diff for duplicates of <1520896782.3547.245.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 9ae2a96..420c476 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -4,8 +4,8 @@ On Mon, 2018-03-12 at 17:05 -0600, Jason Gunthorpe wrote: > > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > > > > > Using Kconfig to force the TPM to be builtin is not required, but -> > > > helpful. Users interested in IMA-measurement could configure the TPM -> > > > as builtin themselves. Without the TPM builtin, IMA goes into TPM- +> > > > helpful. ?Users interested in IMA-measurement could configure the TPM +> > > > as builtin themselves. ?Without the TPM builtin, IMA goes into TPM- > > > > bypass mode. > > > > > > This issues, broadly speaking, we have lots of TPM drivers, selecting @@ -13,16 +13,21 @@ On Mon, 2018-03-12 at 17:05 -0600, Jason Gunthorpe wrote: > > > here. > > > > True, IMA is not selecting the older TPM vendor specific modules, but -> > only the newer TPM_TIS and now TPM_CRB modules. That doesn't imply -> > that IMA only supports some TPMs. It means that by default, these -> > TPMs are builtin. Anyone building a kernel, can select the vendor +> > only the newer TPM_TIS and now TPM_CRB modules. ?That doesn't imply +> > that IMA only supports some TPMs. ?It means that by default, these +> > TPMs are builtin. ?Anyone building a kernel, can select the vendor > > specific TPM to be builtin. > > That doesn't help distros, which is the main point of the complaint > with this scheme :) Years ago because of faulty TPM drivers, IMA was disabled in one of -the main distro's. Deciding which vendor specific TPMs should be +the main distro's. ?Deciding which vendor specific TPMs should be builtin, is a discussion between the distro's and TPM vendors. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 6c61ce9..b5c200e 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -9,21 +9,10 @@ "ref\020180312215957.GI24717@ziepe.ca\0" "ref\01520895525.3547.226.camel@linux.vnet.ibm.com\0" "ref\020180312230501.GJ24717@ziepe.ca\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH] security: Fix IMA Kconfig for dependencies on ARM64\0" "Date\0Mon, 12 Mar 2018 19:19:42 -0400\0" - "To\0Jason Gunthorpe <jgg@ziepe.ca>\0" - "Cc\0James Bottomley <James.Bottomley@hansenpartnership.com>" - Jiandi An <anjiandi@codeaurora.org> - dmitry.kasatkin@gmail.com - jmorris@namei.org - serge@hallyn.com - linux-integrity@vger.kernel.org - linux-ima-devel@lists.sourceforge.net - linux-ima-user@lists.sourceforge.net - linux-security-module@vger.kernel.org - linux-kernel@vger.kernel.org - " David Safford <david.safford@ge.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2018-03-12 at 17:05 -0600, Jason Gunthorpe wrote:\n" @@ -32,8 +21,8 @@ "> > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote:\n" "> > > \n" "> > > > Using Kconfig to force the TPM to be builtin is not required, but\n" - "> > > > helpful. Users interested in IMA-measurement could configure the TPM\n" - "> > > > as builtin themselves. Without the TPM builtin, IMA goes into TPM-\n" + "> > > > helpful. ?Users interested in IMA-measurement could configure the TPM\n" + "> > > > as builtin themselves. ?Without the TPM builtin, IMA goes into TPM-\n" "> > > > bypass mode.\n" "> > > \n" "> > > This issues, broadly speaking, we have lots of TPM drivers, selecting\n" @@ -41,18 +30,23 @@ "> > > here.\n" "> > \n" "> > True, IMA is not selecting the older TPM vendor specific modules, but\n" - "> > only the newer TPM_TIS and now TPM_CRB modules. That doesn't imply\n" - "> > that IMA only supports some TPMs. It means that by default, these\n" - "> > TPMs are builtin. Anyone building a kernel, can select the vendor\n" + "> > only the newer TPM_TIS and now TPM_CRB modules. ?That doesn't imply\n" + "> > that IMA only supports some TPMs. ?It means that by default, these\n" + "> > TPMs are builtin. ?Anyone building a kernel, can select the vendor\n" "> > specific TPM to be builtin.\n" "> \n" "> That doesn't help distros, which is the main point of the complaint\n" "> with this scheme :)\n" "\n" "Years ago because of faulty TPM drivers, IMA was disabled in one of\n" - "the main distro's. Deciding which vendor specific TPMs should be\n" + "the main distro's. ?Deciding which vendor specific TPMs should be\n" "builtin, is a discussion between the distro's and TPM vendors.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -1ced457ab239ca911e59752e1ce5328115983199713f0e76630667fa57cb4c5e +7d83d721577585fbc1b3b137c3dec28080d5488886e7fa10e8e0422570dbe205
