lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Dec 2014 22:06:20 -0500 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: David Lang <david@...g.hm> Cc: Rob Landley <rob@...dley.net>, Christophe Fillot <cf@....fr>, linux-ima-user@...ts.sourceforge.net, linux-security-module <linux-security-module@...r.kernel.org>, linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: [Linux-ima-user] Initramfs and IMA Appraisal On Mon, 2014-12-29 at 18:25 -0800, David Lang wrote: > On Mon, 29 Dec 2014, Mimi Zohar wrote: > > > Thanks Rob for the explanation. The problem is that ramfs does not > > support extended attributes, while tmpfs does. The boot loader could > > "measure" (trusted boot) the initramfs, but as the initramfs is > > generated on the target system, the initramfs is not signed, preventing > > it from being appraised (secure Boot). To close the initramfs integrity > > appraisal gap requires verifying the individual initramfs file > > signatures, which are stored as extended attributes. > > what's the point of checking the files on the filesystem against signatures > stored on the same filesystem? If someone could alter the file contents they can > alter the signatures as well. It's all about limiting which public keys can be used to verify the file signatures. As of 3.17, only keys signed by a "trusted" key on the system keyring may be added to the IMA keyring. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists