Received: by 10.223.185.111 with SMTP id b44csp547850wrg; Fri, 9 Mar 2018 09:12:57 -0800 (PST) X-Google-Smtp-Source: AG47ELvrs9cKZd0sgQfVzeaGsCD2BWgNTESiMJpiufTlMb81t97/mkHLLLGXZJVvcTaUXz2TBIRf X-Received: by 2002:a17:902:56c:: with SMTP id 99-v6mr28274084plf.53.1520615577441; Fri, 09 Mar 2018 09:12:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520615577; cv=none; d=google.com; s=arc-20160816; b=i77OFWjFYNofORmY10HJX6yRpbuLtVgHoLB4MlZYliag4dDjY6AsG1ClyrljXNngLf sQgqcbrW0+qsUx6Fx9fqYDG6jYXVz+i3lRPfDzzJDfSEgTxZhvruwxBz5isDBvCjIoHW jTAp6IbOAdw1lHNaXg8cgmlFiobo3GQoM4q0lqjZyj1eOluYA2cnlc6ef+RD90ibpsvi PuyVTT2nnAs1545vQo2enopwAwfRzRPqTTh+9IURkGaPpSgrACz/U7x245Oy+oVBNgWU KeF9hlMTYsH0WASQ6kRsNAj8nlsTdp9a45w80xIERdnscd3qROhyPLTmnXE2gDEXBNVr UQuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:arc-authentication-results; bh=FPgHEksJ5mDG+DxtPd3gWEVGn+J8dfjHWrunFkXGLUs=; b=v6zDzEkYYoXqSxUTwbA0AzA8h5oV/s+1woWuVWPSSmURQv6FeM3SlkFST5o7m6c3N/ HtFloDPHaCc+t0QtrWBygngLzJQQbmjhHe8X1ELwSLuQt8GH3T7LmfoK6OMD2C+oiBo9 TjYBatZTf+/22b3KCEEFK1FriV0aVxcftmplI3EM104nm1K4TVdTE/Wk8fbbJxms/YJl KlhAF1TfJ1kkj2iqnVPk9Kbeoo6WERfFxPot0rQkvVO1Edap3z6OG1F+y0Q5AJ8Iy/gy X1gFajUh/ukLSwiku+UicwIYmOHfSAVh0UFTesxhnRJoZre3A3Hm5Njz9kngqW9Ljg8G nzKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=xRuqgOe4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 34-v6si1156971plp.252.2018.03.09.09.12.43; Fri, 09 Mar 2018 09:12:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=xRuqgOe4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932234AbeCIRLF (ORCPT + 99 others); Fri, 9 Mar 2018 12:11:05 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:38820 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932070AbeCIRLD (ORCPT ); Fri, 9 Mar 2018 12:11:03 -0500 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 5F7758EE180; Fri, 9 Mar 2018 09:11:02 -0800 (PST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbJJKF-U3UZh; Fri, 9 Mar 2018 09:11:02 -0800 (PST) Received: from [153.66.254.194] (unknown [50.35.65.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 9D8C38EE0C7; Fri, 9 Mar 2018 09:11:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1520615462; bh=FPgHEksJ5mDG+DxtPd3gWEVGn+J8dfjHWrunFkXGLUs=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=xRuqgOe4SnymlHyHlpo1vqGXl+E9azx5GQ6QnPTqNH/4sDcZOJx4RQIy+FznqnVHl Qj2reLg0SVa40QLVRlmG2A5Mepn5lBBiR8Rngd4ykvfozEXTc+TrD8YaGwwwbZj5pR YcMhFjvn67O7M2ASFWtt6zTi6C9wL5TsLoexiLKE= Message-ID: <1520615461.12216.6.camel@HansenPartnership.com> Subject: Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64 From: James Bottomley To: Jiandi An , Mimi Zohar , Jason Gunthorpe Cc: dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, linux-integrity@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-ima-user@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Date: Fri, 09 Mar 2018 09:11:01 -0800 In-Reply-To: <191cfd49-0c66-a5ef-3d2b-b6c4132aa294@codeaurora.org> References: <1520400386-17674-1-git-send-email-anjiandi@codeaurora.org> <20180307185132.GA30102@ziepe.ca> <1520448953.10396.565.camel@linux.vnet.ibm.com> <1520449719.5558.28.camel@HansenPartnership.com> <1520450495.10396.587.camel@linux.vnet.ibm.com> <1520451662.24314.5.camel@HansenPartnership.com> <1520461156.10396.654.camel@linux.vnet.ibm.com> <191cfd49-0c66-a5ef-3d2b-b6c4132aa294@codeaurora.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: [...] > I'm no expert on IMA and its driver.  James, will you be kind enough > to look into overhauling the IMA driver to not measure until after  > initrd phase if that's the consensus on resolving this? I'll add it to my todo list. Since my TPM 2.0 test environment is a VM with a tpm that has a network connection to an emulator on my host, it's impossible to set it up so that it's built in (because you need the network config before you init the TPM) so I might accelerate if I suddenly need to debug IMA issues in this configuration. James