[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <64710fe1db1432ca8857ec83fff4809ab1550137.camel@kernel.org>
Date: Mon, 14 Oct 2024 15:34:02 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Mimi Zohar <zohar@...ux.ibm.com>, Roberto Sassu
<roberto.sassu@...weicloud.com>, linux-integrity@...r.kernel.org
Cc: James.Bottomley@...senPartnership.com, roberto.sassu@...wei.com,
mapengyu@...il.com, David Howells <dhowells@...hat.com>, Paul Moore
<paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn"
<serge@...lyn.com>, Peter Huewe <peterhuewe@....de>, Jason Gunthorpe
<jgg@...pe.ca>, keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 0/5] Lazy flush for the auth session
On Mon, 2024-10-14 at 07:45 -0400, Mimi Zohar wrote:
> > > For server/IMA use case I'll add a boot parameter it can be
> > > either on or off by default, I will state that in the commit
> > > message and we'll go from there.
>
> Sounds good.
But only after this patch set lands. I gave this a thought and since
this patch set is specifically for a specific Bugzilla bug that it
closes, I have no interest to increase its scope.
>
> >
> > Up until legit fixes are place distributors can easily disable
> > the feature. It would be worse if TCG_TPM2_HMAC did not exist.
> >
> > So I think it is better to focus on doing right things right,
> > since the feature itself is useful objectively, and make sure
> > that those fixes bring the wanted results.
>
> Are you backtracking on having a boot parameter here specifically to
> turn on/off
> HMAC encryption for IMA?
I'm not really sure yet but obviously any change goes through review.
Also fastest route is to send your own RFC's to IMA specific issue.
For me it will take some time (post this patch set).
>
> Mimi
>
>
BR, Jarkko
BR, Jarkko
Powered by blists - more mailing lists