From: Alasdair G Kergon <agk@redhat.com>
To: Thore Sommer <public@thson.de>
Cc: tusharsu@linux.microsoft.com, agk@redhat.com,
dm-devel@redhat.com, linux-integrity@vger.kernel.org,
nramas@linux.microsoft.com, snitzer@redhat.com,
zohar@linux.ibm.com
Subject: Re: [dm-devel] [PATCH 0/7] device mapper target measurements using IMA
Date: Tue, 27 Jul 2021 21:33:37 +0100 [thread overview]
Message-ID: <20210727203337.GA81220@agk-cloud1.hosts.prod.upshift.rdu2.redhat.com> (raw)
In-Reply-To: <20210727101802.779067-1-public@thson.de>
On Tue, Jul 27, 2021 at 12:18:02PM +0200, Thore Sommer wrote:
> No new IMA measurement is generated if dm-verity verification fails. This is
> unfortunate because to make the dm-verity measurements useful we need to be
> notified when hash_failed is set to true. We will need something like
> "device_update" where we remeasure the device state if it has changed.
Measurements in the current patchset are only triggered by ioctl calls
initiated by userspace.
Having other triggering mechanisms - such as hooking into internal
events when something unexpected happens - could be considered for
follow-on patches.
> Creating a dm-verity device with mount then removing it and now if you create it
> again no measurement is generated. Is that the expected behavior?
Each of the relevant dm ioctls should be logged separately each time. If that's
not happening it might need fixing.
> Is there a reason that suspend is not measured?
A suspend doesn't change the configuration so falls outside the criteria
for this patch set. (If there is some need for it, it would be covered
by the need to measure internal events that I mentioned above.)
> What can happen in between a "table_load" and "device_resume" that is security
> relevant?
The table prepared by the load can be cleared. That would change the
effect of the resume.
> Not directly device mapper related, but it would be nice to also measure the
> mount points and a mapping to the device IDs.
Again, that would be for future patches building on these ones.
Alasdair
WARNING: multiple messages have this Message-ID (diff)
From: Alasdair G Kergon <agk@redhat.com>
To: Thore Sommer <public@thson.de>
Cc: snitzer@redhat.com, zohar@linux.ibm.com,
nramas@linux.microsoft.com, dm-devel@redhat.com,
tusharsu@linux.microsoft.com, linux-integrity@vger.kernel.org,
agk@redhat.com
Subject: Re: [dm-devel] [PATCH 0/7] device mapper target measurements using IMA
Date: Tue, 27 Jul 2021 21:33:37 +0100 [thread overview]
Message-ID: <20210727203337.GA81220@agk-cloud1.hosts.prod.upshift.rdu2.redhat.com> (raw)
In-Reply-To: <20210727101802.779067-1-public@thson.de>
On Tue, Jul 27, 2021 at 12:18:02PM +0200, Thore Sommer wrote:
> No new IMA measurement is generated if dm-verity verification fails. This is
> unfortunate because to make the dm-verity measurements useful we need to be
> notified when hash_failed is set to true. We will need something like
> "device_update" where we remeasure the device state if it has changed.
Measurements in the current patchset are only triggered by ioctl calls
initiated by userspace.
Having other triggering mechanisms - such as hooking into internal
events when something unexpected happens - could be considered for
follow-on patches.
> Creating a dm-verity device with mount then removing it and now if you create it
> again no measurement is generated. Is that the expected behavior?
Each of the relevant dm ioctls should be logged separately each time. If that's
not happening it might need fixing.
> Is there a reason that suspend is not measured?
A suspend doesn't change the configuration so falls outside the criteria
for this patch set. (If there is some need for it, it would be covered
by the need to measure internal events that I mentioned above.)
> What can happen in between a "table_load" and "device_resume" that is security
> relevant?
The table prepared by the load can be cleared. That would change the
effect of the resume.
> Not directly device mapper related, but it would be nice to also measure the
> mount points and a mapping to the device IDs.
Again, that would be for future patches building on these ones.
Alasdair
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2021-07-27 20:33 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-13 0:48 [PATCH 0/7] device mapper target measurements using IMA Tushar Sugandhi
2021-07-13 0:48 ` [dm-devel] " Tushar Sugandhi
2021-07-13 0:48 ` [PATCH 1/7] dm: measure data on table load Tushar Sugandhi
2021-07-13 0:48 ` [dm-devel] " Tushar Sugandhi
2021-07-21 2:12 ` Mimi Zohar
2021-07-21 2:12 ` [dm-devel] " Mimi Zohar
2021-07-21 15:42 ` Mike Snitzer
2021-07-21 15:42 ` [dm-devel] " Mike Snitzer
2021-07-21 16:07 ` Mimi Zohar
2021-07-21 16:07 ` [dm-devel] " Mimi Zohar
2021-07-21 21:17 ` Mimi Zohar
2021-07-21 21:17 ` [dm-devel] " Mimi Zohar
2021-07-29 19:58 ` Tushar Sugandhi
2021-07-29 19:58 ` [dm-devel] " Tushar Sugandhi
2021-07-13 0:48 ` [PATCH 2/7] dm: measure data on device resume Tushar Sugandhi
2021-07-13 0:48 ` [dm-devel] " Tushar Sugandhi
2021-07-13 0:49 ` [PATCH 3/7] dm: measure data on device remove Tushar Sugandhi
2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi
2021-07-13 0:49 ` [PATCH 4/7] dm: measure data on table clear Tushar Sugandhi
2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi
2021-07-13 0:49 ` [PATCH 5/7] dm: measure data on device rename Tushar Sugandhi
2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi
2021-07-13 0:49 ` [PATCH 6/7] dm: update target specific status functions to measure data Tushar Sugandhi
2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi
2021-07-13 1:06 ` Alasdair G Kergon
2021-07-13 1:06 ` [dm-devel] " Alasdair G Kergon
2021-07-14 20:23 ` Tushar Sugandhi
2021-07-14 20:23 ` [dm-devel] " Tushar Sugandhi
2021-07-13 0:49 ` [PATCH 7/7] dm: add documentation for IMA measurement support Tushar Sugandhi
2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi
2021-07-21 2:33 ` Mimi Zohar
2021-07-21 2:33 ` [dm-devel] " Mimi Zohar
2021-07-24 7:25 ` Tushar Sugandhi
2021-07-24 7:25 ` [dm-devel] " Tushar Sugandhi
2021-07-26 16:33 ` Mimi Zohar
2021-07-26 16:33 ` [dm-devel] " Mimi Zohar
2021-07-26 18:28 ` Tushar Sugandhi
2021-07-26 18:28 ` [dm-devel] " Tushar Sugandhi
2021-07-14 11:32 ` [dm-devel] [PATCH 0/7] device mapper target measurements using IMA Thore Sommer
2021-07-14 11:32 ` Thore Sommer
2021-07-14 20:20 ` Tushar Sugandhi
2021-07-14 20:20 ` Tushar Sugandhi
2021-07-27 10:18 ` Thore Sommer
2021-07-27 10:18 ` Thore Sommer
2021-07-27 20:33 ` Alasdair G Kergon [this message]
2021-07-27 20:33 ` Alasdair G Kergon
2021-07-28 3:10 ` Tushar Sugandhi
2021-07-28 3:10 ` Tushar Sugandhi
2021-07-28 17:14 ` Thore Sommer
2021-07-28 17:14 ` Thore Sommer
2021-07-29 17:32 ` Tushar Sugandhi
2021-07-29 17:32 ` Tushar Sugandhi
2021-07-28 17:34 ` Thore Sommer
2021-07-28 17:34 ` Thore Sommer
2021-07-28 21:33 ` Alasdair G Kergon
2021-07-28 21:33 ` Alasdair G Kergon
2021-08-02 10:45 ` Thore Sommer
2021-08-02 10:45 ` Thore Sommer
2021-07-29 19:24 ` Tushar Sugandhi
2021-07-29 19:24 ` Tushar Sugandhi
2021-08-02 10:38 ` Thore Sommer
2021-08-02 10:38 ` Thore Sommer
2021-07-20 21:27 ` Mike Snitzer
2021-07-20 21:27 ` [dm-devel] " Mike Snitzer
2021-07-24 6:57 ` Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210727203337.GA81220@agk-cloud1.hosts.prod.upshift.rdu2.redhat.com \
--to=agk@redhat.com \
--cc=dm-devel@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=public@thson.de \
--cc=snitzer@redhat.com \
--cc=tusharsu@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.