Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-23 Thread Mimi Zohar
On Tue, 2016-02-23 at 10:16 +, David Howells wrote: > Mimi Zohar wrote: > > > To measure and appraise just the kexec initramfs, define a policy > > containing: > > Doesn't this require a TPM? For appraising file signatures, a TPM is definitely not required! Even

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-23 Thread Mimi Zohar
On Tue, 2016-02-23 at 10:16 +, David Howells wrote: > Mimi Zohar wrote: > > > To measure and appraise just the kexec initramfs, define a policy > > containing: > > Doesn't this require a TPM? For appraising file signatures, a TPM is definitely not required! Even in the case of making

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-23 Thread David Howells
Mimi Zohar wrote: > To measure and appraise just the kexec initramfs, define a policy > containing: Doesn't this require a TPM? David

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-23 Thread David Howells
Mimi Zohar wrote: > To measure and appraise just the kexec initramfs, define a policy > containing: Doesn't this require a TPM? David

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread Mimi Zohar
On Mon, 2016-02-22 at 22:29 +, David Howells wrote: > Mimi Zohar wrote: > > > > (1) - (3) These are Tadeusz's RSA akcipher conversion. > > > > Up to here, IMA-appraisal works properly. > > I don't have IMA set up anywhere. I know. With the "vfs: support for a

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread Mimi Zohar
On Mon, 2016-02-22 at 22:29 +, David Howells wrote: > Mimi Zohar wrote: > > > > (1) - (3) These are Tadeusz's RSA akcipher conversion. > > > > Up to here, IMA-appraisal works properly. > > I don't have IMA set up anywhere. I know. With the "vfs: support for a common kernel file loader"

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread David Howells
Mimi Zohar wrote: > > (1) - (3) These are Tadeusz's RSA akcipher conversion. > > Up to here, IMA-appraisal works properly. I don't have IMA set up anywhere. David

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread David Howells
Mimi Zohar wrote: > > (1) - (3) These are Tadeusz's RSA akcipher conversion. > > Up to here, IMA-appraisal works properly. I don't have IMA set up anywhere. David

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread Tadeusz Struk
On 02/19/2016 09:18 AM, David Howells wrote: > > Here's a set of patches that cleans up the public key handling in the > asymmetric key functions: > > (1) - (3) These are Tadeusz's RSA akcipher conversion. Thanks for taking this David. > > (4) This removes all knowledge of RSA from the

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread Tadeusz Struk
On 02/19/2016 09:18 AM, David Howells wrote: > > Here's a set of patches that cleans up the public key handling in the > asymmetric key functions: > > (1) - (3) These are Tadeusz's RSA akcipher conversion. Thanks for taking this David. > > (4) This removes all knowledge of RSA from the

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread Mimi Zohar
On Fri, 2016-02-19 at 17:18 +, David Howells wrote: > Here's a set of patches that cleans up the public key handling in the > asymmetric key functions: > > (1) - (3) These are Tadeusz's RSA akcipher conversion. Up to here, IMA-appraisal works properly. Mimi > (4) This removes all

Re: [PATCH 0/8] X.509: Software public key subtype changes

2016-02-22 Thread Mimi Zohar
On Fri, 2016-02-19 at 17:18 +, David Howells wrote: > Here's a set of patches that cleans up the public key handling in the > asymmetric key functions: > > (1) - (3) These are Tadeusz's RSA akcipher conversion. Up to here, IMA-appraisal works properly. Mimi > (4) This removes all