diff --git a/a/1.txt b/N2/1.txt index 9ae2a96..188bc10 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -4,8 +4,8 @@ On Mon, 2018-03-12 at 17:05 -0600, Jason Gunthorpe wrote: > > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > > > > > Using Kconfig to force the TPM to be builtin is not required, but -> > > > helpful. Users interested in IMA-measurement could configure the TPM -> > > > as builtin themselves. Without the TPM builtin, IMA goes into TPM- +> > > > helpful. Users interested in IMA-measurement could configure the TPM +> > > > as builtin themselves. Without the TPM builtin, IMA goes into TPM- > > > > bypass mode. > > > > > > This issues, broadly speaking, we have lots of TPM drivers, selecting @@ -13,16 +13,16 @@ On Mon, 2018-03-12 at 17:05 -0600, Jason Gunthorpe wrote: > > > here. > > > > True, IMA is not selecting the older TPM vendor specific modules, but -> > only the newer TPM_TIS and now TPM_CRB modules. That doesn't imply -> > that IMA only supports some TPMs. It means that by default, these -> > TPMs are builtin. Anyone building a kernel, can select the vendor +> > only the newer TPM_TIS and now TPM_CRB modules. That doesn't imply +> > that IMA only supports some TPMs. It means that by default, these +> > TPMs are builtin. Anyone building a kernel, can select the vendor > > specific TPM to be builtin. > > That doesn't help distros, which is the main point of the complaint > with this scheme :) Years ago because of faulty TPM drivers, IMA was disabled in one of -the main distro's. Deciding which vendor specific TPMs should be +the main distro's. Deciding which vendor specific TPMs should be builtin, is a discussion between the distro's and TPM vendors. Mimi diff --git a/a/content_digest b/N2/content_digest index 6c61ce9..0a04ad5 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -32,8 +32,8 @@ "> > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote:\n" "> > > \n" "> > > > Using Kconfig to force the TPM to be builtin is not required, but\n" - "> > > > helpful. Users interested in IMA-measurement could configure the TPM\n" - "> > > > as builtin themselves. Without the TPM builtin, IMA goes into TPM-\n" + "> > > > helpful. \302\240Users interested in IMA-measurement could configure the TPM\n" + "> > > > as builtin themselves. \302\240Without the TPM builtin, IMA goes into TPM-\n" "> > > > bypass mode.\n" "> > > \n" "> > > This issues, broadly speaking, we have lots of TPM drivers, selecting\n" @@ -41,18 +41,18 @@ "> > > here.\n" "> > \n" "> > True, IMA is not selecting the older TPM vendor specific modules, but\n" - "> > only the newer TPM_TIS and now TPM_CRB modules. That doesn't imply\n" - "> > that IMA only supports some TPMs. It means that by default, these\n" - "> > TPMs are builtin. Anyone building a kernel, can select the vendor\n" + "> > only the newer TPM_TIS and now TPM_CRB modules. \302\240That doesn't imply\n" + "> > that IMA only supports some TPMs. \302\240It means that by default, these\n" + "> > TPMs are builtin. \302\240Anyone building a kernel, can select the vendor\n" "> > specific TPM to be builtin.\n" "> \n" "> That doesn't help distros, which is the main point of the complaint\n" "> with this scheme :)\n" "\n" "Years ago because of faulty TPM drivers, IMA was disabled in one of\n" - "the main distro's. Deciding which vendor specific TPMs should be\n" + "the main distro's. \302\240Deciding which vendor specific TPMs should be\n" "builtin, is a discussion between the distro's and TPM vendors.\n" "\n" Mimi -1ced457ab239ca911e59752e1ce5328115983199713f0e76630667fa57cb4c5e +e7e6bf020a5fd4b6830376593d6f4410f6e8bed831a699d825dbc966becf221a
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.