On Mon, Jun 28, 2010 at 6:04 PM, chloé Fouquet <fouquet.chloe@gmail.com> wrote:
Hi,
I would like to know how is used ima practically. In fact how is used the TPM at the moment ?
If I want to verify that a certain application on your computer is genuine do I need you to run it and send me after your "ima digests" file and after I check if the .exe value has a good hash ?
If you could give me some examples of how is used the TPM, the trusted boot and the ima architecture practically I will be very grateful !
 
Hi Chloe,

Please go through http://linux-ima/sourceforge.net. You might find EVM interesting but what you are asking for is remote attestation. This means that I have to send you my ima measurement list which you will check against known good hashes and then recompute the PCR composite that I send along with the ima measurements in the form of PCR10 quote. So you have to open the quote and and remeasure the composite to verify that tpm extended values and IMA hashes are the same.

Have a look at http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html and follow some of the resources mentioned on it.

You will also need to understand the creation of AIK and also might want to have some form of protocol for you usecase.


--
Shaz