Re: [PATCH v2 00/15] ima: digest list feature

From: Matthew Garrett
Date: Tue Nov 07 2017 - 09:49:28 EST

Next message: tip-bot for Tom Lendacky: "[tip:x86/asm] resource: Provide resource struct in resource walk callback"
Previous message: tip-bot for Tom Lendacky: "[tip:x86/asm] x86/efi: Access EFI data as encrypted when SEV is active"
In reply to: Roberto Sassu: "Re: [PATCH v2 00/15] ima: digest list feature"
Next in thread: Roberto Sassu: "Re: [PATCH v2 00/15] ima: digest list feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 7, 2017 at 2:36 AM, Roberto Sassu <roberto.sassu@xxxxxxxxxx> wrote:
> Finally, digest lists address also the third issue because Linux
> distribution vendors already provide the digests of files included in each
> RPM package. The digest list is stored in the RPM header, signed by the
> vendor.

RPM's hardly universal, and distributions are in the process of moving
away from using it for distributing non-core applications (Flatpak and
Snap are becoming increasingly popular here). I think this needs to be
a generic solution rather than having the kernel tied to a specific
package format.

Next message: tip-bot for Tom Lendacky: "[tip:x86/asm] resource: Provide resource struct in resource walk callback"
Previous message: tip-bot for Tom Lendacky: "[tip:x86/asm] x86/efi: Access EFI data as encrypted when SEV is active"
In reply to: Roberto Sassu: "Re: [PATCH v2 00/15] ima: digest list feature"
Next in thread: Roberto Sassu: "Re: [PATCH v2 00/15] ima: digest list feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]