From: "Dr. Greg" <greg@enjellic.com>
To: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 02/13] Add TSEM specific documentation.
Date: Sun, 16 Jul 2023 19:36:54 -0500 [thread overview]
Message-ID: <20230717003654.GA3044@wind.enjellic.com> (raw)
In-Reply-To: <ab6ab3d2-d168-8c10-b7f5-94a669e212fc@infradead.org>
On Mon, Jul 10, 2023 at 09:37:10PM -0700, Randy Dunlap wrote:
> Hi--
Good morning, I hope the week is starting well for everyone.
> On 7/10/23 03:23, Dr. Greg wrote:
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 9e5bab29685f..0e6640a78936 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -6468,6 +6468,24 @@
> > with CPUID.16h support and partial CPUID.15h support.
> > Format: <unsigned int>
> >
> These 3 entries should be in alphabetical order: tsem_cache,
> tsem_digest, tsem_mode.
Now alphabetized.
> > + tsem_mode= [TSEM] Set the mode that the Trusted Security Event
> > + Modeling LSM is to run in.
> > + Format: 1
> > + 1 -- Disable root domain modeling.
> > +
> > + tsem_cache= [TSEM] Define the size of the caches used to hold
> > + pointers to structures that will be used to model
> > + security events occurring in the root modeling
> > + namespace that are called in atomic context.
> > + Format: <integer>
> > + Default: 96
> What unit? KB, MB, bytes, pages?
Our apologies, we obviously erred in the notion that referring to the
size of a cache of pointers would be understood to mean the number of
pointers.
We updated the documentation as follows:
tsem_cache= [TSEM] Define the size of the caches used to hold
pointers to structures that will be used to model
security events occurring in the root modeling
namespace that are called in atomic context. The
value is the size of the arrays of pointers to the
pre-allocated structures that will be maintained.
For example, a value of 16 means each array would
have 16 entries in it.
Format: <integer>
Default: 96
> > +
> > + tsem_digest= [TSEM] Define the cryptographic hash function that
> > + will be used to create security event coefficients
> > + for in the root modeling namespace.
> for in
> ?
That must have been an untoward effect of the single-malt.
The documentation has been updated to read as follows:
tsem_digest= [TSEM] Define the cryptographic hash function that
will be used to generate the security event
coefficients in the root modeling namespace.
Format: {name of the cryptographic hash function}
Default: sha256
> > + Format: {name of the cryptographic hash function}
> > + Default: sha256
>
> --
> ~Randy
Thank you for the review comments.
Have a good week.
As always,
Dr. Greg
The Quixote Project - Flailing at the Travails of Cybersecurity
next prev parent reply other threads:[~2023-07-17 0:37 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-10 10:23 [PATCH 00/13] Implement Trusted Security Event Modeling Dr. Greg
2023-07-10 10:23 ` [PATCH 01/13] Update MAINTAINERS file Dr. Greg
2023-07-10 20:00 ` Randy Dunlap
2023-07-15 22:45 ` Dr. Greg
2023-07-10 10:23 ` [PATCH 02/13] Add TSEM specific documentation Dr. Greg
2023-07-11 4:37 ` Randy Dunlap
2023-07-17 0:36 ` Dr. Greg [this message]
2023-07-17 1:56 ` Randy Dunlap
2023-08-08 18:48 ` Serge Hallyn
2023-08-11 20:22 ` Dr. Greg
2024-01-04 15:54 ` Paul Moore
2024-01-05 3:54 ` Dr. Greg
2024-01-04 4:00 ` [PATCH 2/13] " Paul Moore
2024-01-05 2:55 ` Dr. Greg
2024-01-08 11:43 ` Dr. Greg
2024-02-05 16:09 ` Paul Moore
2024-02-19 11:16 ` Dr. Greg
2023-07-10 10:23 ` [PATCH 03/13] Implement CAP_TRUST capability Dr. Greg
2023-08-07 20:21 ` Casey Schaufler
2023-08-15 10:19 ` Dr. Greg
2023-08-15 17:15 ` Casey Schaufler
2023-07-10 10:23 ` [PATCH 04/13] Add TSEM master header file Dr. Greg
2023-08-07 20:39 ` Casey Schaufler
2023-08-10 2:57 ` Dr. Greg
2023-08-10 15:03 ` Casey Schaufler
2023-07-10 10:23 ` [PATCH 05/13] Add primary TSEM implementation file Dr. Greg
2023-08-07 21:00 ` Casey Schaufler
2023-08-11 7:21 ` Dr. Greg
2023-07-10 10:23 ` [PATCH 06/13] Add root domain trust implementation Dr. Greg
2023-07-10 10:23 ` [PATCH 07/13] Implement TSEM control plane Dr. Greg
2023-07-10 10:23 ` [PATCH 08/13] Add namespace implementation Dr. Greg
2023-07-10 10:23 ` [PATCH 09/13] Add security event description export facility Dr. Greg
2023-07-10 10:23 ` [PATCH 10/13] Add event description implementation Dr. Greg
2023-07-10 10:23 ` [PATCH 11/13] Implement security event mapping Dr. Greg
2023-07-10 10:23 ` [PATCH 12/13] Implement an internal Trusted Modeling Agent Dr. Greg
2023-07-10 10:23 ` [PATCH 13/13] Activate the configuration and build of the TSEM LSM Dr. Greg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230717003654.GA3044@wind.enjellic.com \
--to=greg@enjellic.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rdunlap@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox