Re: [RFC][PATCH v1 0/2] integrity: module integrity verification
From: Kasatkin, Dmitry
Date: Tue Feb 07 2012 - 16:19:00 EST
On Tue, Feb 7, 2012 at 7:13 PM, Rusty Russell <rusty@xxxxxxxxxx> wrote:
> On Mon, 6 Feb 2012 08:59:00 +0200, "Kasatkin, Dmitry" <dmitry.kasatkin@xxxxxxxxx> wrote:
>> On Mon, Feb 6, 2012 at 3:51 AM, James Morris <jmorris@xxxxxxxxx> wrote:
>> > On Wed, 1 Feb 2012, Dmitry Kasatkin wrote:
>> >
>> >> Hi,
>> >>
>> >> Here is another module verification patchset, which is based on the recently
>> >> upstreamed digital signature support used by EVM and IMA-appraisal.
>> >
>> > You should cc: Rusty on any changes to the module code.
>> >
>>
>> Hello,
>>
>> Mimi already has pointed that out.
>> I have sent him an email with the link..
>
> Thanks.
>
> Using an external signature (via cmdline arguments) is simple, at
> least. ÂNot sure what the userspace side of this looks like?
>
Hello,
There are couple of patches for modprobe and insmod...
You could see them on the top at:
http://linux-ima.git.sourceforge.net/git/gitweb.cgi?p=linux-ima/module-init-tools.git;a=summary
It first tries to read signature from xattr, then from file...
"modprobe -v" will show 'ima=' parameter with signature.
- Dmitry
> Cheers,
> Rusty.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at Âhttp://vger.kernel.org/majordomo-info.html
> Please read the FAQ at Âhttp://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/