diff for duplicates of <1510061855.3425.113.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index d57ca98..bbe168d 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -13,7 +13,7 @@ On Tue, 2017-11-07 at 11:36 +0100, Roberto Sassu wrote: > the system decreases linearly with the number of measurements taken. This > can be seen especially at boot time. -I've said this previously. The solution IS FIRST to improve the +I've said this previously. ?The solution IS FIRST to improve the performance of the TPM device driver, before finding solutions around it. @@ -23,7 +23,7 @@ a233a0289cf9 "tpm: msleep() delays - replace with usleep_range() in i2c nuvoton 9f3fc7bcddcb "tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers" Nayna Jain submitted additional performance improvements, that were posted -https://www.spinics.net/lists/linux-integrity/msg00238.html and are +https://www.spinics.net/lists/linux-integrity/msg00238.html?and are currently being tested. Even after these TPM performance improvements, there are still more @@ -32,10 +32,10 @@ TPM performance improvements. > Second, managing large measurement > lists requires computation power and network bandwidth. -"Large" for whom? Large for the attestation server? Large for the -client? Smaller devices would have fewer measurements than larger -devices. We're not discussing gigabytes/terabytes of data here. - Attestation servers should be able to handle the bandwidth. If it +"Large" for whom? ?Large for the attestation server? ?Large for the +client? ?Smaller devices would have fewer measurements than larger +devices. ?We're not discussing gigabytes/terabytes of data here. +?Attestation servers should be able to handle the bandwidth. ?If it becomes a problem, then the attestation server/client communication could be optimized to send just the recent measurements, not the entire measurement list. @@ -48,10 +48,10 @@ entire measurement list. > packages. Although IMA-appraisal verifies file integrity based on either a file -hash or signature, they are not equivalent. File signatures provide -file provenance. Not only does the file hash have to match, but a +hash or signature, they are not equivalent. ?File signatures provide +file provenance. ?Not only does the file hash have to match, but a certificate used to sign the file data must be loaded onto the IMA -keyring. File hashes should be limited to mutable files. +keyring. ?File hashes should be limited to mutable files. Instead of working around the problem of a lack of file signatures in software packages, help promote including them so that there are @@ -64,7 +64,7 @@ measurement and signature chains of trust anchored in hardware. > appraisal and audit are not performed. Although the previous patch set did not break userspace per-se, it -changed the existing meaning of the IMA measurement list. Without +changed the existing meaning of the IMA measurement list. ?Without taking into account my previous comments, this patch set makes similar changes to IMA-appraisal and IMA-measurement. @@ -83,13 +83,13 @@ previously suggested defining a new securityfs file for this purpose. > succeeds, IMA loads the digest list even if security.ima is missing. Previously IMA-appraisal verified the file signature of the file -containing the file hashes. It now sounds like even this guarantee is +containing the file hashes. ?It now sounds like even this guarantee is gone. Normally, the protection of kernel memory is out of scope for IMA. This patch set introduces an in kernel white list, which would be a prime target for attackers looking for ways of by-passing IMA- -measurement, IMA-appraisal and IMA-audit. Others might disagree, but +measurement, IMA-appraisal and IMA-audit. ?Others might disagree, but from my perspective, this risk is too high. Mimi @@ -163,4 +163,9 @@ Mimi > 17 files changed, 877 insertions(+), 85 deletions(-) > create mode 100644 Documentation/security/IMA-digest-lists.txt > create mode 100644 security/integrity/ima/ima_digest_list.c -> +> + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 747be78..597ef51 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,14 +1,8 @@ "ref\020171107103710.10883-1-roberto.sassu@huawei.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v2 00/15] ima: digest list feature\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v2 00/15] ima: digest list feature\0" "Date\0Tue, 07 Nov 2017 08:37:35 -0500\0" - "To\0Roberto Sassu <roberto.sassu@huawei.com>" - " linux-integrity@vger.kernel.org\0" - "Cc\0linux-security-module@vger.kernel.org" - linux-fsdevel@vger.kernel.org - linux-doc@vger.kernel.org - linux-kernel@vger.kernel.org - " silviu.vlasceanu@huawei.com\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "Hi Roberto,\n" @@ -26,7 +20,7 @@ "> the system decreases linearly with the number of measurements taken. This\n" "> can be seen especially at boot time.\n" "\n" - "I've said this previously. The solution IS FIRST to improve the\n" + "I've said this previously. ?The solution IS FIRST to improve the\n" "performance of the TPM device driver, before finding solutions around\n" "it.\n" "\n" @@ -36,7 +30,7 @@ "9f3fc7bcddcb \"tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers\"\n" "\n" "Nayna Jain submitted additional performance improvements, that were posted\n" - "https://www.spinics.net/lists/linux-integrity/msg00238.html and are\n" + "https://www.spinics.net/lists/linux-integrity/msg00238.html?and are\n" "currently being tested.