On Mon, Apr 15, 2024 at 04:24:22PM +0200, Roberto Sassu wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Integrity detection and protection has long been a desirable feature, to reach a large user base and mitigate the risk of flaws in the software and attacks.
However, while solutions exist, they struggle to reach the large user base, due to requiring higher than desired constraints on performance, flexibility and configurability, that only security conscious people are willing to accept.
This is where the new digest_cache LSM comes into play, it offers additional support for new and existing integrity solutions, to make them faster and easier to deploy.
The full documentation with the motivation and the solution details can be found in patch 14.
The IMA integration patch set will be introduced separately. Also a PoC based on the current version of IPE can be provided.
I can't cleanly apply this series (conflict on patch [13/14]). Can you point out the base commit of this series?
Confused...