[dm-devel] [PATCH 0/7] device mapper target measurements using IMA
Tushar Sugandhi
tusharsu at linux.microsoft.com
Wed Jul 14 20:20:02 UTC 2021
Hello Thore,
On 7/14/21 4:32 AM, Thore Sommer wrote:
> Thank you for bringing IMA support to device mapper. The addition of dm-verity
> to IMA is very useful for the project I'm working on where we boot
> our distribution from removable USB media.
Thank you for the positive ack. Appreciate it.
> One of our goals is to detect tampering of the root file system remotely.
> Therefore we enabled dm-verity support but implementing remote attestation for
> dm-verity from userland is not ideal which was our initial plan.
Yes, remote attestation from userland is not ideal.
> This patch set enables us to leverage to already implemented IMA attestation
> infrastructure by the remote attestation service that we are using (Keylime)
> without trying to roll a custom solution.
I am glad that DM-IMA functionality is useful for your scenario.
> We tested the initial RFC patch set and will continue testing with
> this one to see if it fully works in our environment and with our use
> case.
Thank you for testing the RFC patch set.
Please let me know if you discover any bugs in this one, or have any
other feedback.
Thanks again.
Regards,
Tushar
> Thore Sommer
More information about the dm-devel
mailing list