Re: [PATCH 2 of 4] ima: related Makefile compile order change andReadme

From: Reiner Sailer
Date: Mon May 23 2005 - 16:39:23 EST

Next message: Chris Haumesser: "promise sx8 sata driver"
Previous message: Karsten Keil: "Re: [PATCH] bug in VIA PCI IRQ routing"
In reply to: Pavel Machek: "Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme"
Next in thread: Pavel Machek: "Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pavel Machek <pavel@xxxxxx> wrote on 05/23/2005 04:39:29 PM:

>
> Actually, you "could" also cat /proc files, then verify the signature
> by hand (using pen and paper :-).

Theoretically, yes. The signature is 2048bit and to validate the signed
aggregate requires recursively applying SHA1 over all measurements.

> It seems to me that the mechanism is sound... it does what the docs
> says. Another questions is "is it usefull"?
>
> Pavel
>

We implemented some exemplary IMA-applications. If you like, visit our
project page and check out the references:
http://www.research.ibm.com/secure_systems_department/projects/tcglinux/
There you also find a complete measurement list and a response of a measured
system replying to an authorized remote measurement-list-request.

Thanks
Reiner

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Haumesser: "promise sx8 sata driver"
Previous message: Karsten Keil: "Re: [PATCH] bug in VIA PCI IRQ routing"
In reply to: Pavel Machek: "Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme"
Next in thread: Pavel Machek: "Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]