From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19838C282DA for ; Fri, 5 Apr 2019 20:55:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DD96621726 for ; Fri, 5 Apr 2019 20:55:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TTP4Iolf" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726547AbfDEUzf (ORCPT ); Fri, 5 Apr 2019 16:55:35 -0400 Received: from mail-io1-f67.google.com ([209.85.166.67]:39740 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726218AbfDEUze (ORCPT ); Fri, 5 Apr 2019 16:55:34 -0400 Received: by mail-io1-f67.google.com with SMTP id e13so6161472ioq.6 for ; Fri, 05 Apr 2019 13:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9JPgxrvEn3gXs3Y4gKvoo9glWEe9rgrCB9GXAW/hjxU=; b=TTP4IolfJYlz0Uv0EjJoJI424E1QJ66epYs5jXTO6fhV9WDZmtLjfhVXZcV11mVIJh Y3+um5bAp2FMkTs/8pPUTY0FgoRF16ifYo/62yOyMJ1hC0YdiwfcHmHhQFzC/NTmXN92 ON1fz/Htvnb80Rw/PJwSu6E2+ERMwBkdi2TP/g1vGdHPXPFQwOzcQKiWwCFy/wMCqfcU Q8gUvzupXa2/eAJPCzJtGxxLZI+/cfVt95tpI/8OQevY1+RRoR0SsUKcAywxt8FS1EEk yuXP446yVNuOGOqLEfpBD+a6BKFROIgkayaVCHCOxAmPNyd1sUjvKmIDC+aM0owb/8jN ZYgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9JPgxrvEn3gXs3Y4gKvoo9glWEe9rgrCB9GXAW/hjxU=; b=Lf/lXHgeFsscnTY9O66/cyHjLwY43pgdO74qH0HCv9+rqns9h93ivx4gJQaEyG3OQD D9qzpMl6SeaXeIKUG/0Ij7bXT+Kov9Rnv1xwD09VZ5VDw/yQW5GGDjyMqkKALr6G/7Zp fVh0D2ZsrfeWIdfCEV2Fq2Z+hAtN08+D51XT0d0C3V9kSVOBM8C8MydWqBX+wGT3yS0A f61Y3tIslx/sDnznyOf1RrSzJZJIUxFoKPnT9Yra58g2LCr9dMF9occrtefXALDS4X+R U4YRPg3GBcXfjajgkb8wLnOh1MuKDOzkiXZTQPcbm4HnJoAPfnA1vOM5/8nsa/5MPdAI w7fg== X-Gm-Message-State: APjAAAUdlT8QYhkuEgt8Kvm1/nViUsfLT1csCWuvqNMwXtTId6027y9S lcF6sJDeZw4MQctb57dI0NDEXTGWARmjlRD0jZowdw== X-Google-Smtp-Source: APXvYqxTYRBwZRLJ0JUkKHNwwY42ugUD+oG/MDYyZrYiwNC88pI6sGufBu/BNoEZblMatj9Sa/l/PVs+eUa/Hxh71tk= X-Received: by 2002:a6b:3106:: with SMTP id j6mr10585112ioa.147.1554497733756; Fri, 05 Apr 2019 13:55:33 -0700 (PDT) MIME-Version: 1.0 References: <20190226215034.68772-1-matthewgarrett@google.com> <20190226215034.68772-4-matthewgarrett@google.com> <1551369834.10911.195.camel@linux.ibm.com> <1551377110.10911.202.camel@linux.ibm.com> <1551391154.10911.210.camel@linux.ibm.com> <1551731553.10911.510.camel@linux.ibm.com> <1551791930.31706.41.camel@linux.ibm.com> <1551815469.31706.132.camel@linux.ibm.com> <1551875418.31706.158.camel@linux.ibm.com> <1551911937.31706.217.camel@linux.ibm.com> <1551923650.31706.258.camel@linux.ibm.com> <1551991690.31706.416.camel@linux.ibm.com> <1554416328.24612.11.camel@HansenPartnership.com> <1554417315.24612.15.camel@HansenPartnership.com> <1554431217.24612.37.camel@HansenPartnership.com> In-Reply-To: <1554431217.24612.37.camel@HansenPartnership.com> From: Matthew Garrett Date: Fri, 5 Apr 2019 13:55:22 -0700 Message-ID: Subject: Re: [PATCH V2 3/4] IMA: Optionally make use of filesystem-provided hashes To: James Bottomley Cc: Mimi Zohar , linux-integrity , Dmitry Kasatkin , linux-fsdevel@vger.kernel.org, miklos@szeredi.hu Content-Type: text/plain; charset="UTF-8" Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Thu, Apr 4, 2019 at 7:27 PM James Bottomley wrote: > > On Thu, 2019-04-04 at 18:50 -0700, Matthew Garrett wrote: > > On Thu, Apr 4, 2019 at 3:35 PM James Bottomley > > wrote: > > > Redundant information is always possible, but it can become > > > inconsistent and, because the hashes can't be derived from each > > > other, it's hard to tell if it is inconsistent without redoing the > > > whole hash with each method. > > > > Part of the problem here is that IMA is effectively used for two > > related but different purposes - measurement and appraisal. You > > generally want measurements to be comparable across filesystems, > > whereas appraisal doesn't need to be. > > Sure, but I think the only requirement for measurement is knowing how > to reproduce them. As long as you know the algorithm the filesystem is > using ... i.e. it's recorded in the IMA log, you should be able to > verify them. Mm. I think this is use-case dependent, but there are certainly use cases where this would be sufficient. I think this would work on the VFS side, but we'd need to extend IMA to allow you to write a policy that specified the use of the fs-verity data on the appropriate filesystems (right now IMA uses one hash type globally) - if anyone's interested in deploying that, I'm happy to add support for it.