* IMA signature generated by evmctl has unexpected key identifier
@ 2019-05-13 0:37 nramas
2019-05-14 17:18 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: nramas @ 2019-05-13 0:37 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar
Hello,
I am trying to test IMA signature validation using EVMCTL version 1.1
Am running kernel version 5.1.0 rc2 on an Ubuntu desktop.
I have followed the steps given in the README below:
https://sourceforge.net/p/linux-ima/ima-evm-utils/ci/master/tree/README
I have created private\public key pair and the DER encoded certificate for
the private key. Imported the signed DER encoded cert to IMA keyring.
keyctl show %keyring:.ima
Keyring
1054868458 ---lswrv 0 0 keyring: .ima
740136756 --als--v 0 0 \_ asymmetric: hostname: whoami signing
key: 85512d09fc12c7f38b9679352651dcb365903336
cat /proc/keys | grep -i signing
2c1d9734 I--Q--- 1 perm 39010000 0 0 asymmetri hostname:
whoami signing key: 85512d09fc12c7f38b9679352651dcb365903336: X509.rsa
65903336 []
evmctl ima_sign -a sha256 --key /etc/keys/privkey_evm.pem /boot/vmlinuz-5.1.0-rc2+
In the key identifier set in security.ima attribute the key identifier
should be 65903336 to match the key in the IMA keyring. But it is
b8847de9.
getfattr -d -m ima -e hex /boot/vmlinuz-5.1.0-rc2+
getfattr: Removing leading '/' from absolute path names
# file: boot/vmlinuz-5.1.0-rc2+
security.ima=0x030204b8847de90080b06c8d5517a6afea64805c2871581b256a4efcf7ce4ba079a85545e5e70a2603596366c4e342f11052291e9b558ccb1a1208747f12c45bbe4cee59c727f308a46e951c0df9b1f6b443a8c0a4f5ac881d49e0cce9927b64eeab29c5688aba0758e5cfb30c26fd5b131c2206f1b208d48a427c53a77ae5baf98f4994a19f67b163
When trying to verify the IMA signature I get the following error
evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
/boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid
padding
error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
This looks very similar to the issue discussed here
https://sourceforge.net/p/linux-ima/mailman/message/34290588/
But the bug discussed in the above thread looks to be fixed though.
Am I missing something?
Thank you.
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-13 0:37 IMA signature generated by evmctl has unexpected key identifier nramas
@ 2019-05-14 17:18 ` Lakshmi
2019-05-14 17:25 ` Mimi Zohar
0 siblings, 1 reply; 13+ messages in thread
From: Lakshmi @ 2019-05-14 17:18 UTC (permalink / raw)
To: linux-integrity, Mimi Zohar
On 5/12/19 5:37 PM, nramas@linux.microsoft.com wrote:
> Hello,
>
> I am trying to test IMA signature validation using EVMCTL version 1.1
> Am running kernel version 5.1.0 rc2 on an Ubuntu desktop.
>
> I have followed the steps given in the README below:
> https://sourceforge.net/p/linux-ima/ima-evm-utils/ci/master/tree/README
>
> I have created private\public key pair and the DER encoded certificate
> for the private key. Imported the signed DER encoded cert to IMA keyring.
>
> keyctl show %keyring:.ima
> Keyring
> 1054868458 ---lswrv 0 0 keyring: .ima
> 740136756 --als--v 0 0 \_ asymmetric: hostname: whoami signing
> key: 85512d09fc12c7f38b9679352651dcb365903336
>
> cat /proc/keys | grep -i signing
> 2c1d9734 I--Q--- 1 perm 39010000 0 0 asymmetri hostname:
> whoami signing key: 85512d09fc12c7f38b9679352651dcb365903336: X509.rsa
> 65903336 []
>
> evmctl ima_sign -a sha256 --key /etc/keys/privkey_evm.pem
> /boot/vmlinuz-5.1.0-rc2+
>
> In the key identifier set in security.ima attribute the key identifier
> should be 65903336 to match the key in the IMA keyring. But it is b8847de9.
