Re: [PATCH v1] sefltest/ima: support appended signatures (modsig)

2019-08-28 Thread Mimi Zohar
On Wed, 2019-08-28 at 20:38 -0300, Thiago Jung Bauermann wrote: > Hello Mimi, > > Mimi Zohar writes: > > > In addition to the PE/COFF and IMA xattr signatures, the kexec kernel > > image can be signed with an appended signature, using the same > > scripts/sign-file tool that is used to sign kern

Re: [PATCH v1] sefltest/ima: support appended signatures (modsig)

2019-08-28 Thread Thiago Jung Bauermann
Hello Mimi, Mimi Zohar writes: > In addition to the PE/COFF and IMA xattr signatures, the kexec kernel > image can be signed with an appended signature, using the same > scripts/sign-file tool that is used to sign kernel modules. > > This patch adds support for detecting a kernel image signed

Re: [PATCH v1] sefltest/ima: support appended signatures (modsig)

2019-08-28 Thread Mimi Zohar
On Wed, 2019-08-28 at 09:53 -0600, shuah wrote: > On 8/28/19 9:14 AM, Mimi Zohar wrote: > > In addition to the PE/COFF and IMA xattr signatures, the kexec kernel > > image can be signed with an appended signature, using the same > > scripts/sign-file tool that is used to sign kernel modules. > > >

Re: [PATCH v1] sefltest/ima: support appended signatures (modsig)

2019-08-28 Thread shuah
On 8/28/19 9:14 AM, Mimi Zohar wrote: In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image can be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules. This patch adds support for detecting a kernel image signed with

[PATCH v1] sefltest/ima: support appended signatures (modsig)

2019-08-28 Thread Mimi Zohar
In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image can be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules. This patch adds support for detecting a kernel image signed with an appended signature and updates the ex