From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B503DEE49A0 for ; Mon, 21 Aug 2023 22:05:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:From:References:Cc:To:Subject: MIME-Version:Date:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=a7OChHEb1g4AkqDSLjZBRZANGpifjhBQoAx8BDGyskY=; b=mXr5bEeP1ze1gR zl4Sg8uCM483ncV58ea2aDyjWyOQPjjrj0iQVaM0R5q1ahAsR5qYfaKtjiCNGvi6yNM6mSV9IoGIM LvliQiprTvz+zQ0/rusS4Ww0rIAWVi+UMJ7LgVKxPVhVSgUzMYwod49TVsHv+/GlkZG5Abx3YtR7G JbcVOW/L+TrYZ0jg/icLXtL4cd1omRD71yrgZYjS31aaxQ/O1cbUW20oaZyFI7fVlZVRidBwbE6+R x7potKUlmrZLIKNArqBilSmgkQM3RlufXyzFcW+1yzHMukI9JDTAYsiPdmn2QV5DUcqm2E2K04RKC 0o7LdvoJ60FsLdpvPK2g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qYD1c-00ElAI-1U; Mon, 21 Aug 2023 22:05:28 +0000 Received: from linux.microsoft.com ([13.77.154.182]) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qYD1Y-00El9x-1k for kexec@lists.infradead.org; Mon, 21 Aug 2023 22:05:26 +0000 Received: from [10.137.114.52] (unknown [131.107.159.180]) by linux.microsoft.com (Postfix) with ESMTPSA id B1F992126CAD; Mon, 21 Aug 2023 15:05:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B1F992126CAD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1692655517; bh=27Gt5g39km05HA5Jc2OsnUkxm3ZtTJbBzolAHyq7W6E=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=WtMc/7fA+E88b/6c1PGfS2o3acsD8mvwk8oqoYIai5KwzJabvkzPWm8wbgfpKa4tp C2AAAViBNa+wg/cYNefMtzr2qSwwvLL9108tzOLmj8DwzAvEKcKIbOfMAURlJCP+++ yojGMn7V7ij3AOoQEmMDyT9CDu3/SR9QYZzJPAQw= Message-ID: <8bc0f024-fc12-cb32-7af0-e500948cc6db@linux.microsoft.com> Date: Mon, 21 Aug 2023 15:05:17 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 Subject: Re: [RFC] IMA Log Snapshotting Design Proposal Content-Language: en-US To: Mimi Zohar , linux-integrity@vger.kernel.org, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, kgold@linux.ibm.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com, kexec@lists.infradead.org, jmorris@namei.org, Paul Moore , serge@hallyn.com Cc: code@tyhicks.com, nramas@linux.microsoft.com, Tushar Sugandhi , linux-security-module@vger.kernel.org References: <277db5491460d5fd607785f2bcc733de39022a35.camel@linux.ibm.com> <0e1511e8819b24ab8a34a7b15821f06eff688f29.camel@linux.ibm.com> From: Sush Shringarputale In-Reply-To: <0e1511e8819b24ab8a34a7b15821f06eff688f29.camel@linux.ibm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230821_150524_644889_F49EC5CD X-CRM114-Status: GOOD ( 28.23 ) X-BeenThere: kexec@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "kexec" Errors-To: kexec-bounces+kexec=archiver.kernel.org@lists.infradead.org CgpPbiA4LzE0LzIwMjMgMzowMiBQTSwgTWltaSBab2hhciB3cm90ZToKPiBPbiBNb24sIDIwMjMt MDgtMTQgYXQgMTQ6NDIgLTA3MDAsIFN1c2ggU2hyaW5nYXJwdXRhbGUgd3JvdGU6Cj4+PiBUaGlz IGRlc2lnbiBzZWVtcyBvdmVybHkgY29tcGxleCBhbmQgcmVxdWlyZXMgc3luY2hyb25pemF0aW9u IGJldHdlZW4KPj4+IHRoZSAic25hcHNob3QiIHJlY29yZCBhbmQgZXhwb3J0aW5nIHRoZSByZWNv cmRzIGZyb20gdGhlIG1lYXN1cmVtZW50Cj4+PiBsaXN0LiAgTm9uZSBvZiB0aGlzIHdvdWxkIGJl IG5lY2Vzc2FyeSBpZiB0aGUgbWVhc3VyZW1lbnRzIHdlcmUgY29waWVkCj4+PiBmcm9tIGtlcm5l bCBtZW1vcnkgdG8gYSBiYWNraW5nIGZpbGUgKGUuZy4gdG1wZnMpLCBhcyBkZXNjcmliZWQgaW4g WzFdLgpFdmVuIGlmIHRoZSBLZXJuZWwgbWFpbnRhaW5zIHRoZSBsaW5rIGJldHdlZW4gYSB0bXBm cyBleHBvcnRlZCBhbmQgYW4KaW4tbWVtb3J5IElNQSBsb2cgLSBpdCBzdGlsbCBoYXMgdG8gY29w eSB0aGUgdG1wZnMgcG9ydGlvbiB0byB0aGUKS2VybmVsIG1lbW9yeSBkdXJpbmcga2V4ZWMgc29m dCBib290LsKgIHRtcGZzIGlzIGNsZWFyZWQgZHVyaW5nIGtleGVjLApzbyB0aGlzIGNvcHlpbmcg b2YgdG1wZnMgYmFjayB0byBrZXJuZWwgbWVtb3J5IGlzIG5lY2Vzc2FyeSB0byBwcmVzZXJ2ZQp0 aGUgaW50ZWdyaXR5IG9mIHRoZSBsb2cgZHVyaW5nIGtleGVjLsKgIEJ1dCB0aGUgY29weWluZyB3 b3VsZCBhZGQgYmFjawp0aGUgbWVtb3J5IHByZXNzdXJlIG9uIHRoZSBub2RlIGR1cmluZyBrZXhl YyAod2hpY2ggbWF5IHJlc3VsdCBpbgpvdXQtb2YtbWVtb3J5KSwgZGVmZWF0aW5nIHRoZSBwdXJw b3NlIG9mIHRoZSBvdmVyYWxsIGVmZm9ydC9mZWF0dXJlLgpDb3B5aW5nIHRvIGEgcmVndWxhciAq cGVyc2lzdGVudCogcHJvdGVjdGVkIGZpbGUgc2VlbXMgYSBjbGVhbmVyCmFwcHJvYWNoLCBjb21w YXJlZCB0byB0bXBmcy7CoCBXZSBwcm90b3R5cGVkIHRoaXMgc29sdXRpb24sIGhvd2V2ZXIgaXQK ZG9lcyBub3Qgc2VlbSB0byBiZSBhIGNvbW1vbiBwYXR0ZXJuIHdpdGhpbiB0aGUgS2VybmVsIHRv IHdyaXRlIHN0YXRlCmRpcmVjdGx5IHRvIGZpbGVzIG9uIGRpc2sgZmlsZSBzeXN0ZW1zLsKgIFdl IGNvbnNpZGVyZWQgdHdvIHBvdGVudGlhbApvcHRpb25zOgoKT3B0aW9uIChBKTogKFJFQ09NTUVO REVEKQogwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBMZXQgS2VybmVsIHdyaXRlIHRoZSBmaWxlIHVz aW5nIEtNIGZpbGUgQVBJcwotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLQogwqDCoMKgIFVzZSBLZXJuZWwgbW9kZSBmaWxlIEFQSXMgc3VjaCBhcyBfZmlsZV9vcGVu X3Jvb3RfLCBfdmZzX2xsc2Vla18sCiDCoMKgwqAgYW5kIF92ZnNfd3JpdGVfIHRvIHVzZSBhIHBl cnNpc3RlbnQgZmlsZSBvbiBkaXNrLsKgIFRoZXJlIGlzIG5vdAogwqDCoMKgIHN1ZmZpY2llbnQg