From: "Vantler Fan (范益)" <fanyi@ieisystem.com>
To: "openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>
Cc: "stefanb@linux.ibm.com" <stefanb@linux.ibm.com>
Subject: 答复: Consultation on the invalidation of OpenBMC IMA/EVM function
Date: Mon, 6 Jan 2025 06:25:39 +0000 [thread overview]
Message-ID: <facece932ace4336adab3a211ae13617@ieisystem.com> (raw)
In-Reply-To: <92D9D801-5FB2-4F74-87FD-196389F10B1D@linux.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 1935 bytes --]
Thanks everyone‘s help a lot. After that email, I tried more methods, It can work now but can't load key from filesystem.
Here are my modifications:
Add these cfg in ima.cfg:
CONFIG_TMPFS_XATTR=y
CONFIG_SQUASHFS_XATTR=y # these two cfgs can find in https://gerrit.openbmc.org/c/openbmc/openbmc/+/66419/20
CONFIG_IMA_APPRAISE=y # I need appraise func
CONFIG_IMA_LOAD_X509=y # with this cfg, kernel will load x509 keys at init
CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" # default is /etc/keys/x509_ima.der, but my test will show an error log "integrity: Unable to open file: /etc/keys/x509_ima.der (-2)", so I use this cfg to test other path
Hope these can be helpful. I will try more to solve this problem.
Best wishes for you
-----邮件原件-----
发件人: Adriana Kobylak [mailto:anoo@linux.ibm.com]
发送时间: 2025年1月4日 5:34
收件人: Vantler Fan (范益) <fanyi@ieisystem.com>
抄送: openbmc@lists.ozlabs.org; Stefan Berger <stefanb@linux.ibm.com>; patrick@stwcx.xyz
主题: Re: Consultation on the invalidation of OpenBMC IMA/EVM function
At IBM, we're picking up Stefan's work this year to get the series merged and enable IMA on the p10bmc system (AST2600-based). Feel free to follow the updates on the series (there should be patch updates in the next few weeks), and/or try the series out on your platform.
> On Dec 20, 2024, at 9:43 AM, Patrick Williams <patrick@stwcx.xyz> wrote:
>
> On Thu, Dec 19, 2024 at 07:52:55AM +0000, Vantler Fan (范益) wrote:
>>
>> I have a problem with IMA/EVM func of OpenBMC. I enabled IMA
>> function, but it doesn't seem to work.
>
> I don't know of anyone actively using IMA on OpenBMC.
>
> Stefan Berger @ IBM was working on a commit sequence at one point but
> I haven't see much activity there.
>
> https://gerrit.openbmc.org/c/openbmc/openbmc/+/74136/2
>
> --
> Patrick Williams
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 3855 bytes --]
next prev parent reply other threads:[~2025-01-06 22:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-19 7:52 Consultation on the invalidation of OpenBMC IMA/EVM function Vantler Fan (范益)
2024-12-20 15:43 ` Patrick Williams
2025-01-03 21:34 ` Adriana Kobylak
2025-01-06 6:25 ` Vantler Fan (范益) [this message]
2025-01-06 14:27 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=facece932ace4336adab3a211ae13617@ieisystem.com \
--to=fanyi@ieisystem.com \
--cc=openbmc@lists.ozlabs.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.