Re: [PATCH 2/6] integrity: Linux Integrity Module(LIM)

[Mimi Zohar]

On Wed, 2008-12-03 at 13:23 -0500, Christoph Hellwig wrote:
> On Wed, Dec 03, 2008 at 01:18:43PM -0500, Mimi Zohar wrote:
> > IMA originally supported measurement and attestation only for file data.
> > Templates provide an abstraction to add different types of integrity
> > messages to the TPM based measurement list. Each type of integrity code
> > knows how to format/display its own messages, while the TPM measurement
> > list code remains generic.
> 
> I have a bit of a problem parsing the above, and it certainly doesn't
> look like a justification for keeping all that unused code around.

The purpose of LIM is to provide an integrity infrastructure to support 
different types of integrity data.  IMA implements both the LIM
API for it's own internal use, and exports it for others to call.

As Dave Safford pointed out in http://lkml.org/lkml/2008/11/17/362,
there are other projects that want to add differently structured
measurements to the TPM measurement list.  The template abstraction is
critical to allowing these differently formatted messages to be added to
the list.

Mimi



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/