diff for duplicates of <1520899605.4522.67.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index c5ed00d..92df970 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -14,24 +14,24 @@ On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote: > > > kernel or initialized before IMA. > > > > > > From Dave Safford: -> > > For the TCG chain of trust to have any meaning, all files +> > > ????For the TCG chain of trust to have any meaning, all files > > > have to -> > > be measured and extended into the TPM before they are +> > > ????be measured and extended into the TPM before they are > > > accessed. > > > If -> > > the TPM driver is loaded after any unmeasured file, the chain +> > > ????the TPM driver is loaded after any unmeasured file, the chain > > > is -> > > broken, and IMA is useless for any use case or any threat +> > > ????broken, and IMA is useless for any use case or any threat > > > model. > > -> > I don't think this is quite the correct characterisation. In +> > I don't think this is quite the correct characterisation. ?In > > principle the kernel could also touch the files before IMA is -> > loaded. However, we know from the way the kernel operates that it -> > doesn't. We basically trust that the kernel measurement tells us -> > this. The same thing can be made to apply to the initrd. +> > loaded. ?However, we know from the way the kernel operates that it +> > doesn't. ?We basically trust that the kernel measurement tells us +> > this. ?The same thing can be made to apply to the initrd. > > With the builtin "tcb" policy, IMA-measurement is enabled from the -> very beginning. Afterwards, the system can transition to a custom +> very beginning. ?Afterwards, the system can transition to a custom > policy based on finer grain LSM labels, which aren't available on > boot. > @@ -44,7 +44,12 @@ On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote: > accessed in the TCB. The initrd *is* part of the Trusted Computing Base because it's part of -the boot custody chain. That's really my point. If I don't know +the boot custody chain. ?That's really my point. ?If I don't know what's in my initrd, I've broken the chain there and IMA can't fix it. James + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index b26a850..1d177a5 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -10,21 +10,10 @@ "ref\01520891598.3547.190.camel@linux.vnet.ibm.com\0" "ref\01520893847.4522.62.camel@HansenPartnership.com\0" "ref\01520897400.3547.253.camel@linux.vnet.ibm.com\0" - "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" - "Subject\0Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64\0" + "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" + "Subject\0[PATCH] security: Fix IMA Kconfig for dependencies on ARM64\0" "Date\0Mon, 12 Mar 2018 17:06:45 -0700\0" - "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>" - Jiandi An <anjiandi@codeaurora.org> - " Jason Gunthorpe <jgg@ziepe.ca>\0" - "Cc\0dmitry.kasatkin@gmail.com" - jmorris@namei.org - serge@hallyn.com - linux-integrity@vger.kernel.org - linux-ima-devel@lists.sourceforge.net - linux-ima-user@lists.sourceforge.net - linux-security-module@vger.kernel.org - linux-kernel@vger.kernel.org - " David Safford <david.safford@ge.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote:\n" @@ -43,24 +32,24 @@ "> > > kernel or initialized before IMA.\n" "> > > \n" "> > > From Dave Safford:\n" - "> > > For the TCG chain of trust to have any meaning, all files\n" + "> > > ????For the TCG chain of trust to have any meaning, all files\n" "> > > have to\n" - "> > > be measured and extended into the TPM before they are\n" + "> > > ????be measured and extended into the TPM before they are\n" "> > > accessed.\n" "> > > If\n" - "> > > the TPM driver is loaded after any unmeasured file, the chain\n" + "> > > ????the TPM driver is loaded after any unmeasured file, the chain\n" "> > > is\n" - "> > > broken, and IMA is useless for any use case or any threat\n" + "> > > ????broken, and IMA is useless for any use case or any threat\n" "> > > model.\n" "> > \n" - "> > I don't think this is quite the correct characterisation. In\n" + "> > I don't think this is quite the correct characterisation. ?In\n" "> > principle the kernel could also touch the files before IMA is\n" - "> > loaded. However, we know from the way the kernel operates that it\n" - "> > doesn't. We basically trust that the kernel measurement tells us\n" - "> > this. The same thing can be made to apply to the initrd.\n" + "> > loaded. ?However, we know from the way the kernel operates that it\n" + "> > doesn't. ?We basically trust that the kernel measurement tells us\n" + "> > this. ?The same thing can be made to apply to the initrd.\n" "> \n" "> With the builtin \"tcb\" policy, IMA-measurement is enabled from the\n" - "> very beginning. Afterwards, the system can transition to a custom\n" + "> very beginning. ?Afterwards, the system can transition to a custom\n" "> policy based on finer grain LSM labels, which aren't available on\n" "> boot.\n" "> \n" @@ -73,9 +62,14 @@ "> accessed in the TCB.\n" "\n" "The initrd *is* part of the Trusted Computing Base because it's part of\n" - "the boot custody chain. That's really my point. If I don't know\n" + "the boot custody chain. ?That's really my point. ?If I don't know\n" "what's in my initrd, I've broken the chain there and IMA can't fix it.\n" "\n" - James + "James\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -3fcf869cbba1e0e05d276f06f63a6a6539b55513e8a6d6b72665286c4a460715 +bd19d71ea83f13419bf416482a27c5a9110b2cb11b16cc59ea1582a0ae060b7f
