Meeting 27/03/2024

[maugustosilva]

Attendees

• [x] @ansasaki
• [ ] @aplanas
• [ ] @edwards-n
• [ ] @galmasi
• [ ] @Isaac-Matthews
• [x] @kkaarreell
• [ ] @lkatalin
• [ ] @lukehinds
• [x] @maugustosilva
• [x] @mayaCostantini
• [ ] @mdrocco
• [ ] @mbestavros
• [] @mheese
• [x] @mruffin
• [x] @mpeters
• [ ] Niteesh Dubey
• [ ] @osresearch
• [ ] @ruocco
• [ ] @stringlytyped
• [ ] @stefanberger
• [ ] @THS-on
• [ ] @tpletcher-hpe
• [ ] @ueno
• [ ] @sergio-correia
• [ ] Supreshna
• [ ] Christian Schilling

Time: 27/03/24 15:30 GMT (https://www.timeanddate.com/worldclock/fixedtime.html?msg=Keylime+Meeting&iso=20240124T1530&p1=136&ah=1) Meeting link: https://ibm.webex.com/meet/marcio.a.silva

Agenda

• Operator updates
• Push model updates
• Adding "named measured boot policies" update
• IMA issue (https://github.com/keylime/keylime/issues/1515)
• New version (v7.11.0)
• Documentation synchronization https://github.com/keylime/keylime/issues/1519

[maugustosilva]

First of all, my apologies to @Isaac-Matthews, @mheese and @stringlytyped. Due to a mistake made by me, the meeting happened earlier than what was scheduled, causing them to miss it.

[maugustosilva]

@maugustosilva proposed that we hold any keylime modifications to address the "IMA in the presence of package updates" issue. There are a few alternatives being discussed in the community, and a comment on the aforementioned issue discusses the potential solutions.

[maugustosilva]

@kkaarreell proposed a that the runtime (IMA) policy should include, in addition to the "allow list" and "exclude list", a "reject list". He pointed out how crucial such a feature is, especially for IMA file signatures. He has opened an issue to highlight the problem.