>
> getfattr -d -m ima -e hex /boot/vmlinuz-5.1.0-rc2+
> getfattr: Removing leading '/' from absolute path names
> # file: boot/vmlinuz-5.1.0-rc2+
> security.ima=0x030204b8847de90080b06c8d5517a6afea64805c2871581b256a4efcf7ce4ba079a85545e5e70a2603596366c4e342f11052291e9b558ccb1a1208747f12c45bbe4cee59c727f308a46e951c0df9b1f6b443a8c0a4f5ac881d49e0cce9927b64eeab29c5688aba0758e5cfb30c26fd5b131c2206f1b208d48a427c53a77ae5baf98f4994a19f67b163
>
>
> When trying to verify the IMA signature I get the following error
>
> evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
> /boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
> error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
> error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
>
> This looks very similar to the issue discussed here
> https://sourceforge.net/p/linux-ima/mailman/message/34290588/
>
> But the bug discussed in the above thread looks to be fixed though.
>
> Am I missing something?
>
> Thank you.
>
> -lakshmi
>
I have tried the above on Linux kernel 4.18.0-17 as well and am seeing
the same behavior.
I am unable to find older versions (prior to Version 1.1) of evmctl to
check if the behavior is different.
Thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-14 17:18 ` Lakshmi
@ 2019-05-14 17:25 ` Mimi Zohar
2019-05-14 17:57 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: Mimi Zohar @ 2019-05-14 17:25 UTC (permalink / raw)
To: Lakshmi, linux-integrity
On Tue, 2019-05-14 at 10:18 -0700, Lakshmi wrote:
> On 5/12/19 5:37 PM, nramas@linux.microsoft.com wrote:
> > Hello,
> >
> > I am trying to test IMA signature validation using EVMCTL version 1.1
> > Am running kernel version 5.1.0 rc2 on an Ubuntu desktop.
> >
> > I have followed the steps given in the README below:
> > https://sourceforge.net/p/linux-ima/ima-evm-utils/ci/master/tree/README
> >
> > I have created private\public key pair and the DER encoded certificate
> > for the private key. Imported the signed DER encoded cert to IMA keyring.
> >
> > keyctl show %keyring:.ima
> > Keyring
> > 1054868458 ---lswrv 0 0 keyring: .ima
> > 740136756 --als--v 0 0 \_ asymmetric: hostname: whoami signing
> > key: 85512d09fc12c7f38b9679352651dcb365903336
> >
> > cat /proc/keys | grep -i signing
> > 2c1d9734 I--Q--- 1 perm 39010000 0 0 asymmetri hostname:
> > whoami signing key: 85512d09fc12c7f38b9679352651dcb365903336: X509.rsa
> > 65903336 []
> >
> > evmctl ima_sign -a sha256 --key /etc/keys/privkey_evm.pem
> > /boot/vmlinuz-5.1.0-rc2+
> >
> > In the key identifier set in security.ima attribute the key identifier
> > should be 65903336 to match the key in the IMA keyring. But it is b8847de9.
> >
> > getfattr -d -m ima -e hex /boot/vmlinuz-5.1.0-rc2+
> > getfattr: Removing leading '/' from absolute path names
> > # file: boot/vmlinuz-5.1.0-rc2+
> > security.ima=0x030204b8847de90080b06c8d5517a6afea64805c2871581b256a4efcf7ce4ba079a85545e5e70a2603596366c4e342f11052291e9b558ccb1a1208747f12c45bbe4cee59c727f308a46e951c0df9b1f6b443a8c0a4f5ac881d49e0cce9927b64eeab29c5688aba0758e5cfb30c26fd5b131c2206f1b208d48a427c53a77ae5baf98f4994a19f67b163
> >
> >
> > When trying to verify the IMA signature I get the following error
> >
> > evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
> > /boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
> > error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
> > error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
> >
> > This looks very similar to the issue discussed here
> > https://sourceforge.net/p/linux-ima/mailman/message/34290588/
> >
> > But the bug discussed in the above thread looks to be fixed though.
> >
> > Am I missing something?
> >
> > Thank you.
