Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752126AbbESQ36 (ORCPT ); Tue, 19 May 2015 12:29:58 -0400 Received: from lan.nucleusys.com ([92.247.61.126]:41613 "EHLO zztop.nucleusys.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750909AbbESQ3z (ORCPT ); Tue, 19 May 2015 12:29:55 -0400 Date: Tue, 19 May 2015 18:53:55 +0300 From: Petko Manolov To: Mimi Zohar Cc: Andy Lutomirski , David Howells , Andy Lutomirski , Linus Torvalds , Michal Marek , David Woodhouse , Abelardo Ricart III , Linux Kernel Mailing List , Sedat Dilek , keyrings@linux-nfs.org, Rusty Russell , LSM List , Borislav Petkov , Jiri Kosina Subject: Re: Should we automatically generate a module signing key at all? Message-ID: <20150519155355.GB7549@localhost> Mail-Followup-To: Mimi Zohar , Andy Lutomirski , David Howells , Andy Lutomirski , Linus Torvalds , Michal Marek , David Woodhouse , Abelardo Ricart III , Linux Kernel Mailing List , Sedat Dilek , keyrings@linux-nfs.org, Rusty Russell , LSM List , Borislav Petkov , Jiri Kosina References: <31154.1431965087@warthog.procyon.org.uk> <555A88FB.7000809@kernel.org> <29742.1432025631@warthog.procyon.org.uk> <1432049869.4510.119.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1432049869.4510.119.camel@linux.vnet.ibm.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Score: -1.0 (-) X-Spam-Report: Spam detection software, running on the system "zztop.nucleusys.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On 15-05-19 11:37:49, Mimi Zohar wrote: > On Tue, 2015-05-19 at 07:36 -0700, Andy Lutomirski wrote: > > > > What integrity stuff? IIRC dm-verity doesn't use asymmetric crypto at > > all. IMA probably does, though. > > IMA can appraise file integrity based on either hashes or signatures. > The difference being that In addition to file integrity, signatures > provides file provenance. Going forward we'd like to see software come > with the associated file signatures. [...] Content analysis details: (-1.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 844 Lines: 22 On 15-05-19 11:37:49, Mimi Zohar wrote: > On Tue, 2015-05-19 at 07:36 -0700, Andy Lutomirski wrote: > > > > What integrity stuff? IIRC dm-verity doesn't use asymmetric crypto at > > all. IMA probably does, though. > > IMA can appraise file integrity based on either hashes or signatures. > The difference being that In addition to file integrity, signatures > provides file provenance. Going forward we'd like to see software come > with the associated file signatures. I second this one. There's plenty of situations where integrity isn't enough and authenticity is needed. cheers, Petko -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/