cHJlY2VkZW50IGZvciB0aGlzIHBhdHRlcm4gaW4gdGhlIEtlcm5lbCBjdXJyZW50bHksIHNvCiDC oMKgwqAgd2UgbmVlZCBndWlkYW5jZSBmcm9tIGFyZWEgZXhwZXJ0cyBvbiB0aGUgYmVzdCBtZWNo YW5pc20gdG8KIMKgwqDCoCBpbXBsZW1lbnQgdGhpcy4KCiDCoMKgwqAgQXMgZm9yIHRoZSBsb2Nh dGlvbiBvZiB0aGUgZmlsZSwgd2Ugc3VnZ2VzdCBzZXR0aW5nIHRoaXMgaW4KIMKgwqDCoCBLQ29u ZmlnLiBUaGUgZmlsZSB3aWxsIGJlIGNyZWF0ZWQgYnkgdGhlIEtlcm5lbCwgc28gaXQgc2hvdWxk IGJlCiDCoMKgwqAgcHJvdGVjdGVkIGZyb20gVU0gYWNjZXNzLsKgIEFkZGl0aW9uYWxseSwgb24g YSBmdWxsIGJvb3QsIHRoZQogwqDCoMKgIGZpbGUgc2hvdWxkIGJlIGNsZWFyZWQgYnkgdGhlIEtl cm5lbC4KCiDCoCBQT1RFTlRJQUwgSVNTVUVTIEFORCBNSVRJR0FUSU9OUwogwqDCoMKgIC0gaGFu ZGxpbmcgSU8gZXJyb3JzIGZyb20gS00KCiDCoMKgwqDCoMKgIEEgcG90ZW50aWFsIG1pdGlnYXRp b24gZm9yIHRoaXMgaXMgdG8gcmV0cnkgdGhlIGZhaWxlZCB3cml0ZS4KIMKgwqDCoMKgwqAgVGhp cyBhc3N1bWVzIHRoYXQgdGhlIHZmc193cml0ZSBLZXJuZWwgbWV0aG9kIGNhbiBoYW5kbGUgYW55 CiDCoMKgwqDCoMKgIGZhaWx1cmVzIGdyYWNlZnVsbHkgd2l0aG91dCBjYXVzaW5nIGNyYXNoZXMu CgoKIMKgwqDCoCAtIHVzaW5nIGZpbGUgc3lzdGVtIHBhdGhzIHRvIHJlc29sdmUgdGhlIGZpbGUg ZnJvbSBLTQoKIMKgwqDCoMKgwqAgVXNpbmcgdGhlIGZpbGVfb3Blbl9yb290IHNlZW1zIHRvIHBy b3ZpZGUgc3VmZmljaWVudCByZXNpbGllbmN5CiDCoMKgwqDCoMKgIGFnYWluc3QgdGhpcy7CoCBU aGUgZmlsZSBjYW4gYmUgbG9jYXRlZCBhdCBhIHdlbGwga25vd24gbG9jYXRpb24KIMKgwqDCoMKg wqAgdG8gbWluaW1pemUgcG90ZW50aWFsIGNvbmNlcm5zLsKgIEhvd2V2ZXIsIGFueSBndWlkYW5j ZSBpbgogwqDCoMKgwqDCoCBtaW5pbWl6aW5nIHNxdWF0dGluZyByaXNrcyB3b3VsZCBiZSBncmVh dGx5IGFwcHJlY2lhdGVkLgoKIMKgwqDCoCAtIHRoZSBmaWxlIGNvdWxkIGJlIHRhbXBlcmVkIGJ5 IFVNCgogwqDCoMKgwqDCoCBUaGVyZSBuZWVkcyB0byBiZSBhIGxvY2sva2VybmVsLW9ubHktcGVy bWlzc2lvbiBvbiB0aGUgZmlsZQogwqDCoMKgwqDCoCBzbyB0aGF0IGEgVU0gcHJvY2VzcyBjYW5u b3QgdGFtcGVyIHdpdGggdGhlIGZpbGUuwqAgQSBkZXNjcmlwdGlvbgogwqDCoMKgwqDCoCBvbiBo b3cgdGhpcyBmaWxlIHdvdWxkIGJlIHByb3RlY3RlZCB3YXMgcHJvdmlkZWQgYXQgWzJdLgoKCk9w dGlvbiAoQik6IChOT1QgUkVDT01NRU5ERUQpCiDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIEhhbmQg b3ZlciB0aGUgZmlsZSB3cml0aW5nIHRvIFVNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tCiDCoMKgwqAgQWx0ZXJuYXRlbHksIFVNIGNvdWxkIHdyaXRlIHRoZSBm aWxlIGNvbnRlbnRzIGFuZCBkZWNpZGUgdGhlCiDCoMKgwqAgbG9jYXRpb24gb2YgdGhlIGZpbGUg b24gZGlzay7CoCBJZiB3ZSB3YW50IHRvIHByZXNlcnZlIHRoZSBLZXJuZWwKIMKgwqDCoCBiZWhh dmlvciBvZiByZW5kZXJpbmcgdGhlIElNQSBsb2cgYXMgYSBzaW5nbGUgbW9ub2xpdGhpYyBsb2cg b24KIMKgwqDCoCBjbGllbnQgKGFzIGFzY2lpL2JpbmFyeV9ydW50aW1lX21lYXN1cmVtZW50cyBm aWxlKSwgdGhlCiDCoMKgwqAgS2VybmVsIHdpbGwgaGF2ZSB0byByZWFkIGZyb20gYSBmaWxlIHdy aXR0ZW4gYnkgVU0gYW5kIGNvbWJpbmUgaXQKIMKgwqDCoCB3aXRoIHRoZSByZW1haW5pbmcgaW4t a2VybmVsLW1lbW9yeSBJTUEgbG9nIGV2ZW50cy4KCiDCoMKgwqAgVGhpcyBhcHByb2FjaCBvZiBh IEtlcm5lbCByZWFkaW5nIGZyb20gYSBVTSB3cml0dGVuIGZpbGUgYXMgYW4KIMKgwqDCoCBJTUEg bG9nIHZpb2xhdGVzIHRoZSBjYWxsIHN0YWNrLCBhbmQgdGh1cyBpdCBpcyBub3QgcmVjb21tZW5k ZWQuCgpJZiBVTSBpcyB0byBoYW5kbGUgd3JpdGluZyB0aGUgSU1BIGxvZyB0byBkaXNrLCB0aGUg S2VybmVsIGNhbm5vdCByZWFkCnRob3NlIHNuYXBzaG90dGVkIGV2ZW50cyBhZ2Fpbi7CoCBJbnRl Z3JpdHkgb2YgdGhlIElNQSBsb2cgY2FuIHN0aWxsIGJlCm1haW50YWluZWQgLSBhIHNvbHV0aW9u IGltcGxlbWVudGluZyB0aGlzIHdhcyBpbiB0aGUgb3JpZ2luYWwgcHJvcG9zYWwKd2Ugc3VibWl0 dGVkIFsxXS4KCldlIGFwcHJlY2lhdGUgdGhlIGNvbW11bml0eSdzIGZlZWRiYWNrIG9uIGhlbHBp bmcgbW9sZCB0aGlzIGZlYXR1cmUgdG8gYQpzdWl0YWJsZSBpbXBsZW1lbnRhdGlvbi4KClRoYW5r cywKU3VzaCBhbmQgVHVzaGFyLgoKClJlZmVyZW5jZXM6ClsxXQpodHRwczovL2xvcmUua2VybmVs Lm9yZy9saW51eC1pbnRlZ3JpdHkvYzU3MzcxNDEtNzgyNy0xYzgzLWFiMzgtMDExOWRjZmVhNDg1 QGxpbnV4Lm1pY3Jvc29mdC5jb20vIAoKClsyXQpodHRwczovL2xvcmUua2VybmVsLm9yZy9saW51 eC1pbnRlZ3JpdHkvQ0FPUTR1eGlCQUdLY28xQktneUxPTVk1NHJfQ2syam52ejhSQ0ZPREQtVjg3 Q0dxTEV3QG1haWwuZ21haWwuY29tLyAKCj4+Pgo+Pj4gV2hhdCBpcyB0aGUgcmVhbCBwcm9ibGVt IC0ga2VybmVsIG1lbW9yeSBwcmVzc3VyZSwgbWVtb3J5IHByZXNzdXJlIGluCj4+PiBnZW5lcmFs LCBvciBkaXNrIHNwYWNlPyAgSXMgdGhlIGludGVudGlvbiB0byByZW1vdmUgb3Igb2ZmbG9hZCB0 aGUKPj4+IGV4cG9ydGVkIG1lYXN1cmVtZW50cz8KPj4gVGhlIG1haW4gY29uY2VybiBpcyB0aGUg bWVtb3J5IHByZXNzdXJlIG9uIGJvdGggdGhlIGtlcm5lbCBhbmQgdGhlCj4+IGF0dGVzdGF0aW9u IGNsaWVudAo+PiB3aGVuIGl0IHNlbmRzIHRoZSByZXF1ZXN0LiAgVGhlIGNvbmNlcm4geW91IGJy aW5nIHVwIGlzIHZhbGlkIGFuZCB3ZSBhcmUKPj4gd29ya2luZyBvbgo+PiBjcmVhdGluZyBhIHBy b3RvdHlwZS4gIFRoZXJlIGlzIG5vIGludGVudGlvbiB0byByZW1vdmUgdGhlIGV4cG9ydGVkCj4+ IG1lYXN1cmVtZW50cy4KPiBHbGFkIHRvIGhlYXIgdGhhdCB5b3UncmUgbm90IGludGVuZGluZyB0 byByZW1vdmUgdGhlIGV4cG9ydGVkCj4gbWVhc3VyZW1lbnRzLgo+Cj4gRGVmaW5pbmcgYW5kIGlu Y2x1ZGluZyBhIG5ldyByZWNvcmQgaW4gdGhlIG1lYXN1cmVtZW50IGxpc3QgbWVhc3VyZW1lbnQK PiBpcyBmaW5lLCBpZiBpdCBoZWxwcyB3aXRoIGF0dGVzdGF0aW9uIGFuZCBkb2Vzbid0IHJlcXVp cmUgcGF1c2luZyB0aGUKPiBtZWFzdXJlbWVudHMuCj4KCgpfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXwprZXhlYyBtYWlsaW5nIGxpc3QKa2V4ZWNAbGlzdHMu aW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZv L2tleGVjCg==