> >
> > -lakshmi
> >
>
> I have tried the above on Linux kernel 4.18.0-17 as well and am seeing
> the same behavior.
>
> I am unable to find older versions (prior to Version 1.1) of evmctl to
> check if the behavior is different.
Missing from this log is the list of keys on the .ima keyring.
Mimi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-14 17:25 ` Mimi Zohar
@ 2019-05-14 17:57 ` Lakshmi
2019-05-14 21:38 ` Mimi Zohar
0 siblings, 1 reply; 13+ messages in thread
From: Lakshmi @ 2019-05-14 17:57 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
>
> Missing from this log is the list of keys on the .ima keyring.
>
> Mimi
>
Below is the list of keys in the IMA keyring
keyctl show %keyring:.ima
Keyring
1054868458 ---lswrv 0 0 keyring: .ima
740136756 --als--v 0 0 \_ asymmetric: hostname: whoami signing
key: 85512d09fc12c7f38b9679352651dcb365903336
Please let me know if you need more information.
thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-14 17:57 ` Lakshmi
@ 2019-05-14 21:38 ` Mimi Zohar
2019-05-14 22:07 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: Mimi Zohar @ 2019-05-14 21:38 UTC (permalink / raw)
To: Lakshmi, linux-integrity
On Tue, 2019-05-14 at 10:57 -0700, Lakshmi wrote:
> Below is the list of keys in the IMA keyring
>
> keyctl show %keyring:.ima
>
> Keyring
> 1054868458 ---lswrv 0 0 keyring: .ima
> 740136756 --als--v 0 0 \_ asymmetric: hostname: whoami signing
> key: 85512d09fc12c7f38b9679352651dcb365903336
>
> Please let me know if you need more information.
I should have asked you to make sure that the last 8 bytes of "X509v3
Subject Key Identifier" in the certificate used to sign the kernel
image is the same as above.
Mimi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-14 21:38 ` Mimi Zohar
@ 2019-05-14 22:07 ` Lakshmi
2019-05-21 17:48 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: Lakshmi @ 2019-05-14 22:07 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
On 5/14/19 2:38 PM, Mimi Zohar wrote:
>> Keyring
>> 1054868458 ---lswrv 0 0 keyring: .ima
>> 740136756 --als--v 0 0 \_ asymmetric: hostname:
whoami signing
>> key: 85512d09fc12c7f38b9679352651dcb365903336
>
> I should have asked you to make sure that the last 8 bytes of "X509v3
> Subject Key Identifier" in the certificate used to sign the kernel
> image is the same as above.
>
> Mimi
>
Yes - the Subject Key Identifier matches the output from keyctl.
Please see below:
X509v3 Subject Key Identifier:
85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36
thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-14 22:07 ` Lakshmi
@ 2019-05-21 17:48 ` Lakshmi
2019-05-22 0:30 ` Mimi Zohar
0 siblings, 1 reply; 13+ messages in thread
From: Lakshmi @ 2019-05-21 17:48 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
On 5/14/19 3:07 PM, Lakshmi wrote:
Hi Mimi,
>>
>> I should have asked you to make sure that the last 8 bytes of "X509v3
>> Subject Key Identifier" in the certificate used to sign the kernel
>> image is the same as above.
>>
>> Mimi
>>
>
> Yes - the Subject Key Identifier matches the output from keyctl.
>
> Please see below:
>
> X509v3 Subject Key Identifier:
>
> 85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36
>
> thanks,
> -lakshmi
>
Please let me know if you need more information\logs on this issue.
Thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-21 17:48 ` Lakshmi
@ 2019-05-22 0:30 ` Mimi Zohar
2019-05-22 1:39 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: Mimi Zohar @ 2019-05-22 0:30 UTC (permalink / raw)
To: Lakshmi, linux-integrity
On Tue, 2019-05-21 at 10:48 -0700, Lakshmi wrote:
> On 5/14/19 3:07 PM, Lakshmi wrote:
> >>
> >> I should have asked you to make sure that the last 8 bytes of "X509v3
> >> Subject Key Identifier" in the certificate used to sign the kernel
> >> image is the same as above.
