Re: [PATCH 0/2] public key: IMA signer logging: Log public key of IMA Signature signer in IMA log

From: Lakshmi
Date: Wed May 15 2019 - 14:19:45 EST

Next message: Nathan Chancellor: "Re: [PATCH v2] lkdtm: support llvm-objcopy"
Previous message: Guenter Roeck: "Re: [PATCH 4.14 000/115] 4.14.120-stable review"
In reply to: Mimi Zohar: "Re: [PATCH 0/2] public key: IMA signer logging: Log public key of IMA Signature signer in IMA log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mimi,

I would like to make sure I understood your feedback.

Why duplicate the certificate info on each record in the measurement
list? ÂWhy not add the certificate info once, as the key is loaded
onto the .ima and .platform keyrings?

Mimi

key_create_or_update function in security/keys/key.c is called to add\update a key to a keyring. Are you suggesting that an IMA function be called from here to add the certificate info to the IMA log?

Our requirement is that the key information is available in the IMA log which is TPM backed.

Thanks,
-lakshmi

Next message: Nathan Chancellor: "Re: [PATCH v2] lkdtm: support llvm-objcopy"
Previous message: Guenter Roeck: "Re: [PATCH 4.14 000/115] 4.14.120-stable review"
In reply to: Mimi Zohar: "Re: [PATCH 0/2] public key: IMA signer logging: Log public key of IMA Signature signer in IMA log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]