On Wed, Sep 6, 2023 at 4:49 PM Ken Goldman wrote:
> On 9/1/2023 6:06 PM, Tushar Sugandhi wrote:
> > On 8/30/23 11:12, Ken Goldman wrote:
> >> On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
> >>> - A user-mode process will trigger the snapshot by opening a file in
> >>> SysFS
> >>>say
On Wed, Sep 6, 2023 at 4:21 PM Ken Goldman wrote:
> On 9/1/2023 5:20 PM, Tushar Sugandhi wrote:
> > On 8/30/23 11:06, Ken Goldman wrote:
> >> On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
> >>> In addition, a large IMA log can add pressure on the network
> >>> bandwidth when
> >>> the
On 9/1/2023 6:06 PM, Tushar Sugandhi wrote:
On 8/30/23 11:12, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
- A user-mode process will trigger the snapshot by opening a file in
SysFS
say /sys/kernel/security/ima/snapshot (referred to as
sysk_ima_snapshot_file
On 9/1/2023 5:20 PM, Tushar Sugandhi wrote:
Thanks a lot Ken for looking at the proposal, and sharing your thoughts.
On 8/30/23 11:06, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
In addition, a large IMA log can add pressure on the network
bandwidth when
the
On 9/1/2023 5:22 PM, Tushar Sugandhi wrote:
On 8/30/23 12:12, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
For remote attestation to work, the service will need to know how to
validate the snapshot_aggregate entry in the IMA log. It will have
to read the PCR values
xt version of the proposal.
References:
[1] Re: [RFC] IMA Log Snapshotting Design Proposal - Paul Moore
(kernel.org)
https://lore.kernel.org/linux-integrity/CAHC9VhQbnyd2nvmL-t=3kxppsm985ps+npj5qdvm1wss-hd...@mail.gmail.com/
[2] ima_extend_list_mutex
https://elixir.bootlin.com/linux/latest/sourc
On 8/30/23 12:12, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
For remote attestation to work, the service will need to know how to
validate the snapshot_aggregate entry in the IMA log. It will have
to read the PCR values present in the template data of
Thanks a lot Ken for looking at the proposal, and sharing your thoughts.
On 8/30/23 11:06, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
In addition, a large IMA log can add pressure on the network bandwidth
when
the attestation client sends it to
On Thu, Aug 31, 2023 at 12:47 PM Dr. Greg wrote:
> On Wed, Aug 30, 2023 at 07:22:27PM -0400, Paul Moore wrote:
> > On Wed, Aug 30, 2023 at 7:07???PM Mimi Zohar wrote:
> > > On Wed, 2023-08-30 at 18:23 -0400, Paul Moore wrote:
> > > > On Wed, Aug 30, 2023 at 6:21???PM Paul Moore
> > > > wrote:
On Wed, Aug 30, 2023 at 07:22:27PM -0400, Paul Moore wrote:
Good morning.
> On Wed, Aug 30, 2023 at 7:07???PM Mimi Zohar wrote:
> > On Wed, 2023-08-30 at 18:23 -0400, Paul Moore wrote:
> > > On Wed, Aug 30, 2023 at 6:21???PM Paul Moore wrote:
> > > > On Wed, Aug 30, 2023 at 5:50???PM Mimi
On Wed, Aug 30, 2023 at 03:12:39PM -0400, Ken Goldman wrote:
Good morning, I hope the day is going well for everyone.
> On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
>
> >For remote attestation to work, the service will need to know how to
> > validate the snapshot_aggregate entry in the IMA
On Thu, Aug 31, 2023 at 10:07 AM Mimi Zohar wrote:
> On Wed, 2023-08-30 at 19:22 -0400, Paul Moore wrote:
> > On Wed, Aug 30, 2023 at 7:07 PM Mimi Zohar wrote:
> > > On Wed, 2023-08-30 at 18:23 -0400, Paul Moore wrote:
> > > > On Wed, Aug 30, 2023 at 6:21 PM Paul Moore wrote:
> > > > > On Wed,
On Wed, 2023-08-30 at 19:22 -0400, Paul Moore wrote:
> On Wed, Aug 30, 2023 at 7:07 PM Mimi Zohar wrote:
> > On Wed, 2023-08-30 at 18:23 -0400, Paul Moore wrote:
> > > On Wed, Aug 30, 2023 at 6:21 PM Paul Moore wrote:
> > > > On Wed, Aug 30, 2023 at 5:50 PM Mimi Zohar wrote:
> > > > > On Wed,
On Wed, Aug 30, 2023 at 7:07 PM Mimi Zohar wrote:
> On Wed, 2023-08-30 at 18:23 -0400, Paul Moore wrote:
> > On Wed, Aug 30, 2023 at 6:21 PM Paul Moore wrote:
> > > On Wed, Aug 30, 2023 at 5:50 PM Mimi Zohar wrote:
> > > > On Wed, 2023-08-30 at 16:47 -0400, Paul Moore wrote:
> > > > > On Wed,
On Wed, 2023-08-30 at 18:23 -0400, Paul Moore wrote:
> On Wed, Aug 30, 2023 at 6:21 PM Paul Moore wrote:
> > On Wed, Aug 30, 2023 at 5:50 PM Mimi Zohar wrote:
> > > On Wed, 2023-08-30 at 16:47 -0400, Paul Moore wrote:
> > > > On Wed, Aug 30, 2023 at 4:25 PM Mimi Zohar wrote:
> > > > > Your
On Wed, Aug 30, 2023 at 6:21 PM Paul Moore wrote:
> On Wed, Aug 30, 2023 at 5:50 PM Mimi Zohar wrote:
> > On Wed, 2023-08-30 at 16:47 -0400, Paul Moore wrote:
> > > On Wed, Aug 30, 2023 at 4:25 PM Mimi Zohar wrote:
