Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3955557ybl; Tue, 21 Jan 2020 10:05:24 -0800 (PST) X-Google-Smtp-Source: APXvYqxkna2SMdMPmasZY2s+sL5T2Dub1+QSKIdjm/XlBBmL/gQKRxLbkQPa8yb3G/JnLKvyTYWS X-Received: by 2002:a05:6830:1402:: with SMTP id v2mr4585696otp.12.1579629924744; Tue, 21 Jan 2020 10:05:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579629924; cv=none; d=google.com; s=arc-20160816; b=sG96ZXvGzOO6dn0MBUCh06CJiHyPsEuqYSm8q+lrdc0gTx1mRfWWorWmm9Cgl9HQE6 BwTOncyH4Fiuo6ex6WqDdh3nDpD5+YKjFxE4IQW/DI5HhdqmV1EFXQIiNz0i4SLBD8bs 8Q47Iw2aORNRUeW278KObDEvf2vJiGPmCJg9PyRrPFpGtPYhmgxcUOW7VFgktEobM2o5 kZcImVLFU5QZ3z5zG02ftAL/ljfju45fUhd5+qi+LX4qrl6f1drmPoEzxJVYSprDEADn SEunhYpwKBaaHygL3PzmSX8E2vg5a34r6urVE7j9XGfdv30nlYmpQ7K/kUcuGX/rnzBf /09A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=rEbmD/ZAcgYTqg5lv22gHg3BuIS3XcVwAuyZ8ZucRnY=; b=rW1Vn5hTJ43M/IbrDkxNpK9n2tXvTGLBqPtYLwUCB05mFT1GWgl1ia4kJPTH+miSBn NLzYW6cL2beOpDBmA2ZrX/jx3nApKidv1ePmdykVSUpAnAQ/rFAaoKEYEDoQHGCCayiZ YXQnHmT+9I34A0AYtRSUGGcN6VCgOg/RkYQ0kIRg3bau3wH7K1eqvJKvlw88+IOnId0f B33EICtNVBWHWk8LAg28jPlv+y6AX09Nxv8vVlGpi63BvT7g4jnqUxFNBMJ20g9LFhdg 1KX/B3EAaNYlatANmvsudP2JNHKQlgvIgGvO3YA4rEBaw4QLcy9XTUYDO8/EF88/+1BH SGLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=Ke+o3F8J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9si20258801oiy.81.2020.01.21.10.05.06; Tue, 21 Jan 2020 10:05:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=Ke+o3F8J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729346AbgAUSA5 (ORCPT + 99 others); Tue, 21 Jan 2020 13:00:57 -0500 Received: from linux.microsoft.com ([13.77.154.182]:39816 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729080AbgAUSA4 (ORCPT ); Tue, 21 Jan 2020 13:00:56 -0500 Received: from [10.137.112.108] (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id F394D20B4798; Tue, 21 Jan 2020 10:00:55 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com F394D20B4798 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1579629656; bh=rEbmD/ZAcgYTqg5lv22gHg3BuIS3XcVwAuyZ8ZucRnY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Ke+o3F8JNJKUXLW8G/r7NY15sJb0k8OJM9cH1u8tH7ydq01p/8XTMiTadGcYv3rUa 2tbdZzpRJxsThyHa+kheNH82qgi/wgWn1w7/aohJqryUVu5MVMUM9kjGPsgrFHMe7z RQPun7nIlFwFKrJQhM6JNZT4TNq9OUZ0rfkEO2Vk= Subject: Re: [PATCH] IMA: Turn IMA_MEASURE_ASYMMETRIC_KEYS off by default To: James Bottomley , zohar@linux.ibm.com, linux-integrity@vger.kernel.org Cc: sashal@kernel.org, linux-kernel@vger.kernel.org References: <20200121171302.4935-1-nramas@linux.microsoft.com> <1579628090.3390.28.camel@HansenPartnership.com> From: Lakshmi Ramasubramanian Message-ID: <47a0ef08-3142-3e7c-a136-784767ba8370@linux.microsoft.com> Date: Tue, 21 Jan 2020 10:00:51 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <1579628090.3390.28.camel@HansenPartnership.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/21/20 9:34 AM, James Bottomley wrote: > What exactly do you expect distributions to do with this? I can tell > you that most of them will take the default option, so this gets set to > N and you may as well not have got the patches upstream because you > won't be able to use them in any distro with this setting. I agree - distros that are not sure or don't care about key measurement are anyway not going to choose this option. Only those that really care will opt in. My goal is to not burden the vast majority of the users with this additional overhead if they don't need it - particularly, small systems such as embedded devices, etc. > > Well, no they can't ... it's rather rare nowadays for people to build > their own kernels. The vast majority of Linux consumers take what the > distros give them. Think carefully before you decide a config option > is the solution to this problem. > > James > If you have suggestions for how I can handle it in a different way (other than config option), I'll be happy to try it out. thanks, -lakshmi