From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: Mimi Zohar <zohar@linux.ibm.com>, Petr Vorel <pvorel@suse.cz>,
ltp@lists.linux.it
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com,
linux-integrity@vger.kernel.org, dm-devel@redhat.com
Subject: Re: [PATCH v3 0/2] IMA: Add test for dm-crypt measurement
Date: Tue, 23 Feb 2021 17:27:09 -0800 [thread overview]
Message-ID: <e8232b66-8081-090e-4e26-0e1d2544e752@linux.microsoft.com> (raw)
In-Reply-To: <0a25f4b7ed53566b13211d5aeea18e7f13f12bd7.camel@linux.ibm.com>
Hi Petr,
On 2021-02-23 4:43 p.m., Mimi Zohar wrote:
> Hi Petr,
>
> On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote:
>> Hi!
>>
>> I updated Tushar's patchset to speedup things.
>>
Thank you. :)
>> Changes v2->v3
>> * rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/
>> * move tst_res TPASS/TFAIL into test_policy_measurement()
>> * drop template=ima-buf (see Lakshmi's patch [1] and discussion about
>> it, it will be removed from ima_keys.sh as well)
Makes sense.
>> * moved ima_dm_crypt.sh specific changes to second commit
>> * further API and style related cleanup
>>
>> Could you please check this patchset?
I reviewed the patchset.
Patch 1 looks ok. (generalize key measurement tests)
Patch 2 won't work as is, since the dm kernel code is not upstreamed
yet. (see my comments below for more context)
>
> I'm not sure about the status of the associated IMA dm-crypt kernel
> patch set. It hasn't even been reviewed, definitely not upstreamed.
> I would hold off on upstreaming the associated ltp test.
>
That is correct.
The device mapper measurement work is being revisited - to cover aspects
like more DM targets (not just dm-crypt), better memory management, more
relevant attributes from the DM targets, other corner cases etc.
Therefore, even though the first patch of the series "generalize key
measurement tests", would be useful for other tests; I will have to
revisit the second patch, "dm-crypt measurements", to address the
DM side changes I mentioned above.
To summarize,
- you may upstream the first patch (generalizing the key
measurements). It would be useful for us while writing more tests in
this space.
- but please hold off upstreaming the second patch (dm-crypt test)
as Mimi has suggested.
Thanks,
Tushar
> thanks,
>
> Mimi
>
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: Mimi Zohar <zohar@linux.ibm.com>, Petr Vorel <pvorel@suse.cz>,
ltp@lists.linux.it
Cc: snitzer@redhat.com,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
dm-devel@redhat.com, linux-integrity@vger.kernel.org,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
gmazyland@gmail.com, agk@redhat.com
Subject: Re: [dm-devel] [PATCH v3 0/2] IMA: Add test for dm-crypt measurement
Date: Tue, 23 Feb 2021 17:27:09 -0800 [thread overview]
Message-ID: <e8232b66-8081-090e-4e26-0e1d2544e752@linux.microsoft.com> (raw)
In-Reply-To: <0a25f4b7ed53566b13211d5aeea18e7f13f12bd7.camel@linux.ibm.com>
Hi Petr,
On 2021-02-23 4:43 p.m., Mimi Zohar wrote:
> Hi Petr,
>
> On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote:
>> Hi!
>>
>> I updated Tushar's patchset to speedup things.
>>
Thank you. :)
>> Changes v2->v3
>> * rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/
>> * move tst_res TPASS/TFAIL into test_policy_measurement()
>> * drop template=ima-buf (see Lakshmi's patch [1] and discussion about
>> it, it will be removed from ima_keys.sh as well)
Makes sense.
>> * moved ima_dm_crypt.sh specific changes to second commit
>> * further API and style related cleanup
>>
>> Could you please check this patchset?
I reviewed the patchset.
Patch 1 looks ok. (generalize key measurement tests)
Patch 2 won't work as is, since the dm kernel code is not upstreamed
yet. (see my comments below for more context)
>
> I'm not sure about the status of the associated IMA dm-crypt kernel
> patch set. It hasn't even been reviewed, definitely not upstreamed.
> I would hold off on upstreaming the associated ltp test.
>
That is correct.
The device mapper measurement work is being revisited - to cover aspects
like more DM targets (not just dm-crypt), better memory management, more
relevant attributes from the DM targets, other corner cases etc.
Therefore, even though the first patch of the series "generalize key
measurement tests", would be useful for other tests; I will have to
revisit the second patch, "dm-crypt measurements", to address the
DM side changes I mentioned above.
To summarize,
- you may upstream the first patch (generalizing the key
measurements). It would be useful for us while writing more tests in
this space.
- but please hold off upstreaming the second patch (dm-crypt test)
as Mimi has suggested.
Thanks,
Tushar
> thanks,
>
> Mimi
>
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v3 0/2] IMA: Add test for dm-crypt measurement
Date: Tue, 23 Feb 2021 17:27:09 -0800 [thread overview]
Message-ID: <e8232b66-8081-090e-4e26-0e1d2544e752@linux.microsoft.com> (raw)
In-Reply-To: <0a25f4b7ed53566b13211d5aeea18e7f13f12bd7.camel@linux.ibm.com>
Hi Petr,
On 2021-02-23 4:43 p.m., Mimi Zohar wrote:
> Hi Petr,
>
> On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote:
>> Hi!
>>
>> I updated Tushar's patchset to speedup things.
>>
Thank you. :)
>> Changes v2->v3
>> * rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/
>> * move tst_res TPASS/TFAIL into test_policy_measurement()
>> * drop template=ima-buf (see Lakshmi's patch [1] and discussion about
>> it, it will be removed from ima_keys.sh as well)
Makes sense.
>> * moved ima_dm_crypt.sh specific changes to second commit
>> * further API and style related cleanup
>>
>> Could you please check this patchset?
I reviewed the patchset.
Patch 1 looks ok. (generalize key measurement tests)
Patch 2 won't work as is, since the dm kernel code is not upstreamed
yet. (see my comments below for more context)
>
> I'm not sure about the status of the associated IMA dm-crypt kernel
> patch set. It hasn't even been reviewed, definitely not upstreamed.
> I would hold off on upstreaming the associated ltp test.
>
That is correct.
The device mapper measurement work is being revisited - to cover aspects
like more DM targets (not just dm-crypt), better memory management, more
relevant attributes from the DM targets, other corner cases etc.
Therefore, even though the first patch of the series "generalize key
measurement tests", would be useful for other tests; I will have to
revisit the second patch, "dm-crypt measurements", to address the
DM side changes I mentioned above.
To summarize,
- you may upstream the first patch (generalizing the key
measurements). It would be useful for us while writing more tests in
this space.
- but please hold off upstreaming the second patch (dm-crypt test)
as Mimi has suggested.
Thanks,
Tushar
> thanks,
>
> Mimi
>
next prev parent reply other threads:[~2021-02-24 1:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-23 22:59 [PATCH v3 0/2] IMA: Add test for dm-crypt measurement Petr Vorel
2021-02-23 22:59 ` [LTP] " Petr Vorel
2021-02-23 22:59 ` [dm-devel] " Petr Vorel
2021-02-23 22:59 ` [PATCH v3 1/2] IMA: Generalize key measurement tests Petr Vorel
2021-02-23 22:59 ` [LTP] " Petr Vorel
2021-02-23 22:59 ` [dm-devel] " Petr Vorel
2021-02-23 22:59 ` [PATCH v3 2/2] IMA: Add test for dm-crypt measurement Petr Vorel
2021-02-23 22:59 ` [LTP] " Petr Vorel
2021-02-23 22:59 ` [dm-devel] " Petr Vorel
2021-02-24 0:43 ` [PATCH v3 0/2] " Mimi Zohar
2021-02-24 0:43 ` [LTP] " Mimi Zohar
2021-02-24 0:43 ` [dm-devel] " Mimi Zohar
2021-02-24 1:27 ` Tushar Sugandhi [this message]
2021-02-24 1:27 ` [LTP] " Tushar Sugandhi
2021-02-24 1:27 ` [dm-devel] " Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e8232b66-8081-090e-4e26-0e1d2544e752@linux.microsoft.com \
--to=tusharsu@linux.microsoft.com \
--cc=agk@redhat.com \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=pvorel@suse.cz \
--cc=snitzer@redhat.com \
--cc=zohar@linux.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.