On Fri, Mar 15, 2013 at 5:41 PM, Vivek Goyal wrote:
> On Thu, Mar 14, 2013 at 11:08:45PM +0200, Kasatkin, Dmitry wrote:
>> On Thu, Mar 14, 2013 at 10:37 PM, Vivek Goyal wrote:
>> > On Thu, Mar 14, 2013 at 04:30:28PM -0400, Vivek Goyal wrote:
>> >
>> > [
On Thu, Mar 14, 2013 at 10:37 PM, Vivek Goyal wrote:
> On Thu, Mar 14, 2013 at 04:30:28PM -0400, Vivek Goyal wrote:
>
> [..]
>> I thought explicitly using signature format is more intutive. Exporting
>> signature version is not. I personally associate versioning with minor
>> changes like addition
On Thu, Mar 14, 2013 at 8:28 PM, Vivek Goyal wrote:
> Hi Dmitry/Mimi,
>
> Here is an RFC patch. I am playing with exporting some functions from
> ima/integrity and make reuse of IMA signature format and reuse of some
> of IMA verification code.
>
> One of the things required is that caller wants t
On Thu, Mar 7, 2013 at 11:56 PM, Vivek Goyal wrote:
> On Thu, Mar 07, 2013 at 07:53:50PM +0200, Kasatkin, Dmitry wrote:
>
> [..]
>
> Hi Dmitry,
>
>> Sorry if missed something from this lengthy thread and I repeat something.
>>
>> I have not noticed
On Thu, Mar 7, 2013 at 5:53 PM, Vivek Goyal wrote:
> On Thu, Mar 07, 2013 at 10:40:33AM -0500, Mimi Zohar wrote:
>> On Thu, 2013-03-07 at 09:36 -0500, Vivek Goyal wrote:
>> > On Wed, Mar 06, 2013 at 08:39:08PM -0500, Mimi Zohar wrote:
>> > > On Wed, 2013-03-06 at 18:55 -0500, Vivek Goyal wrote:
>>
On Tue, Mar 5, 2013 at 9:13 PM, Vivek Goyal wrote:
> On Thu, Feb 14, 2013 at 02:55:44PM -0500, Vivek Goyal wrote:
>> Currently ima appraises all the files as specified by the rule. So
>> if one wants to create a system where only few executables are
>> signed, that system will not work with IMA.
>
On Wed, Feb 27, 2013 at 11:21 AM, Kasatkin, Dmitry
wrote:
> On Wed, Feb 27, 2013 at 1:22 AM, Mimi Zohar wrote:
>> On Tue, 2013-02-26 at 20:34 +, Al Viro wrote:
>>> On Tue, Feb 26, 2013 at 02:32:08PM -0500, Mimi Zohar wrote:
>>> > Before anything gets access to
On Wed, Feb 27, 2013 at 1:22 AM, Mimi Zohar wrote:
> On Tue, 2013-02-26 at 20:34 +, Al Viro wrote:
>> On Tue, Feb 26, 2013 at 02:32:08PM -0500, Mimi Zohar wrote:
>> > Before anything gets access to the file, the file needs to be measured,
>> > appraised, and/or audited, based on policy. If IM
On Wed, Feb 20, 2013 at 11:27 PM, Mimi Zohar wrote:
> Hi Al,
>
> Are there any negative repercussions to temporarily removing the
> o_direct flag in order to calculate the file hash?
>
It looks to me that there should not be any problem to
setting/unsetting O_DIRECT flag.
This behavior is already
On Thu, Feb 14, 2013 at 9:05 PM, Vivek Goyal wrote:
> On Wed, Feb 13, 2013 at 11:07:49AM +0200, Dmitry Kasatkin wrote:
>> User space tools use getxattr() system call to read values of extended
>> attributes. getxattr() system call uses vfs_getattr(), which for "security."
>> namespace might get a
Hello,
Any comments about this patch and functionality?
Thanks,
Dmitry
On Wed, Feb 13, 2013 at 11:07 AM, Dmitry Kasatkin
wrote:
> User space tools use getxattr() system call to read values of extended
> attributes. getxattr() system call uses vfs_getattr(), which for "security."
> namespace mig
On Wed, Feb 13, 2013 at 7:51 PM, Vivek Goyal wrote:
> On Wed, Feb 13, 2013 at 07:33:13PM +0200, Kasatkin, Dmitry wrote:
>> On Wed, Feb 13, 2013 at 3:44 PM, Mimi Zohar wrote:
>> > On Wed, 2013-02-13 at 15:13 +0200, Kasatkin, Dmitry wrote:
>> >> On Wed, Feb 1
On Wed, Feb 13, 2013 at 3:44 PM, Mimi Zohar wrote:
> On Wed, 2013-02-13 at 15:13 +0200, Kasatkin, Dmitry wrote:
>> On Wed, Feb 13, 2013 at 2:56 PM, Mimi Zohar wrote:
>> > On Wed, 2013-02-13 at 14:31 +0200, Kasatkin, Dmitry wrote:
>> >> On Mon, Feb 11, 2013 a
On Wed, Feb 13, 2013 at 5:26 PM, Kasatkin, Dmitry
wrote:
> On Wed, Feb 13, 2013 at 4:38 PM, Vivek Goyal wrote:
>> On Wed, Feb 13, 2013 at 03:36:45PM +0200, Kasatkin, Dmitry wrote:
>>> It should not be the only line in the policy.
>>> Can you share full policy?
>&
On Wed, Feb 13, 2013 at 4:38 PM, Vivek Goyal wrote:
> On Wed, Feb 13, 2013 at 03:36:45PM +0200, Kasatkin, Dmitry wrote:
>> It should not be the only line in the policy.
>> Can you share full policy?
>
> I verified by putting some printk. There is only single rule in
> ima
It should not be the only line in the policy.
Can you share full policy?
Thanks,
Dmitry
On Wed, Feb 13, 2013 at 3:29 PM, Vivek Goyal wrote:
> On Wed, Feb 13, 2013 at 02:14:55PM +0200, Kasatkin, Dmitry wrote:
>> Hello Vivek,
>>
>> Can you please send to us how your IMA poli
On Wed, Feb 13, 2013 at 2:56 PM, Mimi Zohar wrote:
> On Wed, 2013-02-13 at 14:31 +0200, Kasatkin, Dmitry wrote:
>> On Mon, Feb 11, 2013 at 10:11 PM, Vivek Goyal wrote:
>
>> > @@ -158,7 +165,8 @@ int ima_appraise_measurement(int func, struct
>> &
On Mon, Feb 11, 2013 at 10:11 PM, Vivek Goyal wrote:
> appraise_type=imasig_optional will allow appraisal to pass even if no
> signatures are present on the file. If signatures are present, then it
> has to be valid digital signature, otherwise appraisal will fail.
>
> This can allow to selectivel
Hello Vivek,
Can you please send to us how your IMA policy looks like.
Thanks,
Dmitry
On Tue, Feb 12, 2013 at 8:57 PM, Vivek Goyal wrote:
> On Tue, Feb 12, 2013 at 01:52:03PM -0500, Vivek Goyal wrote:
>> On Tue, Feb 12, 2013 at 12:14:07PM -0500, Mimi Zohar wrote:
>>
>> [..]
>> > > > > --- a/sec
On Fri, Feb 8, 2013 at 5:49 PM, H. Peter Anvin wrote:
> Yes, but you can't umount rootfs.
But that was not a rootfs, but tmpfs/ramfs mounted to /root folder.
