[PATCH v5 0/5] Lazy flush for the auth session
Jarkko Sakkinen
jarkko at kernel.org
Mon Oct 14 12:34:02 UTC 2024
On Mon, 2024-10-14 at 07:45 -0400, Mimi Zohar wrote:
> > > For server/IMA use case I'll add a boot parameter it can be
> > > either on or off by default, I will state that in the commit
> > > message and we'll go from there.
>
> Sounds good.
But only after this patch set lands. I gave this a thought and since
this patch set is specifically for a specific Bugzilla bug that it
closes, I have no interest to increase its scope.
>
> >
> > Up until legit fixes are place distributors can easily disable
> > the feature. It would be worse if TCG_TPM2_HMAC did not exist.
> >
> > So I think it is better to focus on doing right things right,
> > since the feature itself is useful objectively, and make sure
> > that those fixes bring the wanted results.
>
> Are you backtracking on having a boot parameter here specifically to
> turn on/off
> HMAC encryption for IMA?
I'm not really sure yet but obviously any change goes through review.
Also fastest route is to send your own RFC's to IMA specific issue.
For me it will take some time (post this patch set).
>
> Mimi
>
>
BR, Jarkko
BR, Jarkko
More information about the Linux-security-module-archive
mailing list