EPERM? ; performance

Posted Sep 20, 2012 14:09 UTC (Thu) by scripter (subscriber, #2654)
Parent article: LSS: Integrity for directories and special files

Getting an EPERM error on a directory seems misleading in the situation where integrity verification fails. I'd like to have an error that leads in the right direction.

Thanks for pointing out that the performance is better than using dm-crypt -- it puts it in perspective for me.

IMA/EVM and dm-crypt

Posted Sep 22, 2012 9:55 UTC (Sat) by Max.Hyre (subscriber, #1054) [Link]

Please tell me if I'm missing something here, but ISTM the two techniques are not replacements for each other. WRT offline access, dm-crypt is a superset of IMA/EVM.

IMA/EVM is useful if you want to know whether someone has been monkeying with your hard drive while you weren't looking, but does nothing to protect against the NSA reading your data, whereas dm-crypt ensures both no one has modified your data while the system was down, and no one has accessed it, either.