>
> "Kasatkin, Dmitry" wrote:
>
>>On Wed, Feb 6, 2013 at 6:41 PM, H. Peter Anvin wrote:
>>> T
>>
>> Dmitry,
>>
>> How do we make sure that this is the first call to user mode helpers. I
>> see that we first unpacked unsigned initramfs. Then after a while we
>> unpacked signed initramfs on /root and did a chroot. But now there is
>> a window before chroot, where kernel might call into /sbin/
252682623956
-/+ buffers/cache:29956405062960
Swap:0 0 0
The same happens also with tmpfs.
- Dmitry
> "Kasatkin, Dmitry" wrote:
>
>>On Wed, Feb 6, 2013 at 7:04 AM, H. Peter Anvin wrote:
>>> On 02/05/2013 02:09 PM, Kasatkin, Dmitr
On Thu, Feb 7, 2013 at 7:05 PM, Vivek Goyal wrote:
> On Tue, Feb 05, 2013 at 02:34:50PM +0200, Dmitry Kasatkin wrote:
>
> [..]
>> +static int __init load_initramfs(void)
>> +{
>> + static char *argv[] = { "pre-init", NULL, };
>> + extern char *envp_init[];
>> + int err;
>> +
>> + /
On Tue, Feb 5, 2013 at 7:16 PM, Kasatkin, Dmitry
wrote:
> On Tue, Feb 5, 2013 at 6:48 PM, Peter Jones wrote:
>> On Tue, Feb 05, 2013 at 02:34:49PM +0200, Dmitry Kasatkin wrote:
>>> Signed-off-by: Dmitry Kasatkin
>>> ---
>>> init/do_mounts.h |2 ++
&g
On Wed, Jan 30, 2013 at 12:32 PM, David Howells wrote:
> Kasatkin, Dmitry wrote:
>
>> What about the case when running from integrity protected initramfs?
>> Either embedded into the signed kernel, or verified by the boot loader.
>> In such case it is possible to assume
On Wed, Feb 6, 2013 at 7:04 AM, H. Peter Anvin wrote:
> On 02/05/2013 02:09 PM, Kasatkin, Dmitry wrote:
>>
>>
>> It should not be like that. Actually when pre-init exits, cleanup code
>> umount tmpfs, which in turn cleanups the RAM.
>>
>
> It doesn'
On Tue, Feb 5, 2013 at 10:36 PM, Peter Jones wrote:
> On Tue, Feb 05, 2013 at 02:34:50PM +0200, Dmitry Kasatkin wrote:
>
>> +static const char *secmnt = "/root";
>> +static const char *initramfs_img = "/initramfs-sig.img";
>> +
>> +static int __init load_image(const char *from)
>> +{
> ...
>> +
On Tue, Feb 5, 2013 at 8:03 PM, Peter Jones wrote:
> On Tue, Feb 05, 2013 at 02:34:50PM +0200, Dmitry Kasatkin wrote:
>> Often initramfs is (re)fabricated on the machine on which it runs.
>> In such cases it is impossible to sign initramfs image, because
>> private key is not supposed to be availa
On Tue, Feb 5, 2013 at 8:34 PM, Vivek Goyal wrote:
> On Tue, Feb 05, 2013 at 06:19:26PM +, Matthew Garrett wrote:
>> On Tue, Feb 05, 2013 at 02:34:50PM +0200, Dmitry Kasatkin wrote:
>>
>> > Digitally signed initramfs can be used to provide protected user-space
>> > environment for initializati
Hi Mikulas,
I made fixes based on your comments.
Can you think now about adding this target to the device-mapper tree,
may be with different name, though?
- Dmitry
On Tue, Jan 22, 2013 at 2:37 PM, Dmitry Kasatkin
wrote:
> Device-mapper "integrity" target provides transparent cryptographic integ
On Tue, Feb 5, 2013 at 6:48 PM, Peter Jones wrote:
> On Tue, Feb 05, 2013 at 02:34:49PM +0200, Dmitry Kasatkin wrote:
>> Signed-off-by: Dmitry Kasatkin
>> ---
>> init/do_mounts.h |2 ++
>> init/initramfs.c |2 +-
>> 2 files changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/init/
ble.
