Re: [PATCH] IMA: Defined timer to process queued keys

From: Mimi Zohar
Date: Sat Dec 21 2019 - 18:41:02 EST

Next message: Saravanan Sekar: "[PATCH v2 3/4] regulator: mpq7920: add mpq7920 regulator driver"
Previous message: Saravanan Sekar: "[PATCH v2 4/4] MAINTAINERS: Add entry for mpq7920 PMIC driver"
In reply to: Lakshmi Ramasubramanian: "[PATCH] IMA: Defined timer to process queued keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2019-12-20 at 17:52 -0800, Lakshmi Ramasubramanian wrote:
> keys queued for measurement should still be processed even if
> a custom IMA policy was not loaded. Otherwise, the keys will
> remain queued forever consuming kernel memory.
>
> This patch defines a timer to handle the above scenario. The timer
> is setup to expire 5 minutes after IMA initialization is completed.
>
> If a custom IMA policy is loaded before the timer expires, the timer
> is removed and any queued keys are processed. But if a custom policy
> was not loaded, on timer expiration any queued keys are processed.
>
> On timer expiration the keys are still processed. This will enable
> keys to be measured in case the built-in IMA policy defines a key
> measurement rule.

If there was a built-in policy rule for measuring the early boot keys,
then there wouldn't be a need for queueing the "key" measurements.
ÂJust free the queued keys.

Mimi

Next message: Saravanan Sekar: "[PATCH v2 3/4] regulator: mpq7920: add mpq7920 regulator driver"
Previous message: Saravanan Sekar: "[PATCH v2 4/4] MAINTAINERS: Add entry for mpq7920 PMIC driver"
In reply to: Lakshmi Ramasubramanian: "[PATCH] IMA: Defined timer to process queued keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]