Re: [PATCHv3 1/6] integrity: define '.evm' as a builtin 'trusted' keyring

On Fri, 2015-10-23 at 16:05 +0300, Petko Manolov wrote: > On 15-10-22 21:49:25, Dmitry Kasatkin wrote: > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > > index df30334..a292b88 100644 > > --- a/security/integrity/ima/Kconfig > > +++

Re: [PATCH v4 1/3] Enable multiple writes to the IMA policy;

On 15-10-22 22:15:30, Dmitry Kasatkin wrote: > Hi Petko, > > I have a question > > On Fri, Oct 16, 2015 at 10:31 PM, Petko Manolov wrote: > > IMA policy can now be updated multiple times. The new rules get appended > > to the original policy. Have in mind that the

RE: [PATCHv3 1/6] integrity: define '.evm' as a builtin 'trusted' keyring

From: Petko Manolov [pet...@mip-labs.com] Sent: Friday, October 23, 2015 4:05 PM To: Dmitry Kasatkin Cc: zo...@linux.vnet.ibm.com; linux-ima-de...@lists.sourceforge.net; linux-security-module@vger.kernel.org; linux-ker...@vger.kernel.org; Dmitry Kasatkin

Re: [PATCH v4 1/3] Enable multiple writes to the IMA policy;

On Fri, Oct 23, 2015 at 3:29 PM, Petko Manolov wrote: > On 15-10-22 22:15:30, Dmitry Kasatkin wrote: >> Hi Petko, >> >> I have a question >> >> On Fri, Oct 16, 2015 at 10:31 PM, Petko Manolov wrote: >> > IMA policy can now be updated multiple times.

Re: [PATCHv3 4/6] evm: provide a function to set EVM key from the kernel

On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote: > Crypto HW kernel module can possibly initialize EVM key from the > kernel __init code to enable EVM before calling 'init' process. > This patch provide a function evm_set_key() which can be used to > set custom key directly to EVM without