[PATCH v4 00/14] security: digest_cache LSM

Roberto Sassu roberto.sassu at huaweicloud.com
Tue Apr 16 06:56:32 UTC 2024


On Mon, 2024-04-15 at 22:18 +0300, Jarkko Sakkinen wrote:
> On Mon Apr 15, 2024 at 5:24 PM EEST, Roberto Sassu wrote:
> > From: Roberto Sassu <roberto.sassu at huawei.com>
> > 
> > Integrity detection and protection has long been a desirable feature, to
> > reach a large user base and mitigate the risk of flaws in the software
> > and attacks.
> > 
> > However, while solutions exist, they struggle to reach the large user
> > base, due to requiring higher than desired constraints on performance,
> > flexibility and configurability, that only security conscious people are
> > willing to accept.
> > 
> > This is where the new digest_cache LSM comes into play, it offers
> > additional support for new and existing integrity solutions, to make
> > them faster and easier to deploy.
> 
> Sorry for nitpicking but what are the existing integrity solutions, 
> and how does it help with this struggle? I.e. what is the gist here?

No worries... please have a look at patch 14. It should have all the
information.

Thanks

Roberto




More information about the Linux-security-module-archive mailing list