On 2/5/2024 3:10 PM, Paul Moore wrote:
On Mon, Feb 5, 2024 at 6:01 PM Fan Wu wrote:
On 2/3/2024 2:25 PM, Paul Moore wrote:
On Jan 30, 2024 Fan Wu wrote:
As is typical with LSMs, IPE uses securityfs as its interface with
userspace. for a complete list of the interfaces and the respective
On 2/3/2024 2:25 PM, Paul Moore wrote:
On Jan 30, 2024 Fan Wu wrote:
Allows author of IPE policy to indicate trust for a singular dm-verity
volume, identified by roothash, through "dmverity_roothash" and all
signed dm-verity volumes, through "dmverity_signature".
Signed-off-by: Deven
On Mon, Feb 5, 2024 at 6:01 PM Fan Wu wrote:
> On 2/3/2024 2:25 PM, Paul Moore wrote:
> > On Jan 30, 2024 Fan Wu wrote:
> >>
> >> As is typical with LSMs, IPE uses securityfs as its interface with
> >> userspace. for a complete list of the interfaces and the respective
> >> inputs/outputs,
On 2/3/2024 2:25 PM, Paul Moore wrote:
On Jan 30, 2024 Fan Wu wrote:
As is typical with LSMs, IPE uses securityfs as its interface with
userspace. for a complete list of the interfaces and the respective
inputs/outputs, please see the documentation under
admin-guide/LSM/ipe.rst
On 2/3/2024 2:25 PM, Paul Moore wrote:
On Jan 30, 2024 Fan Wu wrote:
IPE is designed to provide system level trust guarantees, this usually
implies that trust starts from bootup with a hardware root of trust,
which validates the bootloader. After this, the bootloader verifies
the kernel
On 2/3/2024 2:25 PM, Paul Moore wrote:
On Jan 30, 2024 Fan Wu wrote:
This patch introduces a new hook to notify security system that the
content of initramfs has been unpacked into the rootfs.
Upon receiving this notification, the security system can activate
a policy to allow only files