On 15-05-21 09:39:50, Andy Lutomirski wrote:
>
> It's also a performance cost because the average user of this signature stuff
> doesn't actually want IMA, and IMA is checking the wrong think anyway.
> IMA/EVM tells us "this file validly belongs in /lib/modules/whatever
> according
> to whomever we trust for the filesystem". We want to check "is this data,
> regardless of where it was read from, a trusted module".
IMA-appraise does not care where the file comes from (although it may be
persuaded to) and verifies file's data and meta-data against a signature. I
guess you should actually read the code. :)
Petko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
