Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache

[PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 02/15] module: Introduce ksys_finit_module() · Roberto Sassu <hidden> · 2024-11-19
Re: [PATCH v6 02/15] module: Introduce ksys_finit_module() · Christoph Hellwig <hch@lst.de> · 2024-11-19
Re: [PATCH v6 02/15] module: Introduce ksys_finit_module() · Roberto Sassu <hidden> · 2024-11-19
Re: [PATCH v6 02/15] module: Introduce ksys_finit_module() · Luis Chamberlain <mcgrof@kernel.org> · 2024-11-19
Re: [PATCH v6 02/15] module: Introduce ksys_finit_module() · Roberto Sassu <hidden> · 2024-11-20
Re: [PATCH v6 02/15] module: Introduce ksys_finit_module() · Roberto Sassu <hidden> · 2024-11-20
Re: [PATCH v6 02/15] module: Introduce ksys_finit_module() · Luis Chamberlain <mcgrof@kernel.org> · 2024-11-25
Re: [PATCH v6 02/15] module: Introduce ksys_finit_module() · Roberto Sassu <hidden> · 2024-11-26
[PATCH v6 03/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 04/15] digest_cache: Initialize digest caches · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 05/15] digest_cache: Add securityfs interface · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 06/15] digest_cache: Add hash tables and operations · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Roberto Sassu <hidden> · 2024-11-19
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Randy Dunlap <hidden> · 2024-11-19
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Roberto Sassu <hidden> · 2024-11-19
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Luis Chamberlain <mcgrof@kernel.org> · 2024-11-25
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Roberto Sassu <hidden> · 2024-11-26
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Luis Chamberlain <mcgrof@kernel.org> · 2024-11-26
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Roberto Sassu <hidden> · 2024-11-27
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Luis Chamberlain <mcgrof@kernel.org> · 2024-11-27
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Roberto Sassu <hidden> · 2024-11-28
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Luis Chamberlain <mcgrof@kernel.org> · 2024-11-28
Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers · Roberto Sassu <hidden> · 2024-11-29
[PATCH v6 08/15] digest_cache: Parse tlv digest lists · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 09/15] digest_cache: Populate the digest cache from a digest list · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 10/15] digest_cache: Add management of verification data · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 11/15] digest_cache: Add support for directories · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 12/15] digest cache: Prefetch digest lists if requested · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 13/15] digest_cache: Reset digest cache on file/directory change · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 14/15] selftests/digest_cache: Add selftests for the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 15/15] docs: Add documentation of the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-11-19
[PATCH v6 01/15] lib: Add TLV parser · Roberto Sassu <hidden> · 2024-11-19
Re: [PATCH v6 01/15] lib: Add TLV parser · Randy Dunlap <hidden> · 2024-11-19
Re: [PATCH v6 01/15] lib: Add TLV parser · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-21
Re: [PATCH v6 01/15] lib: Add TLV parser · Roberto Sassu <hidden> · 2025-01-21
Re: [PATCH v6 01/15] lib: Add TLV parser · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-21
Re: [PATCH v6 01/15] lib: Add TLV parser · Roberto Sassu <hidden> · 2025-01-21
Re: [PATCH v6 01/15] lib: Add TLV parser · Roberto Sassu <hidden> · 2025-01-21
Re: [PATCH v6 01/15] lib: Add TLV parser · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-21
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Luis Chamberlain <mcgrof@kernel.org> · 2024-11-19
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Eric Snowberg <eric.snowberg@oracle.com> · 2024-11-26
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-11-26
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Eric Snowberg <eric.snowberg@oracle.com> · 2024-12-03
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-12-04
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Eric Snowberg <eric.snowberg@oracle.com> · 2024-12-05
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-12-05
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-12-05
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Eric Snowberg <eric.snowberg@oracle.com> · 2024-12-05
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-12-06
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Eric Snowberg <eric.snowberg@oracle.com> · 2024-12-06
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-12-06
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Dr. Greg <hidden> · 2024-11-27
Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache · Roberto Sassu <hidden> · 2024-11-27

From: Eric Snowberg <eric.snowberg@oracle.com>
Date: 2024-11-26 00:14:46
Also in: linux-doc, linux-integrity, linux-kselftest, linux-modules, linux-security-module, lkml

On Nov 19, 2024, at 3:49 AM, Roberto Sassu [off-list ref] wrote:

From: Roberto Sassu <roberto.sassu@huawei.com>

The Integrity Digest Cache can also help IMA for appraisal. IMA can simply
lookup the calculated digest of an accessed file in the list of digests
extracted from package headers, after verifying the header signature. It is
sufficient to verify only one signature for all files in the package, as
opposed to verifying a signature for each file.

Is there a way to maintain integrity over time?  Today if a CVE is discovered 
in a signed program, the program hash can be added to the blacklist keyring. 
Later if IMA appraisal is used, the signature validation will fail just for that 
program.  With the Integrity Digest Cache, is there a way to do this?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help