diff --git a/a/1.txt b/N2/1.txt index c5ed00d..5936e50 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -14,24 +14,24 @@ On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote: > > > kernel or initialized before IMA. > > > > > > From Dave Safford: -> > > For the TCG chain of trust to have any meaning, all files +> > > For the TCG chain of trust to have any meaning, all files > > > have to -> > > be measured and extended into the TPM before they are +> > > be measured and extended into the TPM before they are > > > accessed. > > > If -> > > the TPM driver is loaded after any unmeasured file, the chain +> > > the TPM driver is loaded after any unmeasured file, the chain > > > is -> > > broken, and IMA is useless for any use case or any threat +> > > broken, and IMA is useless for any use case or any threat > > > model. > > -> > I don't think this is quite the correct characterisation. In +> > I don't think this is quite the correct characterisation. In > > principle the kernel could also touch the files before IMA is -> > loaded. However, we know from the way the kernel operates that it -> > doesn't. We basically trust that the kernel measurement tells us -> > this. The same thing can be made to apply to the initrd. +> > loaded. However, we know from the way the kernel operates that it +> > doesn't. We basically trust that the kernel measurement tells us +> > this. The same thing can be made to apply to the initrd. > > With the builtin "tcb" policy, IMA-measurement is enabled from the -> very beginning. Afterwards, the system can transition to a custom +> very beginning. Afterwards, the system can transition to a custom > policy based on finer grain LSM labels, which aren't available on > boot. > @@ -44,7 +44,7 @@ On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote: > accessed in the TCB. The initrd *is* part of the Trusted Computing Base because it's part of -the boot custody chain. That's really my point. If I don't know +the boot custody chain. That's really my point. If I don't know what's in my initrd, I've broken the chain there and IMA can't fix it. James diff --git a/a/content_digest b/N2/content_digest index b26a850..e094cb3 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -43,24 +43,24 @@ "> > > kernel or initialized before IMA.\n" "> > > \n" "> > > From Dave Safford:\n" - "> > > For the TCG chain of trust to have any meaning, all files\n" + "> > > \302\240\302\240\302\240\302\240For the TCG chain of trust to have any meaning, all files\n" "> > > have to\n" - "> > > be measured and extended into the TPM before they are\n" + "> > > \302\240\302\240\302\240\302\240be measured and extended into the TPM before they are\n" "> > > accessed.\n" "> > > If\n" - "> > > the TPM driver is loaded after any unmeasured file, the chain\n" + "> > > \302\240\302\240\302\240\302\240the TPM driver is loaded after any unmeasured file, the chain\n" "> > > is\n" - "> > > broken, and IMA is useless for any use case or any threat\n" + "> > > \302\240\302\240\302\240\302\240broken, and IMA is useless for any use case or any threat\n" "> > > model.\n" "> > \n" - "> > I don't think this is quite the correct characterisation. In\n" + "> > I don't think this is quite the correct characterisation. \302\240In\n" "> > principle the kernel could also touch the files before IMA is\n" - "> > loaded. However, we know from the way the kernel operates that it\n" - "> > doesn't. We basically trust that the kernel measurement tells us\n" - "> > this. The same thing can be made to apply to the initrd.\n" + "> > loaded. \302\240However, we know from the way the kernel operates that it\n" + "> > doesn't. \302\240We basically trust that the kernel measurement tells us\n" + "> > this. \302\240The same thing can be made to apply to the initrd.\n" "> \n" "> With the builtin \"tcb\" policy, IMA-measurement is enabled from the\n" - "> very beginning. Afterwards, the system can transition to a custom\n" + "> very beginning. \302\240Afterwards, the system can transition to a custom\n" "> policy based on finer grain LSM labels, which aren't available on\n" "> boot.\n" "> \n" @@ -73,9 +73,9 @@ "> accessed in the TCB.\n" "\n" "The initrd *is* part of the Trusted Computing Base because it's part of\n" - "the boot custody chain. That's really my point. If I don't know\n" + "the boot custody chain. \302\240That's really my point. \302\240If I don't know\n" "what's in my initrd, I've broken the chain there and IMA can't fix it.\n" "\n" James -3fcf869cbba1e0e05d276f06f63a6a6539b55513e8a6d6b72665286c4a460715 +41a5d1a07c55cbea20faa3371d5399f8279c998eda9351d9a6f9c26403e52fa2
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.