[dm-devel] [PATCH v3 0/2] IMA: Add test for dm-crypt measurement
Tushar Sugandhi
tusharsu at linux.microsoft.com
Wed Feb 24 01:27:09 UTC 2021
Hi Petr,
On 2021-02-23 4:43 p.m., Mimi Zohar wrote:
> Hi Petr,
>
> On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote:
>> Hi!
>>
>> I updated Tushar's patchset to speedup things.
>>
Thank you. :)
>> Changes v2->v3
>> * rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/
>> * move tst_res TPASS/TFAIL into test_policy_measurement()
>> * drop template=ima-buf (see Lakshmi's patch [1] and discussion about
>> it, it will be removed from ima_keys.sh as well)
Makes sense.
>> * moved ima_dm_crypt.sh specific changes to second commit
>> * further API and style related cleanup
>>
>> Could you please check this patchset?
I reviewed the patchset.
Patch 1 looks ok. (generalize key measurement tests)
Patch 2 won't work as is, since the dm kernel code is not upstreamed
yet. (see my comments below for more context)
>
> I'm not sure about the status of the associated IMA dm-crypt kernel
> patch set. It hasn't even been reviewed, definitely not upstreamed.
> I would hold off on upstreaming the associated ltp test.
>
That is correct.
The device mapper measurement work is being revisited - to cover aspects
like more DM targets (not just dm-crypt), better memory management, more
relevant attributes from the DM targets, other corner cases etc.
Therefore, even though the first patch of the series "generalize key
measurement tests", would be useful for other tests; I will have to
revisit the second patch, "dm-crypt measurements", to address the
DM side changes I mentioned above.
To summarize,
- you may upstream the first patch (generalizing the key
measurements). It would be useful for us while writing more tests in
this space.
- but please hold off upstreaming the second patch (dm-crypt test)
as Mimi has suggested.
Thanks,
Tushar
> thanks,
>
> Mimi
>
More information about the dm-devel
mailing list