Should go to mainline as well.
I suggest to apply it and also couple of other patches I sent yesterday.
thanks.
- Dmitry
> On Wed, 30 Jan 2013, Kasatkin, Dmitry wrote:
>
>> On Fri, Jan 25, 2013 at 4:54 PM, Dmitry Kasatkin
>> wrote:
>> > From: YOSHIFUJI Hideaki
&g
On Fri, Jan 25, 2013 at 4:54 PM, Dmitry Kasatkin
wrote:
> From: YOSHIFUJI Hideaki
>
> digsig_verify_rsa() does not free kmalloc'ed buffer returned by
> mpi_get_buffer().
>
> Signed-off-by: YOSHIFUJI Hideaki
> Signed-off-by: Dmitry Kasatkin
> Cc: sta...@vger.kernel.org
> ---
> lib/digsig.c |
On Thu, Jan 17, 2013 at 8:04 PM, David Howells wrote:
> Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
> or had a cryptographic signature chain that led back to a trusted key the
> kernel already possessed.
>
> Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring w
On Mon, Jan 28, 2013 at 10:13 PM, Vivek Goyal wrote:
> On Mon, Jan 28, 2013 at 02:51:34PM -0500, Mimi Zohar wrote:
>> On Mon, 2013-01-28 at 13:52 -0500, Vivek Goyal wrote:
>> > On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
>> >
>> > [..]
&
On Mon, Jan 28, 2013 at 8:52 PM, Vivek Goyal wrote:
> On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
>
> [..]
>> > Ok. I am hoping that it will be more than the kernel command line we
>> > support. In the sense that for digital signatures one needs
On Mon, Jan 28, 2013 at 5:15 PM, Vivek Goyal wrote:
> On Mon, Jan 28, 2013 at 04:54:06PM +0200, Kasatkin, Dmitry wrote:
>> On Fri, Jan 25, 2013 at 11:01 PM, Vivek Goyal wrote:
>> > Hi,
>> >
>> > I am trying to read and understand IMA code. How does d
PI.
- Dmitry
>
> Thanks
> Vivek
>
> On Wed, Jan 23, 2013 at 11:03:39AM +0200, Kasatkin, Dmitry wrote:
>> On Wed, Jan 23, 2013 at 12:53 AM, Mimi Zohar
>> wrote:
>> > On Tue, 2013-01-15 at 12:34 +0200, Dmitry Kasatkin wrote:
>> >> Asymmetric keys we
On Wed, Jan 23, 2013 at 12:53 AM, Mimi Zohar wrote:
> On Tue, 2013-01-15 at 12:34 +0200, Dmitry Kasatkin wrote:
>> Asymmetric keys were introduced in linux-3.7 to verify the signature on
>> signed kernel modules. The asymmetric keys infrastructure abstracts the
>> signature verification from the
On Thu, Jan 17, 2013 at 10:55 PM, Vivek Goyal wrote:
> On Thu, Jan 17, 2013 at 03:33:47PM -0500, Frank Ch. Eigler wrote:
>> Vivek Goyal writes:
>>
>> > [...]
>> >> Can you please tell a bit more how this patch protect against direct
>> >> writing to the blocks?
>> >
>> > If you have loaded all th
On Thu, Jan 17, 2013 at 7:52 PM, David Howells wrote:
>
> Looks reasonable, I think, so you can add:
>
> Acked-by: David Howells
>
> David
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majo
Hello.
This is just a quick-patch for IMA to lock digitally signed binaries
in similar manner as the patch of this thread does...
No policy here. No optimization here. Just tests if binary has signature.
Rather simple.
- Dmitry
On Thu, Jan 17, 2013 at 7:01 PM, Kasatkin, Dmitry
wrote
commit f6bf2c4c0339dabac435f518bb1fcb617fdef8f1
Author: Dmitry Kasatkin
Date: Thu Jan 17 18:50:43 2013 +0200
ima: lock down memory if binary is digitally signed
This patch set a flag in the linux_binprm structure if binary is
digitally signed. The flag is used to lock down memory w
On Thu, Jan 17, 2013 at 5:18 PM, Vivek Goyal wrote:
> On Thu, Jan 17, 2013 at 04:58:02PM +0200, Kasatkin, Dmitry wrote:
>> On Wed, Jan 16, 2013 at 11:53 PM, Vivek Goyal wrote:
>> > On Wed, Jan 16, 2013 at 02:24:50PM -0500, Mimi Zohar wrote:
>> > [..]
>> >>
On Tue, Jan 15, 2013 at 11:34 PM, Vivek Goyal wrote:
> Hi,
>
> This is a very crude RFC for ELF executable signing and verification. This
> has been done along the lines of module signature verification.
>
> Why do we need it
> =
> With arrival of secureboot, sys_kexec() is deemed
On Thu, Jan 17, 2013 at 4:58 PM, Kasatkin, Dmitry
wrote:
> On Wed, Jan 16, 2013 at 11:53 PM, Vivek Goyal wrote:
>> On Wed, Jan 16, 2013 at 02:24:50PM -0500, Mimi Zohar wrote:
>> [..]
>>> > > Sorry, this is out of scope for IMA. Dmitry has looked into this, but
On Wed, Jan 16, 2013 at 11:53 PM, Vivek Goyal wrote:
> On Wed, Jan 16, 2013 at 02:24:50PM -0500, Mimi Zohar wrote:
> [..]
>> > > Sorry, this is out of scope for IMA. Dmitry has looked into this, but
>> > > I'm not sure where it stands at the moment.
>> >
>> > Ok, so that's one reason that why I w
On Wed, Jan 16, 2013 at 8:21 PM, Vivek Goyal wrote:
> On Wed, Jan 16, 2013 at 12:24:39PM -0500, Mimi Zohar wrote:
>> On Wed, 2013-01-16 at 10:54 -0500, Vivek Goyal wrote:
>> > On Wed, Jan 16, 2013 at 10:33:11AM -0500, Mimi Zohar wrote:
>> >
>> > [..]
>> > > > - Also I really could not figure out w
On Wed, Jan 16, 2013 at 5:54 PM, Vivek Goyal wrote:
> On Wed, Jan 16, 2013 at 10:33:11AM -0500, Mimi Zohar wrote:
>
> [..]
>> > - Also I really could not figure out where does the private signing key
>> > lives. I got the impression that we need to trust installer and
>> > signing somehow happ
Hello,
If there is no comments, what about applying the patch?
Regards,
Dmitry
On Wed, Dec 5, 2012 at 1:06 PM, Kasatkin, Dmitry
wrote:
> Hello,
>
> Any comments?
>
> - Dmitry
>
>
> On Mon, Nov 26, 2012 at 4:39 PM, Dmitry Kasatkin
> wrote:
>> Device-m
return false;
So 20k for 55 seconds can be multiplied roughly by the number of rules.
In fact earlier check for (inode->i_sb->s_feature_flags & SF_NOIMA)
only decreases
the total number of referencing.
- Dmitry
> On Tue, Dec 11, 2012 at 5:57 PM, Kasatkin, Dmitry
&g
On Tue, Dec 11, 2012 at 10:08 PM, Eric Paris wrote:
> S_PRIVATE is totally unacceptable as it has a meaning across all LSMs,
> not just IMA.
>
> S_NOSEC means 'this is not setuid or setgid and we don't need to do
> those checks on modify'
>
> You are going to need to use a S_NOIMA.
>
> Of Dmitry's
On Tue, Dec 11, 2012 at 8:35 PM, Linus Torvalds
wrote:
> On Tue, Dec 11, 2012 at 10:12 AM, Kasatkin, Dmitry
> wrote:
>>
>> Actually S_PRIVATE does not work work for normal filesystems which IMA
>> might want to ignore.
