IMA appraisal extension
IMA appraisal extension
Posted Mar 30, 2012 0:09 UTC (Fri) by nybble41 (subscriber, #55106)In reply to: IMA appraisal extension by nix
Parent article: IMA appraisal extension
I think the concern was more along the lines that you have to read the entire file into memory to verify the hash before you can use any of the data safely. Filesystems with data checksumming generally hash each block separately (with a Merkle tree or similar to link the hashes together at the inode level), but the article seemed to imply just one hash per file.
Posted Mar 30, 2012 12:46 UTC (Fri)
by nix (subscriber, #2304)
[Link]
IMA appraisal extension
If so, that would make initial loading of binaries slower (a lot slower for big binaries), but would not preclude use of demand paging after startup.