Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp869746yba; Wed, 15 May 2019 11:20:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqw9fUejecuYiGHkJ7HShub1vnNFqiWoYX6Ol/d0thQSexQCdHwLDSAjf4yCRDOk+s1H0nK2 X-Received: by 2002:a65:60ca:: with SMTP id r10mr45472983pgv.64.1557944438686; Wed, 15 May 2019 11:20:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557944438; cv=none; d=google.com; s=arc-20160816; b=es78/iWDcs2WgU+ttO7KNH0rENJxF9AQDc/vVIKkH+kCml0d8l1YBn6rtZxM7acoG6 eD8b76Szx6oJsjgoUxR0rA78n7c68rvMLxFSrdyr3DkSLPhRk8PwsI6wERwFcQzn0C71 qczC3oD3g6BDF1H1lkB3DxTNE8GK/H3KnBdEtDGVu8eeJz4lTydm7oJ+gh9JqwzS7N4w EdHWX+vAarm4PMH509O1FvwtJ/B+OCt+0Y/6CDiYlfNNYFSxMW/Si3kt5oIR4wCQ4l4n YeVJGp41mKHYs8+5gMkL/lqnd9UaCWLLbvE5lo7EZMD/K4xVMolJamwBvMEIP0AuAjNY pWJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=zc3UYK2cWcIlFnISzErFywKQCacYuVW7qlx8ZCgbPc8=; b=Hj6HqBPjUI/KvL/85zNXq3OrATDMnVOMKOh6CJ/vgd6NMHiykkcNDbu1bbVJz2zkvu LrBoeOXSlpsqjyGNhi39VZloxvhrPpzSOhbeP/7pt7QBy5Q8goVfjpJsfC3COe8oDJ+5 Lhyl7AGey5X4NnregcSbfWGfGA2mRH2VxBlSaQe2K94FLwj4PCZy5TDe0PCndnZOAehN 9xTlt9G+36FucFoyFwi7WwhomBiR2VdlaEyi3vHRP6gDM2R0G3YQ2dYpXfGzFvM2qc8F YCZyXKgvJyh1p/etPNGbn2zccq7GLna12WOaiIZi8CGCkPb0Cn2x3D8bwrbMpku8tDmj kL6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w189si2608688pgd.534.2019.05.15.11.20.22; Wed, 15 May 2019 11:20:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726599AbfEOSRy (ORCPT + 99 others); Wed, 15 May 2019 14:17:54 -0400 Received: from linux.microsoft.com ([13.77.154.182]:53904 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726159AbfEOSRx (ORCPT ); Wed, 15 May 2019 14:17:53 -0400 Received: from [10.200.157.26] (unknown [131.107.147.154]) by linux.microsoft.com (Postfix) with ESMTPSA id BFCF120110B7; Wed, 15 May 2019 11:17:52 -0700 (PDT) Subject: Re: [PATCH 0/2] public key: IMA signer logging: Log public key of IMA Signature signer in IMA log To: Mimi Zohar , Linux Integrity , David Howells , James Morris , Linux Kernel Cc: Balaji Balasubramanyan , Prakhar Srivastava References: <6b69f115-96cf-890a-c92b-0b2b05798357@linux.microsoft.com> <1557854992.4139.69.camel@linux.ibm.com> From: Lakshmi Message-ID: <715a9b39-0cde-1ce0-2d01-68d4fc0f5333@linux.microsoft.com> Date: Wed, 15 May 2019 11:17:52 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <1557854992.4139.69.camel@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mimi, I would like to make sure I understood your feedback. > > Why duplicate the certificate info on each record in the measurement > list?  Why not add the certificate info once, as the key is loaded > onto the .ima and .platform keyrings? > > Mimi > key_create_or_update function in security/keys/key.c is called to add\update a key to a keyring. Are you suggesting that an IMA function be called from here to add the certificate info to the IMA log? Our requirement is that the key information is available in the IMA log which is TPM backed. Thanks, -lakshmi