>
> The reading comprehension here is abysmal
On Tue, Dec 11, 2012 at 8:09 PM, Eric Paris wrote:
> On Tue, Dec 11, 2012 at 12:55 PM, Linus Torvalds
> wrote:
>
>> And your "pseudo-filesystems" argument is pretty stupid too, since WE
>> ALREADY HAVE A FLAG FOR THAT!
>>
>> Guess where it is? Oh, it's in the place I already mentioned makes
>> mo
On Tue, Dec 11, 2012 at 7:55 PM, Linus Torvalds
wrote:
> On Tue, Dec 11, 2012 at 9:40 AM, Kasatkin, Dmitry
> wrote:
>>>
>>> Quite frankly, this seems stupid.
>>
>> What exactly seems stupid here?
>
> What I said. Go back and read it. I gave three reaso
On Tue, Dec 11, 2012 at 7:55 PM, Linus Torvalds
wrote:
> On Tue, Dec 11, 2012 at 9:40 AM, Kasatkin, Dmitry
> wrote:
>>>
>>> Quite frankly, this seems stupid.
>>
>> What exactly seems stupid here?
>
> What I said. Go back and read it. I gave three reaso
On Tue, Dec 11, 2012 at 6:59 PM, Linus Torvalds
wrote:
> On Tue, Dec 11, 2012 at 6:08 AM, Mimi Zohar wrote:
>> On Tue, 2012-12-11 at 14:51 +0200, Kasatkin, Dmitry wrote:
>>> >>
>>> >> Two months ago I was asking about it on mailing lists.
>>&g
Hello Linus,
Can you please comment on the feature flag in this patchset?
Thanks,
Dmitry
On Tue, Nov 27, 2012 at 3:42 PM, Kasatkin, Dmitry
wrote:
> Hello,
>
> Any thoughts about this proposal?
>
> - Dmitry
>
> On Thu, Nov 22, 2012 at 11:54 PM, Dmitry Kasatkin
> wrote:
Hello,
Any comments?
- Dmitry
On Mon, Nov 26, 2012 at 4:39 PM, Dmitry Kasatkin
wrote:
> Device-mapper "integrity" target provides transparent cryptographic integrity
> protection of the underlying read-write block device using hash-based message
> authentication codes (HMACs). HMACs can be sto
Hello,
Any thoughts about this proposal?
- Dmitry
On Thu, Nov 22, 2012 at 11:54 PM, Dmitry Kasatkin
wrote:
> Hello,
>
> Here is two patches for policy search speedup.
>
> First patch adds additional features flags to superblock.
> Second - implementation for IMA.
>
> Two months ago I was asking
On Thu, Oct 4, 2012 at 2:22 AM, Rusty Russell wrote:
> David Howells writes:
>
>> Rusty Russell wrote:
>>
>>> Right. I think we need to use different names for generated vs supplied
>>> files
>>
>> The problem with supplied files is people who do allyesconfig, allmodconfig
>> and randconfig jus
Hello,
On Fri, Oct 5, 2012 at 4:47 AM, Rusty Russell wrote:
>
> Hi all,
>
> Had a talk with Mimi, and IMA still wants xattr signatures on
> modules like they have for other files with EVM. With Kees' patches now
> merged into my modules-wip branch (warning, rebases frequently), this
> sh
Hello David,
As I can see API has changed towards our discussion on KS.
Now digest can be supplied to the verify_signature in a
public_key_signature argument.
It looks that in such away we can use this API for IMA/EVM as well.
Just one question about key description...
request_asymmetric_key uses
On Tue, Sep 25, 2012 at 3:15 PM, Milan Broz wrote:
>
> On 09/24/2012 06:20 PM, Kasatkin, Dmitry wrote:
>
>>> So it can provide confidentiality but it CANNOT provide integrity
>>> protection.
>>>
>> Yes, it provides confidentiality and via encryption
On Mon, Sep 24, 2012 at 4:47 PM, Milan Broz wrote:
> On 09/24/2012 11:55 AM, Dmitry Kasatkin wrote:
>> Both dm-verity and dm-crypt provide block level integrity protection.
>
> This is not correct. dm-crypt is transparent block encryption target,
> where always size of plaintext == size of ciphert
On Wed, Sep 19, 2012 at 7:46 AM, Al Viro wrote:
> On Wed, Sep 19, 2012 at 02:21:56PM +1000, James Morris wrote:
>> On Tue, 18 Sep 2012, Kasatkin, Dmitry wrote:
>>
>> > I looked to and found that there is a possibility to to
>> > add additional flag
On Wed, Sep 19, 2012 at 7:21 AM, James Morris wrote:
> On Tue, 18 Sep 2012, Kasatkin, Dmitry wrote:
>
>> I looked to and found that there is a possibility to to
>> add additional flag for sb->s_flags.
>> For example
>>
>> #define MS_NOT_IMA
On Thu, Sep 13, 2012 at 7:53 AM, James Morris wrote:
> On Thu, 13 Sep 2012, Linus Torvalds wrote:
>
>> On Wed, Sep 12, 2012 at 6:22 PM, Kasatkin, Dmitry
>> wrote:
>> >
>> > But I will re-send updated patch in a moment.
>>
>> Ok, I took that up
O
On Thu, Sep 13, 2012 at 8:14 AM, James Morris wrote:
> On Mon, 10 Sep 2012, Kasatkin, Dmitry wrote:
>
>> > Signed-off-by: David Howells
>> > Cc: David S. Miller
>> > Cc: Dmitry Kasatkin
>> > Cc: Arnd Bergmann
>>
>> Hi James,
>>
On Wed, Sep 12, 2012 at 8:38 AM, Linus Torvalds
wrote:
> On Wed, Sep 12, 2012 at 11:34 AM, James Morris wrote:
>>
>> - if (!err && len == hlen)
>> - err = memcmp(out2, h, hlen);
>> + if (err || len != hlen) {
>> + err = -EINVAL;
>> + goto err;
On Thu, Aug 16, 2012 at 4:34 AM, David Howells wrote:
> Provide count_leading/trailing_zeros() macros based on extant arch bit
> scanning
> functions rather than reimplementing from scratch in MPILIB.
>
> Whilst we're at it, turn count_foo_zeros(n, x) into n = count_foo_zeros(x).
>
> Also move th
On Wed, Sep 5, 2012 at 1:51 AM, David Howells wrote:
> Lucas De Marchi wrote:
>
>> Or let the magic string as the last thing in the module and store the
>> signature length, too. In this case no scanning is needed
>
> Indeed. This is the better way.
>
> The main problem is rendering the length f
On Tue, Sep 4, 2012 at 5:25 PM, Lucas De Marchi
wrote:
> Hi Rusty,
>
> On Tue, Sep 4, 2012 at 2:55 AM, Rusty Russell wrote:
>> OK, I took a look at the module.c parts of David and Dmitry's patchsets,
>> and didn't really like either, but I stole parts of David's to make
>> this.
>>
>> So, here's
On Tue, Sep 4, 2012 at 3:07 PM, Kasatkin, Dmitry
wrote:
> Hi,
>
> Please read bellow...
>
> On Tue, Sep 4, 2012 at 8:55 AM, Rusty Russell wrote:
>> OK, I took a look at the module.c parts of David and Dmitry's patchsets,
>> and didn't really like either,
Hi,
Please read bellow...
On Tue, Sep 4, 2012 at 8:55 AM, Rusty Russell wrote:
> OK, I took a look at the module.c parts of David and Dmitry's patchsets,
> and didn't really like either, but I stole parts of David's to make
> this.