\n" "\n" "Even after these TPM performance improvements, there are still more\n" @@ -45,10 +39,10 @@ "> Second, managing large measurement\n" "> lists requires computation power and network bandwidth.\n" "\n" - "\"Large\" for whom? Large for the attestation server? Large for the\n" - "client? Smaller devices would have fewer measurements than larger\n" - "devices. We're not discussing gigabytes/terabytes of data here.\n" - " Attestation servers should be able to handle the bandwidth. If it\n" + "\"Large\" for whom? ?Large for the attestation server? ?Large for the\n" + "client? ?Smaller devices would have fewer measurements than larger\n" + "devices. ?We're not discussing gigabytes/terabytes of data here.\n" + "?Attestation servers should be able to handle the bandwidth. ?If it\n" "becomes a problem, then the attestation server/client communication\n" "could be optimized to send just the recent measurements, not the\n" "entire measurement list.\n" @@ -61,10 +55,10 @@ "> packages.\n" "\n" "Although IMA-appraisal verifies file integrity based on either a file\n" - "hash or signature, they are not equivalent. File signatures provide\n" - "file provenance. Not only does the file hash have to match, but a\n" + "hash or signature, they are not equivalent. ?File signatures provide\n" + "file provenance. ?Not only does the file hash have to match, but a\n" "certificate used to sign the file data must be loaded onto the IMA\n" - "keyring. File hashes should be limited to mutable files.\n" + "keyring. ?File hashes should be limited to mutable files.\n" "\n" "Instead of working around the problem of a lack of file signatures in\n" "software packages, help promote including them so that there are\n" @@ -77,7 +71,7 @@ "> appraisal and audit are not performed.\n" "\n" "Although the previous patch set did not break userspace per-se, it\n" - "changed the existing meaning of the IMA measurement list. Without\n" + "changed the existing meaning of the IMA measurement list. ?Without\n" "taking into account my previous comments, this patch set makes similar\n" "changes to IMA-appraisal and IMA-measurement.\n" "\n" @@ -96,13 +90,13 @@ "> succeeds, IMA loads the digest list even if security.ima is missing.\n" "\n" "Previously IMA-appraisal verified the file signature of the file\n" - "containing the file hashes. It now sounds like even this guarantee is\n" + "containing the file hashes. ?It now sounds like even this guarantee is\n" "gone.\n" "\n" "Normally, the protection of kernel memory is out of scope for IMA.\n" "This patch set introduces an in kernel white list, which would be a\n" "prime target for attackers looking for ways of by-passing IMA-\n" - "measurement, IMA-appraisal and IMA-audit. Others might disagree, but\n" + "measurement, IMA-appraisal and IMA-audit. ?Others might disagree, but\n" "from my perspective, this risk is too high.\n" "\n" "Mimi\n" @@ -176,6 +170,11 @@ "> 17 files changed, 877 insertions(+), 85 deletions(-)\n" "> create mode 100644 Documentation/security/IMA-digest-lists.txt\n" "> create mode 100644 security/integrity/ima/ima_digest_list.c\n" - > + "> \n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -ef922b981ba8453972cd65546aa7ba37d84496ba83194a07377dda51ad837754 +bb7697af671b63fa92f8b240f6e55b123b6196f5b31fd4bc17b0dfa3f9e88ccb
diff --git a/a/1.txt b/N2/1.txt index d57ca98..9fd2f4a 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -13,7 +13,7 @@ On Tue, 2017-11-07 at 11:36 +0100, Roberto Sassu wrote: > the system decreases linearly with the number of measurements taken. This > can be seen especially at boot time. -I've said this previously. The solution IS FIRST to improve the +I've said this previously. The solution IS FIRST to improve the performance of the TPM device driver, before finding solutions around it. @@ -23,7 +23,7 @@ a233a0289cf9 "tpm: msleep() delays - replace with usleep_range() in i2c nuvoton 9f3fc7bcddcb "tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers" Nayna Jain submitted additional performance improvements, that were posted -https://www.spinics.net/lists/linux-integrity/msg00238.html and are +https://www.spinics.net/lists/linux-integrity/msg00238.html and are currently being tested. Even after these TPM performance improvements, there are still more @@ -32,10 +32,10 @@ TPM performance improvements. > Second, managing large measurement > lists requires computation power and network bandwidth. -"Large" for whom? Large for the attestation server? Large for the -client? Smaller devices would have fewer measurements than larger -devices. We're not discussing gigabytes/terabytes of data here. - Attestation servers should be able to handle the bandwidth. If it +"Large" for whom? Large for the attestation server? Large for the +client? Smaller devices would have fewer measurements than larger +devices. We're not discussing gigabytes/terabytes of data here. + Attestation servers should be able to handle the bandwidth. If it becomes a problem, then the attestation server/client communication could be optimized to send just the recent measurements, not the entire measurement list. @@ -48,10 +48,10 @@ entire measurement list. > packages. Although IMA-appraisal verifies file integrity based on either a file -hash or signature, they are not equivalent. File signatures provide -file provenance. Not only does the file hash have to match, but a +hash or signature, they are not equivalent. File signatures provide +file provenance. Not only does the file hash have to match, but a certificate used to sign the file data must be loaded onto the IMA -keyring. File hashes