[PATCH v3 1/9] KEYS: Defined an IMA hook to measure keys on key create or update

Sasha Levin sashal at kernel.org
Thu Oct 31 15:27:30 UTC 2019

On Thu, Oct 31, 2019 at 08:08:48AM -0700, Lakshmi Ramasubramanian wrote:
>On 10/31/19 5:10 AM, Mimi Zohar wrote:
>>On Wed, 2019-10-30 at 18:19 -0700, Lakshmi Ramasubramanian wrote:
>>>Asymmetric keys used for verifying file signatures or certificates
>>>are currently not included in the IMA measurement list.
>>>This patch defines a new IMA hook namely ima_post_key_create_or_update()
>>>to measure asymmetric keys.
>>It's not enough for the kernel to be able to compile the kernel after
>>applying all the patches in a patch set.  After applying each patch,
>>the kernel should build properly, otherwise it is not bi-sect safe.
>>  Refer to "3) Separate your changes" of
>I started with kernel version 5.3 for this patch set.
>I applied Nayna's process_buffer_measurement() patch and then built my 
>changes on top of that.
>This patch has no other dependency as far as I know.
>Are you seeing a build break after applying this patch alone?
>(PATCH v3 1/9) KEYS: Defined an IMA hook to measure keys on key create 
>or update

I couldn't even apply this patch: Nayna's series (v10) doesn't apply on
top of 5.3 to begin with, and while it does apply on mainline, this
first patch wouldn't apply on top.


More information about the Linux-security-module-archive mailing list