>
> So, here's the module.c part of module signing. I hope you
On Mon, Aug 20, 2012 at 5:59 AM, Rusty Russell wrote:
> On Wed, 15 Aug 2012 21:43:06 +0300, Dmitry Kasatkin
> wrote:
>> + } else {
>> + struct {
>> + struct shash_desc shash;
>> + char ctx[crypto_shash_descsize(tfm)];
>> + } des
Hi David,
Yes, I will be also attending LSS and would like to visit KS discussion as well.
Hope Rusty will send a schedule soon...
Regards,
Dmitry
On Wed, Aug 22, 2012 at 1:50 PM, David Howells wrote:
> Rusty Russell wrote:
>
>> > I've posted new versions of my module signing patches to my GI
On Thu, Aug 16, 2012 at 10:28 PM, Mimi Zohar wrote:
> On Thu, 2012-08-16 at 14:37 -0400, Josh Boyer wrote:
>> On Wed, Aug 15, 2012 at 2:43 PM, Dmitry Kasatkin
>> wrote:
>> > From: Mimi Zohar
>> >
>> > Create and initialize a keyring with the builtin public key. This could
>> > be an ephemeral ke
On Thu, Aug 16, 2012 at 12:13 AM, Kasatkin, Dmitry
wrote:
> On Wed, Aug 15, 2012 at 11:16 PM, Serge Hallyn
> wrote:
>> Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
>>> IMA measures/appraises modules when modprobe or insmod opens and read them.
>>> Unfortun
On Thu, Aug 16, 2012 at 9:37 PM, Josh Boyer wrote:
> On Wed, Aug 15, 2012 at 2:43 PM, Dmitry Kasatkin
> wrote:
>> From: Mimi Zohar
>>
>> Create and initialize a keyring with the builtin public key. This could
>> be an ephemeral key, created and destroyed during module install for
>> custom built
On Thu, Aug 16, 2012 at 11:31 PM, Josh Boyer wrote:
> On Thu, Aug 16, 2012 at 4:12 PM, Kasatkin, Dmitry
> wrote:
>>>> 1. signed_modules_install
>>>> This target creates an ephemeral key pair, signs the kernel modules with
>>>> the private key, destroys
On Thu, Aug 16, 2012 at 12:11 AM, Kasatkin, Dmitry
wrote:
> On Wed, Aug 15, 2012 at 11:11 PM, Serge Hallyn
> wrote:
>> Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
>>> There are several functions, that need to calculate digest.
>>> This patch adds common
On Thu, Aug 16, 2012 at 10:10 PM, Josh Boyer wrote:
> On Wed, Aug 15, 2012 at 2:43 PM, Dmitry Kasatkin
> wrote:
>> This patch adds build rules and scripts to generate keys and sign modules.
>>
>> Two scripts has been added. genkey.sh is used to generate private and
>> public keys. ksign.sh is use
On Thu, Aug 16, 2012 at 9:49 PM, Josh Boyer wrote:
> On Wed, Aug 15, 2012 at 2:43 PM, Dmitry Kasatkin
> wrote:
>> @@ -2437,6 +2438,14 @@ static int copy_and_check(struct load_info *info,
>>
>> info->hdr = hdr;
>> info->len = len;
>> +
>> + err = integrity_module_check(hdr, l
On Wed, Aug 15, 2012 at 11:16 PM, Serge Hallyn
wrote:
> Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
>> IMA measures/appraises modules when modprobe or insmod opens and read them.
>> Unfortunately, there are no guarantees between what is read by userspace and
>> what is passed to the kerne
On Wed, Aug 15, 2012 at 11:11 PM, Serge Hallyn
wrote:
> Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
>> There are several functions, that need to calculate digest.
>> This patch adds common function for use by integrity subsystem.
>>
>> Signed-off-by: Dmitry Kasatkin
>> ---
>> security/i
86 matches
Mail list logo