should be limited to mutable files. +keyring. File hashes should be limited to mutable files. Instead of working around the problem of a lack of file signatures in software packages, help promote including them so that there are @@ -64,7 +64,7 @@ measurement and signature chains of trust anchored in hardware. > appraisal and audit are not performed. Although the previous patch set did not break userspace per-se, it -changed the existing meaning of the IMA measurement list. Without +changed the existing meaning of the IMA measurement list. Without taking into account my previous comments, this patch set makes similar changes to IMA-appraisal and IMA-measurement. @@ -83,13 +83,13 @@ previously suggested defining a new securityfs file for this purpose. > succeeds, IMA loads the digest list even if security.ima is missing. Previously IMA-appraisal verified the file signature of the file -containing the file hashes. It now sounds like even this guarantee is +containing the file hashes. It now sounds like even this guarantee is gone. Normally, the protection of kernel memory is out of scope for IMA. This patch set introduces an in kernel white list, which would be a prime target for attackers looking for ways of by-passing IMA- -measurement, IMA-appraisal and IMA-audit. Others might disagree, but +measurement, IMA-appraisal and IMA-audit. Others might disagree, but from my perspective, this risk is too high. Mimi diff --git a/a/content_digest b/N2/content_digest index 747be78..f99d296 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -26,7 +26,7 @@ "> the system decreases linearly with the number of measurements taken. This\n" "> can be seen especially at boot time.\n" "\n" - "I've said this previously. The solution IS FIRST to improve the\n" + "I've said this previously. \302\240The solution IS FIRST to improve the\n" "performance of the TPM device driver, before finding solutions around\n" "it.\n" "\n" @@ -36,7 +36,7 @@ "9f3fc7bcddcb \"tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers\"\n" "\n" "Nayna Jain submitted additional performance improvements, that were posted\n" - "https://www.spinics.net/lists/linux-integrity/msg00238.html and are\n" + "https://www.spinics.net/lists/linux-integrity/msg00238.html\302\240and are\n" "currently being tested.\n" "\n" "Even after these TPM performance improvements, there are still more\n" @@ -45,10 +45,10 @@ "> Second, managing large measurement\n" "> lists requires computation power and network bandwidth.\n" "\n" - "\"Large\" for whom? Large for the attestation server? Large for the\n" - "client? Smaller devices would have fewer measurements than larger\n" - "devices. We're not discussing gigabytes/terabytes of data here.\n" - " Attestation servers should be able to handle the bandwidth. If it\n" + "\"Large\" for whom? \302\240Large for the attestation server? \302\240Large for the\n" + "client? \302\240Smaller devices would have fewer measurements than larger\n" + "devices. \302\240We're not discussing gigabytes/terabytes of data here.\n" + "\302\240Attestation servers should be able to handle the bandwidth. \302\240If it\n" "becomes a problem, then the attestation server/client communication\n" "could be optimized to send just the recent measurements, not the\n" "entire measurement list.\n" @@ -61,10 +61,10 @@ "> packages.\n" "\n" "Although IMA-appraisal verifies file integrity based on either a file\n" - "hash or signature, they are not equivalent. File signatures provide\n" - "file provenance. Not only does the file hash have to match, but a\n" + "hash or signature, they are not equivalent. \302\240File signatures provide\n" + "file provenance. \302\240Not only does the file hash have to match, but a\n" "certificate used to sign the file data must be loaded onto the IMA\n" - "keyring. File hashes should be limited to mutable files.\n" + "keyring. \302\240File hashes should be limited to mutable files.\n" "\n" "Instead of working around the problem of a lack of file signatures in\n" "software packages, help promote including them so that there are\n" @@ -77,7 +77,7 @@ "> appraisal and audit are not performed.\n" "\n" "Although the previous patch set did not break userspace per-se, it\n" - "changed the existing meaning of the IMA measurement list. Without\n" + "changed the existing meaning of the IMA measurement list. \302\240Without\n" "taking into account my previous comments, this patch set makes similar\n" "changes to IMA-appraisal and IMA-measurement.\n" "\n" @@ -96,13 +96,13 @@ "> succeeds, IMA loads the digest list even if security.ima is missing.\n" "\n" "Previously IMA-appraisal verified the file signature of the file\n" - "containing the file hashes. It now sounds like even this guarantee is\n" + "containing the file hashes. \302\240It now sounds like even this guarantee is\n" "gone.\n" "\n" "Normally, the protection of kernel memory is out of scope for IMA.\n" "This patch set introduces an in kernel white list, which would be a\n" "prime target for attackers looking for ways of by-passing IMA-\n" - "measurement, IMA-appraisal and IMA-audit. Others might disagree, but\n" + "measurement, IMA-appraisal and IMA-audit. \302\240Others might disagree, but\n" "from my perspective, this risk is too high.\n" "\n" "Mimi\n" @@ -178,4 +178,4 @@ "> create mode 100644 security/integrity/ima/ima_digest_list.c\n" > -ef922b981ba8453972cd65546aa7ba37d84496ba83194a07377dda51ad837754 +c41fba0a2ff82bb41b5c90f7cd186d0e9376394464a6d0c0a6a4019b6149fb92
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.