Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752628Ab0FDGxY (ORCPT ); Fri, 4 Jun 2010 02:53:24 -0400 Received: from mail-pv0-f174.google.com ([74.125.83.174]:63427 "EHLO mail-pv0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752147Ab0FDGxH convert rfc822-to-8bit (ORCPT ); Fri, 4 Jun 2010 02:53:07 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=pSKFn/3hWvoy6s+ZYT0uao3pVA9f9zGAefjoifnDipNNjKLMXbjo+pTyVgnbLhX8iS 2Ssb5RanWFBAtyr+w/EEc+g+b9V7G0WQXZW5alRy4MH6v4BY2TvSN+bLZcsBvC5WbQRw RvZZUp+0l07O6pDi1o2DXl6A9tQnJ4l/8v4u0= MIME-Version: 1.0 In-Reply-To: <1275487340.3068.74.camel@localhost.localdomain> References: <1271886594-3719-1-git-send-email-zohar@linux.vnet.ibm.com> <1275420536.28134.37.camel@localhost.localdomain> <4C060224.4090601@nokia.com> <4C062092.2030608@nokia.com> <1275487340.3068.74.camel@localhost.localdomain> Date: Fri, 4 Jun 2010 11:53:06 +0500 Message-ID: Subject: Re: [PATCH 00/14] EVM From: Shaz To: Mimi Zohar Cc: Dmitry Kasatkin , James Morris , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , David Safford , Dave Hansen , Arjan van de Ven , securityengineeringresearchgroup Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 855 Lines: 21 > Yes, verifying one file containing the hashes would be faster than > verifying individual hashes stored as extended attributes (xattrs), but > this does not take into account that files on a running system are being > modified or added. On a small form factor, the number of files is > limited, but would this scale well? In addition, what protects that one > file containing all the hashes from being modified? ?So, if you limit How about sealing to protect this file? > the types of files to those that don't change, and the number of file > hashes, then using a single file would be faster. -- Shaz -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/