From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: Mimi Zohar <zohar@linux.ibm.com>,
"Lev R. Oshvang ." <levonshe@gmail.com>,
Stephen Smalley <stephen.smalley@gmail.com>
Cc: linux-integrity@vger.kernel.org,
LSM List <linux-security-module@vger.kernel.org>,
SELinux <selinux@vger.kernel.org>,
dm-devel@redhat.com, James Morris <jmorris@namei.org>,
chpebeni@linux.microsoft.com, nramas@linux.microsoft.com,
balajib@microsoft.com, sashal@kernel.org, suredd@microsoft.com
Subject: Re: [RFC] IMA: New IMA measurements for dm-crypt and selinux
Date: Thu, 16 Apr 2020 17:53:54 -0700 [thread overview]
Message-ID: <96c53a34-315c-946d-3264-e6e2cd19f583@linux.microsoft.com> (raw)
In-Reply-To: <1586826679.7311.174.camel@linux.ibm.com>
On 2020-04-13 6:11 p.m., Mimi Zohar wrote:
> On Sun, 2020-04-12 at 11:15 +0300, Lev R. Oshvang . wrote:
>> On Sat, Apr 11, 2020 at 10:07 PM Stephen Smalley
>> It sees to me that LKRG (kernel run time guard) takes the role of
>> measuring kernel structures. Perhaps you need to consult with LKRG
>> guys.
>
> There definitely sounds like there is some overlap. LKRG seems to be
> measuring kernel structures for enforcing local integrity. In the
> context of IMA, measurements are included in the IMA measurement list
> and used to extend a TPM PCR so that it can be quoted.
>
> A generic method for measuring structures and including them in the
> IMA measurement list sounds interesting.
Thanks for the feedback Mimi.
We were also thinking along the same lines of generic method
for measuring structures.
We will take this feedback into account while implementing.
>
> Mimi
>
next prev parent reply other threads:[~2020-04-17 0:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 10:19 [RFC] IMA: New IMA measurements for dm-crypt and selinux Tushar Sugandhi
2020-04-08 16:28 ` Milan Broz
2020-04-17 0:46 ` Tushar Sugandhi
2020-04-08 16:34 ` Casey Schaufler
2020-04-17 0:49 ` Tushar Sugandhi
2020-04-11 19:05 ` Stephen Smalley
2020-04-12 8:15 ` Lev R. Oshvang .
2020-04-14 1:11 ` Mimi Zohar
2020-04-14 10:06 ` Lev R. Oshvang .
2020-04-17 0:53 ` Tushar Sugandhi [this message]
2020-04-17 0:52 ` Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96c53a34-315c-946d-3264-e6e2cd19f583@linux.microsoft.com \
--to=tusharsu@linux.microsoft.com \
--cc=balajib@microsoft.com \
--cc=chpebeni@linux.microsoft.com \
--cc=dm-devel@redhat.com \
--cc=jmorris@namei.org \
--cc=levonshe@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley@gmail.com \
--cc=suredd@microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).