartnership.com> wrote:
>>>
>>> On Mon, 2020-08-10 at 19:36 -0400, Chuck Lever wrote:
> On Aug 10, 2020, at 11:35 AM, Ja
> On Aug 11, 2020, at 2:28 PM, James Bottomley
> wrote:
>
> On Tue, 2020-08-11 at 10:48 -0400, Chuck Lever wrote:
>> Mimi's earlier point is that any IMA metadata format that involves
>> unsigned digests is exposed to an alteration attack at rest or in
>> transit, thus will not provide a robu