Re: [PATCH v2 0/6] Appended signatures support for IMA appraisal

[PATCH v2 0/6] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2017-06-08
[PATCH v2 1/6] integrity: Small code improvements · Thiago Jung Bauermann <hidden> · 2017-06-08
Re: [PATCH v2 1/6] integrity: Small code improvements · Mimi Zohar <hidden> · 2017-06-15
[PATCH v2 2/6] ima: Simplify policy_func_show. · Thiago Jung Bauermann <hidden> · 2017-06-08
Re: [PATCH v2 2/6] ima: Simplify policy_func_show. · Mimi Zohar <hidden> · 2017-06-15
[PATCH v2 4/6] integrity: Introduce struct evm_hmac_xattr · Thiago Jung Bauermann <hidden> · 2017-06-08
[PATCH v2 3/6] ima: Log the same audit cause whenever a file has no signature · Thiago Jung Bauermann <hidden> · 2017-06-08
Re: [PATCH v2 3/6] ima: Log the same audit cause whenever a file has no signature · Mimi Zohar <hidden> · 2017-06-15
[PATCH v2 5/6] MODSIGN: Export module signature definitions. · Thiago Jung Bauermann <hidden> · 2017-06-08
[PATCH v2 6/6] ima: Support module-style appended signatures for appraisal · Thiago Jung Bauermann <hidden> · 2017-06-08
Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal · Mimi Zohar <hidden> · 2017-06-14
Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal · Thiago Jung Bauermann <hidden> · 2017-06-21
Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal · Mimi Zohar <hidden> · 2017-06-22
Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal · Thiago Jung Bauermann <hidden> · 2017-07-05
Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal · Mimi Zohar <hidden> · 2017-07-05
Re: [PATCH v2 0/6] Appended signatures support for IMA appraisal · Michael Ellerman <mpe@ellerman.id.au> · 2017-06-09
Re: [PATCH v2 0/6] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2017-06-09
Re: [PATCH v2 0/6] Appended signatures support for IMA appraisal · Michael Ellerman <mpe@ellerman.id.au> · 2017-06-13

From: Thiago Jung Bauermann <hidden>
Date: 2017-06-09 21:19:56
Also in: keyrings, linux-security-module, linuxppc-dev, lkml

Michael Ellerman [off-list ref] writes:

Thiago Jung Bauermann [off-list ref] writes:

quoted

On the OpenPOWER platform, secure boot and trusted boot are being
implemented using IMA for taking measurements and verifying signatures.

I still want you to implement arch_kexec_kernel_verify_sig() as well :)

Yes, I will implement it! We are still working on loading the public
keys for kernel signing from the firmware into a kernel keyring, so
there's not much point in implementing arch_kexec_kernel_verify_sig
without having that first.

The same problem also affects IMA: even with these patches, new code
still neededs to be added to make IMA use the platform keys for kernel
signature verification.

-- 
Thiago Jung Bauermann
IBM Linux Technology Center

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help