> > > > Your initial question was "what happens if the file/filesystem becomes
>
On Wed, Aug 30, 2023 at 5:50 PM Mimi Zohar wrote:
> On Wed, 2023-08-30 at 16:47 -0400, Paul Moore wrote:
> > On Wed, Aug 30, 2023 at 4:25 PM Mimi Zohar wrote:
> > > Your initial question was "what happens if the file/filesystem becomes
> > > inaccessible at some point and an attestation client
On Wed, 2023-08-30 at 16:47 -0400, Paul Moore wrote:
> On Wed, Aug 30, 2023 at 4:25 PM Mimi Zohar wrote:
> > Your initial question was "what happens if the file/filesystem becomes
> > inaccessible at some point and an attestation client attempts to read
> > the entire log?". For what reason
On Wed, Aug 30, 2023 at 4:25 PM Mimi Zohar wrote:
> Your initial question was "what happens if the file/filesystem becomes
> inaccessible at some point and an attestation client attempts to read
> the entire log?". For what reason would it be inaccessible? For the
> original single tmpfs file,
On Tue, 2023-08-29 at 19:15 -0400, Paul Moore wrote:
> On Tue, Aug 29, 2023 at 5:54 PM Mimi Zohar wrote:
> > On Tue, 2023-08-29 at 17:30 -0400, Paul Moore wrote:
> > > On Tue, Aug 29, 2023 at 5:05 PM Mimi Zohar wrote:
> > > > On Tue, 2023-08-29 at 15:34 -0400, Paul Moore wrote:
> > > > > On Mon,
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
For remote attestation to work, the service will need to know how to
validate the snapshot_aggregate entry in the IMA log. It will have
to read the PCR values present in the template data of
snapshot_aggregate event in the latest IMA log, and
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
- A user-mode process will trigger the snapshot by opening a file in SysFS
say /sys/kernel/security/ima/snapshot (referred to as
sysk_ima_snapshot_file
here onwards).
- The Kernel will get the current TPM PCR values and PCR update counter
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
In addition, a large IMA log can add pressure on the network bandwidth when
the attestation client sends it to remote-attestation-service.
I would not worry too much about network bandwidth.
1. Every solution eventually realizes that sending
On Tue, Aug 29, 2023 at 5:54 PM Mimi Zohar wrote:
> On Tue, 2023-08-29 at 17:30 -0400, Paul Moore wrote:
> > On Tue, Aug 29, 2023 at 5:05 PM Mimi Zohar wrote:
> > > On Tue, 2023-08-29 at 15:34 -0400, Paul Moore wrote:
> > > > On Mon, Aug 21, 2023 at 7:08 PM Mimi Zohar wrote:
> > > > > On Mon,
On Tue, 2023-08-29 at 17:30 -0400, Paul Moore wrote:
> On Tue, Aug 29, 2023 at 5:05 PM Mimi Zohar wrote:
> > On Tue, 2023-08-29 at 15:34 -0400, Paul Moore wrote:
> > > On Mon, Aug 21, 2023 at 7:08 PM Mimi Zohar wrote:
> > > > On Mon, 2023-08-21 at 15:05 -0700, Sush Shringarputale wrote:
> > > >
On Tue, Aug 29, 2023 at 5:05 PM Mimi Zohar wrote:
> On Tue, 2023-08-29 at 15:34 -0400, Paul Moore wrote:
> > On Mon, Aug 21, 2023 at 7:08 PM Mimi Zohar wrote:
> > > On Mon, 2023-08-21 at 15:05 -0700, Sush Shringarputale wrote:
> > > > On 8/14/2023 3:02 PM, Mimi Zohar wrote:
> > > > > On Mon,
On Tue, 2023-08-29 at 15:34 -0400, Paul Moore wrote:
> On Mon, Aug 21, 2023 at 7:08 PM Mimi Zohar wrote:
> > On Mon, 2023-08-21 at 15:05 -0700, Sush Shringarputale wrote:
> > > On 8/14/2023 3:02 PM, Mimi Zohar wrote:
> > > > On Mon, 2023-08-14 at 14:42 -0700, Sush Shringarputale wrote:
> > > >>>
On Mon, Aug 21, 2023 at 7:08 PM Mimi Zohar wrote:
> On Mon, 2023-08-21 at 15:05 -0700, Sush Shringarputale wrote:
> > On 8/14/2023 3:02 PM, Mimi Zohar wrote:
> > > On Mon, 2023-08-14 at 14:42 -0700, Sush Shringarputale wrote:
> > >>> This design seems overly complex and requires synchronization
On Mon, 2023-08-21 at 15:05 -0700, Sush Shringarputale wrote:
>
> On 8/14/2023 3:02 PM, Mimi Zohar wrote:
> > On Mon, 2023-08-14 at 14:42 -0700, Sush Shringarputale wrote:
> >>> This design seems overly complex and requires synchronization between
> >>> the "snapshot" record and exporting the
On 8/14/2023 3:02 PM, Mimi Zohar wrote:
On Mon, 2023-08-14 at 14:42 -0700, Sush Shringarputale wrote:
This design seems overly complex and requires synchronization between
the "snapshot" record and exporting the records from the measurement
list. None of this would be necessary if the
On Mon, 2023-08-14 at 14:42 -0700, Sush Shringarputale wrote:
> > This design seems overly complex and requires synchronization between
> > the "snapshot" record and exporting the records from the measurement
> > list. None of this would be necessary if the measurements were copied
> > from
Hello Mimi,
Thanks for your feedback on this.
