From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751785AbcBWM2m (ORCPT ); Tue, 23 Feb 2016 07:28:42 -0500 Received: from e28smtp09.in.ibm.com ([125.16.236.9]:58247 "EHLO e28smtp09.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751359AbcBWM2Z (ORCPT ); Tue, 23 Feb 2016 07:28:25 -0500 X-IBM-Helo: d28relay03.in.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org;keyrings@vger.kernel.org Message-ID: <1456230480.4799.45.camel@linux.vnet.ibm.com> Subject: Re: [PATCH 0/8] X.509: Software public key subtype changes From: Mimi Zohar To: David Howells Cc: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, tadeusz.struk@intel.com Date: Tue, 23 Feb 2016 07:28:00 -0500 In-Reply-To: <10100.1456222613@warthog.procyon.org.uk> References: <1456185807.4448.91.camel@linux.vnet.ibm.com> <1456167445.3167.42.camel@linux.vnet.ibm.com> <20160219171806.17223.91381.stgit@warthog.procyon.org.uk> <1634.1456180145@warthog.procyon.org.uk> <10100.1456222613@warthog.procyon.org.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable x-cbid: 16022312-0041-0000-0000-0000007A1869 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2016-02-23 at 10:16 +0000, David Howells wrote: > Mimi Zohar wrote: > > > To measure and appraise just the kexec initramfs, define a policy > > containing: > > Doesn't this require a TPM? For appraising file signatures, a TPM is definitely not required! Even in the case of making sure that the file measurements are being taken, a TPM is not required. For purposes of testing changes to the asymmetric keys or the key subsystem in general, a TPM is not required. The TPM is needed for quoting PCRs. When a TPM is available, IMA, in addition to adding the file measurements to the run time measurement list, extends a TPM PCR with the file measurements. A trusted third party, can then validate the measurement list against the PCR quote. The real question is which files need to be measured and appraised in order to either prevent or, at least, to be able to detect a system compromise. But for your use case scenario, of making sure that changes to the asymmetric keys or the key subsystem in general has not broken IMA, measuring and appraising a single file should be enough. Mimi