> >>
> >> Mimi
> >>
> >
> > Yes - the Subject Key Identifier matches the output from keyctl.
> >
> > Please see below:
> >
> > X509v3 Subject Key Identifier:
> >
> > 85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36
>
> Please let me know if you need more information\logs on this issue.
Have you tried using "evmctl ima_verify" to verify the signature after
signing the file?
Perhaps it's something with the key. If you haven't already used the
scripts for generating the keys in the ima-evm-utils examples/
directory, you might try that.
I just pushed out the ima-evm-utils master branch. See if the new
"master" branch works.
Mimi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-22 0:30 ` Mimi Zohar
@ 2019-05-22 1:39 ` Lakshmi
2019-05-22 2:16 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: Lakshmi @ 2019-05-22 1:39 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
On 5/21/19 5:30 PM, Mimi Zohar wrote:
>
> Have you tried using "evmctl ima_verify" to verify the signature after
> signing the file?
Yes - I have. It fails with the following error. I have tried multiple
signing keys, but no luck.
evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
/boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
>
> Perhaps it's something with the key. If you haven't already used the
> scripts for generating the keys in the ima-evm-utils examples/
> directory, you might try that.
I'll give this a try.
Thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-22 1:39 ` Lakshmi
@ 2019-05-22 2:16 ` Lakshmi
2019-05-23 1:10 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: Lakshmi @ 2019-05-22 2:16 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
On 5/21/19 6:39 PM, Lakshmi wrote:
>
>>
>> Perhaps it's something with the key. If you haven't already used the
>> scripts for generating the keys in the ima-evm-utils examples/
>> directory, you might try that.
Looks like it is something with the key I'd generated earlier. I
generated new key using the script and that worked fine.
Sorry about the false alarm.
I'll investigate what's wrong with the key(s) I used earlier.
Thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-22 2:16 ` Lakshmi
@ 2019-05-23 1:10 ` Lakshmi
2019-05-23 13:26 ` Mimi Zohar
0 siblings, 1 reply; 13+ messages in thread
From: Lakshmi @ 2019-05-23 1:10 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
On 5/21/19 5:30 PM, Mimi Zohar wrote:
I did some more investigation on this one and see different behavior
when the IMA signing key is self-signed and signed by a another key.
>>> Perhaps it's something with the key. If you haven't already used the
>>> scripts for generating the keys in the ima-evm-utils examples/
>>> directory, you might try that.
When the IMA signer key is self-signed x509v3 Subject Key ID and
Authority Key ID are the same - please see below.
In this case, the ima-evm-utils sets the 4 byte key ID correctly in the
IMA Signature set in security.ima.
ima_verify successfully verifies the IMA signature.
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10
X509v3 Authority Key Identifier:
keyid:36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10
root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x03020415f374100080c11a06d7fc7626467d6abb08a8a573f27412fd2dcf726f40f238f226792b1787cddee1aac094e695795f6b7e07fc8749902623e78b69566b1d0c22c311f6e5b4b76a2af981eaa2cb69c326cc9566e29d5ff8ea37188bb262fa3bef991deacd58ee6350299c0f4beaf49f20ae1ac1ceac58ff593a544f14603c2e600cf116a6e5
But if the IMA signer key is signed by another key (For instance, a key
in the "BuiltIn Trusted Keys"), x509v3 SKI and AKI are different. Please
see below:
In this case, the ima-evm-utils sets a 4 byte key ID that does not match
the last 4 bytes of SKI.
ima_verify fails in this case.
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36
X509v3 Authority Key Identifier:
keyid:87:DC:69:C9:EC:ED:27:10:0C:8C:CA:1B:A9:DE:51:1C:6D:00:5D:E5
root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x030204b8847de90080a3e5d6e72fd7fa2f247f68ae675fa56f5b81f9274cb42c597b4c5507da3bfeba5c8636ea23857bcf1730a37fa871c7f592c254e0dd701b8b062f12cbc0db78f21495d5a7728c218b741c675053e998528cc0c8d12bef0e0671a28e64a7d933d36d76c1ec2633a07334b3480c7c0c4031d9c037a77085852f15a3669f2fdc3c7e
Is this expected?
