[RFC] IMA: New IMA measurements for dm-crypt and selinux

Mimi Zohar zohar at linux.ibm.com
Tue Apr 14 01:11:19 UTC 2020


On Sun, 2020-04-12 at 11:15 +0300, Lev R. Oshvang . wrote:
> On Sat, Apr 11, 2020 at 10:07 PM Stephen Smalley
> It sees to me that  LKRG (kernel run time guard)  takes the role of
> measuring kernel structures.  Perhaps you need to consult with LKRG
> guys.

There definitely sounds like there is some overlap.  LKRG seems to be
measuring kernel structures for enforcing local integrity.  In the
context of IMA, measurements are included in the IMA measurement list
and used to extend a TPM PCR so that it can be quoted.

A generic method for measuring structures and including them in the
IMA measurement list sounds interesting.

Mimi



More information about the Linux-security-module-archive mailing list