On 8/11/2023 6:14 AM, Mimi Zohar wrote:
Hi Sush, Tushar,
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
| A. Problem Statement |
On 8/11/23 11:57, Tushar Sugandhi wrote:
[1]
https://patchwork.kernel.org/project/linux-integrity/cover/20230801181917.8535-1-tusha...@linux.microsoft.com/
The shards should will need to be written into some sort of standard location
or a config file needs to
be defined, so that
On 8/10/23 07:12, Stefan Berger wrote:
On 8/9/23 21:15, Tushar Sugandhi wrote:
Thanks a lot Stefan for looking into this proposal,
and providing your feedback. We really appreciate it.
On 8/7/23 15:49, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at
On 8/10/23 04:43, James Bottomley wrote:
On Wed, 2023-08-09 at 21:43 -0700, Tushar Sugandhi wrote:
On 8/8/23 14:41, James Bottomley wrote:
On Tue, 2023-08-08 at 16:09 -0400, Stefan Berger wrote:
[...]
at this point doesn't seem necessary since one presumably can
verify the log and PCR
Hi Sush, Tushar,
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
>
> | A. Problem Statement |
>
> Depending on the IMA policy, the IMA log can consume a lot of
On 8/9/23 21:15, Tushar Sugandhi wrote:
Thanks a lot Stefan for looking into this proposal,
and providing your feedback. We really appreciate it.
On 8/7/23 15:49, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
On Wed, 2023-08-09 at 21:43 -0700, Tushar Sugandhi wrote:
> On 8/8/23 14:41, James Bottomley wrote:
> > On Tue, 2023-08-08 at 16:09 -0400, Stefan Berger wrote:
[...]
> > > at this point doesn't seem necessary since one presumably can
> > > verify the log and PCR states at the end with the
On 8/8/23 14:41, James Bottomley wrote:
On Tue, 2023-08-08 at 16:09 -0400, Stefan Berger wrote:
On 8/8/23 14:26, James Bottomley wrote:
On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/8/23 11:26, James Bottomley wrote:
On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale
On 8/8/23 06:31, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not
hi James,
Thanks for addressing Stefan's concerns.
On 8/8/23 05:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory
Thanks a lot Stefan for looking into this proposal,
and providing your feedback. We really appreciate it.
On 8/7/23 15:49, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is
Thanks a lot James for looking at this proposal,
and sharing your thoughts. Really appreciate it.
On 8/1/23 14:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not feasible, since it makes
the log go out of
On Tue, 2023-08-08 at 16:09 -0400, Stefan Berger wrote:
>
>
> On 8/8/23 14:26, James Bottomley wrote:
> > On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
> > >
> > >
> > > On 8/8/23 08:35, James Bottomley wrote:
> > > > On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
> > > > >
On 8/8/23 14:26, James Bottomley wrote:
On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale
On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
>
>
> On 8/8/23 08:35, James Bottomley wrote:
> > On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
> > >
> > >
> > > On 8/1/23 17:21, James Bottomley wrote:
> > > > On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
> >
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not feasible, since it
makes the log go out
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
>
>
> On 8/1/23 17:21, James Bottomley wrote:
> > On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
> > [...]
> > > Truncating IMA log to reclaim memory is not feasible, since it
> > > makes the log go out of sync with the TPM
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not feasible, since it makes
the log go out of sync with the TPM PCR quote making remote
attestation fail.
This assumption isn't entirely
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
> Truncating IMA log to reclaim memory is not feasible, since it makes
> the log go out of sync with the TPM PCR quote making remote
> attestation fail.
This assumption isn't entirely true. It's perfectly possible to shard
an
| A. Problem Statement |
Depending on the IMA policy, the IMA log can consume a lot of Kernel
memory on
the device. For instance, the events for the following IMA policy
52 matches
Mail list logo