In my setup, IMA signing key will be signed by a key in the "BuiltIn
Trusted Keys".
Thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-23 1:10 ` Lakshmi
@ 2019-05-23 13:26 ` Mimi Zohar
2019-05-23 17:23 ` Lakshmi
0 siblings, 1 reply; 13+ messages in thread
From: Mimi Zohar @ 2019-05-23 13:26 UTC (permalink / raw)
To: Lakshmi, linux-integrity
On Wed, 2019-05-22 at 18:10 -0700, Lakshmi wrote:
> In my setup, IMA signing key will be signed by a key in the "BuiltIn
> Trusted Keys".
That is exactly how it is meant to be used. In conjunction with the
examples/ scripts, please follow the "Generate trusted keys" section
of the README. The last two steps show how to create a certificate
signing request (CSR) and sign the certificate with a CA key. The CA
public key should be loaded onto the builtin keyring.
Mimi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: IMA signature generated by evmctl has unexpected key identifier
2019-05-23 13:26 ` Mimi Zohar
@ 2019-05-23 17:23 ` Lakshmi
0 siblings, 0 replies; 13+ messages in thread
From: Lakshmi @ 2019-05-23 17:23 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
On 5/23/19 6:26 AM, Mimi Zohar wrote:
> The last two steps show how to create a certificate
> signing request (CSR) and sign the certificate with a CA key. The CA
> public key should be loaded onto the builtin keyring.
Yes - I followed those steps in the README to create a CSR and signed
the IMA signing cert with the CA key.
The CA public key is loaded into the builtin keyring.
IMA cert is loaded to IMA keyring.
The problem I am facing is:
When the IMA cert is signed with the CA key, the key id set by
ima-evm-utils does not match the last 4 bytes of SKI.
I also hit ima_verify error.
Please see below:
X509v3 Subject Key Identifier:
85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36
X509v3 Authority Key Identifier:
keyid:87:DC:69:C9:EC:ED:27:10:0C:8C:CA:1B:A9:DE:51:1C:6D:00:5D:E5
root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x030204b8847de90080a3e5d6e72fd7fa2f247f68ae675fa56f5b81f9274cb42c597b4c5507da3bfeba5c8636ea23857bcf1730a37fa871c7f592c254e0dd701b8b062f12cbc0db78f21495d5a7728c218b741c675053e998528cc0c8d12bef0e0671a28e64a7d933d36d76c1ec2633a07334b3480c7c0c4031d9c037a77085852f15a3669f2fdc3c7e
=> But if I don't sign the IMA cert with the CA cert, everything works
as expected: Key Id matches the last 4 bytes of the SKI, ima_verify
works fine.
X509v3 Subject Key Identifier:
36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10
X509v3 Authority Key Identifier:
keyid:36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10
root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x03020415f374100080c11a06d7fc7626467d6abb08a8a573f27412fd2dcf726f40f238f226792b1787cddee1aac094e695795f6b7e07fc8749902623e78b69566b1d0c22c311f6e5b4b76a2af981eaa2cb69c326cc9566e29d5ff8ea37188bb262fa3bef991deacd58ee6350299c0f4beaf49f20ae1ac1ceac58ff593a544f14603c2e600cf116a6e5
Thanks,
-lakshmi
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2019-05-23 17:23 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-13 0:37 IMA signature generated by evmctl has unexpected key identifier nramas
2019-05-14 17:18 ` Lakshmi
2019-05-14 17:25 ` Mimi Zohar
2019-05-14 17:57 ` Lakshmi
2019-05-14 21:38 ` Mimi Zohar
2019-05-14 22:07 ` Lakshmi
2019-05-21 17:48 ` Lakshmi
2019-05-22 0:30 ` Mimi Zohar
2019-05-22 1:39 ` Lakshmi
2019-05-22 2:16 ` Lakshmi
2019-05-23 1:10 ` Lakshmi
2019-05-23 13:26 ` Mimi Zohar
2019-05-23 17:23 ` Lakshmi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).