Re: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update

From: Lakshmi Ramasubramanian
Date: Thu Oct 31 2019 - 11:27:50 EST

Next message: Jeff Layton: "Re: [PATCH] ceph: don't allow copy_file_range when stripe_count != 1"
Previous message: Sasha Levin: "Re: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update"
In reply to: Sasha Levin: "Re: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update"
Next in thread: Sasha Levin: "Re: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/31/19 2:10 AM, Sasha Levin wrote:

Hi Sasha,

On Wed, Oct 30, 2019 at 06:19:02PM -0700, Lakshmi Ramasubramanian wrote:

Asymmetric keys used for verifying file signatures or certificates
are currently not included in the IMA measurement list.

This patch defines a new IMA hook namely ima_post_key_create_or_update()
to measure asymmetric keys.

Signed-off-by: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx>

What are the prerequisites for this patch?

I built this patch set on kernel v5.3

I applied the following patch provided by Nayna Jain@IBM and then added my changes:

[PATCH v9 5/8] ima: make process_buffer_measurement() generic

thanks,
-lakshmi

Next message: Jeff Layton: "Re: [PATCH] ceph: don't allow copy_file_range when stripe_count != 1"
Previous message: Sasha Levin: "Re: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update"
In reply to: Sasha Levin: "Re: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update"
Next in thread: Sasha Levin: "Re: [PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]