lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200910251917.52284.jcd@tribudubois.net>
Date:	Sun, 25 Oct 2009 20:17:51 +0200
From:	"Jean-Christophe Dubois" <jcd@...budubois.net>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	linux-kernel@...r.kernel.org, James Morris <jmorris@...ei.org>,
	David Safford <safford@...son.ibm.com>,
	Mimi Zohar <zohar@...ibm.com>
Subject: Re: [PATCH] ima: remove ACPI dependency

le mardi 20 octobre 2009 Mimi Zohar a écrit
> Remove ACPI dependency on systems without a TPM enabled.
>
> Reported-by: Jean-Christophe Dubois <jcd@...budubois.net>
> Signed-off-by: Mimi Zohar <zohar@...ibm.com>

This patch requires that another patch is first applied (as reported by Mimi in 
the attached email).

Tested on top of 2.6.30 and 2.6.31 on armv5 platform (versatilePB) with both 
patches applied.

Acked-by: Jean-Christophe Dubois <jcd@...budubois.net>

> ---
>  security/integrity/ima/Kconfig |   16 +++++++---------
>  1 files changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/security/integrity/ima/Kconfig
> b/security/integrity/ima/Kconfig index 53d9764..3ca39e7 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -2,14 +2,12 @@
>  #
>  config IMA
>  	bool "Integrity Measurement Architecture(IMA)"
> -	depends on ACPI
>  	select SECURITYFS
>  	select CRYPTO
>  	select CRYPTO_HMAC
>  	select CRYPTO_MD5
>  	select CRYPTO_SHA1
> -	select TCG_TPM
> -	select TCG_TIS
> +	select ACPI if TCG_TPM
>  	help
>  	  The Trusted Computing Group(TCG) runtime Integrity
>  	  Measurement Architecture(IMA) maintains a list of hash
> @@ -18,12 +16,12 @@ config IMA
>  	  to change the contents of an important system file
>  	  being measured, we can tell.
>
> -	  If your system has a TPM chip, then IMA also maintains
> -	  an aggregate integrity value over this list inside the
> -	  TPM hardware, so that the TPM can prove to a third party
> -	  whether or not critical system files have been modified.
> -	  Read <http://www.usenix.org/events/sec04/tech/sailer.html>
> -	  to learn more about IMA.
> +	  If your system has a TPM chip, and it is enabled, then
> +	  IMA also maintains an aggregate integrity value over
> +	  this list inside the TPM hardware, so that the TPM can
> +	  prove to a third party whether or not critical system
> +	  files have been modified. To learn more about IMA, read
> +	  <http://www.usenix.org/events/sec04/tech/sailer.html>
>  	  If unsure, say N.
>
>  config IMA_MEASURE_PCR_IDX



Download attachment "forwarded message" of type "message/rfc822" (5911 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