Message ID | 20210223225930.27095-1-pvorel@suse.cz (mailing list archive) |
---|---|
Headers | show |
Series | IMA: Add test for dm-crypt measurement | expand |
Hi Petr, On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote: > Hi! > > I updated Tushar's patchset to speedup things. > > Changes v2->v3 > * rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/ > * move tst_res TPASS/TFAIL into test_policy_measurement() > * drop template=ima-buf (see Lakshmi's patch [1] and discussion about > it, it will be removed from ima_keys.sh as well) > * moved ima_dm_crypt.sh specific changes to second commit > * further API and style related cleanup > > Could you please check this patchset? I'm not sure about the status of the associated IMA dm-crypt kernel patch set. It hasn't even been reviewed, definitely not upstreamed. I would hold off on upstreaming the associated ltp test. thanks, Mimi -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
Hi Petr, On 2021-02-23 4:43 p.m., Mimi Zohar wrote: > Hi Petr, > > On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote: >> Hi! >> >> I updated Tushar's patchset to speedup things. >> Thank you. :) >> Changes v2->v3 >> * rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/ >> * move tst_res TPASS/TFAIL into test_policy_measurement() >> * drop template=ima-buf (see Lakshmi's patch [1] and discussion about >> it, it will be removed from ima_keys.sh as well) Makes sense. >> * moved ima_dm_crypt.sh specific changes to second commit >> * further API and style related cleanup >> >> Could you please check this patchset? I reviewed the patchset. Patch 1 looks ok. (generalize key measurement tests) Patch 2 won't work as is, since the dm kernel code is not upstreamed yet. (see my comments below for more context) > > I'm not sure about the status of the associated IMA dm-crypt kernel > patch set. It hasn't even been reviewed, definitely not upstreamed. > I would hold off on upstreaming the associated ltp test. > That is correct. The device mapper measurement work is being revisited - to cover aspects like more DM targets (not just dm-crypt), better memory management, more relevant attributes from the DM targets, other corner cases etc. Therefore, even though the first patch of the series "generalize key measurement tests", would be useful for other tests; I will have to revisit the second patch, "dm-crypt measurements", to address the DM side changes I mentioned above. To summarize, - you may upstream the first patch (generalizing the key measurements). It would be useful for us while writing more tests in this space. - but please hold off upstreaming the second patch (dm-crypt test) as Mimi has suggested. Thanks, Tushar > thanks, > > Mimi > -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel