[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2541abb8-68b5-4e6a-b309-a001ecdfbea1@huaweicloud.com>
Date: Sun, 15 Sep 2024 19:52:13 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: Herbert Xu <herbert@...dor.apana.org.au>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: dhowells@...hat.com, dwmw2@...radead.org, davem@...emloft.net,
linux-kernel@...r.kernel.org, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, zohar@...ux.ibm.com,
linux-integrity@...r.kernel.org, roberto.sassu@...wei.com,
linux-security-module@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>
Subject: Re: [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures
On 9/15/2024 11:31 AM, Herbert Xu wrote:
> On Sun, Sep 15, 2024 at 05:15:25PM +0800, Herbert Xu wrote:
>>
>> Roberto, correct me if I'm wrong but your intended use case is
>> the following patch series, right?
>
> Actually the meat of the changes is in the following series:
>
> https://lore.kernel.org/linux-integrity/20240905150543.3766895-1-roberto.sassu@huaweicloud.com/
Yes, correct. The idea is to verify the authenticity of RPM headers,
extract the file digests from them, and use those file digests as
reference values for integrity checking of files accessed by user space
processes.
If the calculated digest of a file being accessed matches one extracted
from the RPM header, access is granted otherwise it is denied.
Roberto
Powered by blists - more mailing lists