Menu
▾
▴
linux-ima-user — Q&A for users of IMA
This list is closed, nobody may subscribe to it.
| 2007 |
Jan
|
Feb
(10) |
Mar
(26) |
Apr
(8) |
May
(3) |
Jun
|
Jul
(26) |
Aug
(10) |
Sep
|
Oct
|
Nov
(2) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
(13) |
Mar
(4) |
Apr
(3) |
May
(5) |
Jun
|
Jul
(7) |
Aug
(8) |
Sep
(5) |
Oct
(16) |
Nov
|
Dec
(6) |
| 2009 |
Jan
(2) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(19) |
Jul
(4) |
Aug
|
Sep
(13) |
Oct
(10) |
Nov
(12) |
Dec
(2) |
| 2010 |
Jan
|
Feb
(2) |
Mar
(17) |
Apr
(28) |
May
|
Jun
(17) |
Jul
(11) |
Aug
(12) |
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2011 |
Jan
|
Feb
|
Mar
(20) |
Apr
(10) |
May
(1) |
Jun
|
Jul
|
Aug
(15) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
(53) |
Mar
(15) |
Apr
(4) |
May
(2) |
Jun
(13) |
Jul
|
Aug
|
Sep
(12) |
Oct
|
Nov
|
Dec
(6) |
| 2013 |
Jan
(7) |
Feb
(8) |
Mar
(4) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(6) |
Oct
|
Nov
(5) |
Dec
(8) |
| 2014 |
Jan
(17) |
Feb
(24) |
Mar
(8) |
Apr
(7) |
May
(18) |
Jun
(15) |
Jul
(5) |
Aug
(2) |
Sep
(49) |
Oct
(28) |
Nov
(7) |
Dec
(30) |
| 2015 |
Jan
(40) |
Feb
|
Mar
(9) |
Apr
(2) |
May
(9) |
Jun
(31) |
Jul
(33) |
Aug
(5) |
Sep
(20) |
Oct
|
Nov
(3) |
Dec
(12) |
| 2016 |
Jan
(14) |
Feb
(29) |
Mar
(10) |
Apr
(4) |
May
(4) |
Jun
|
Jul
(5) |
Aug
(19) |
Sep
(21) |
Oct
(2) |
Nov
(36) |
Dec
(30) |
| 2017 |
Jan
(101) |
Feb
(12) |
Mar
(7) |
Apr
(2) |
May
(29) |
Jun
(22) |
Jul
(7) |
Aug
(93) |
Sep
(27) |
Oct
(39) |
Nov
|
Dec
|
|
From: xiaolin C. <xia...@gm...> - 2008-04-08 04:23:52
|
hi, Could anyone help me? I use kernel-2.6.22.9. Then I patch ibm-ima-patch-2.6.22.9.patch to the kernel. New kernel compilation is ok. What I have done: 1) make menuconfig a) crypto->SHA1 is (y) b) security->Default Linux Capabilities (n) c) choose (y) for "TCG run-time Integrity Measurement Architecture" d) choose (y) for "IMA test mode" e) choose (*) for TPM hardware Support except atmel TPM interface 2)make 3) I reboot with IMA=1 and Selinux=0 The system halts after the following message is shown tpm_tis tpm_tis : tpm_transmit : tpm_send : error 4294967234 . Why the system can not start? due to IMA TPM loading order ?? Thanks. --bjtu Restart with option 2. based on the patch downloaded the same kernel from kernel.org i.e. linux-2.6.22.tar.gz.. 3. copied both the files to /usr/src 4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src 5. cd kernel directory 6. checked whether the patch works |
|
From: Tiago L. <tia...@gm...> - 2008-03-07 23:06:56
|
Reiner, Using this new patch with success, thank you for your time! Also, i've tested it with a uncommon TPM: Sinosun SSX35 on an Asus desktop board. All seems ok for now, next week will test with a STM chip. Tiago Lopes On Thu, Mar 6, 2008 at 10:23 PM, Reiner Sailer <sa...@us...> wrote: > Tiago, > > I just added a linux-ima release for 2.6.24.3 to sf.net/projects/linux-ima > , > which might patch into 2.6.24.2 as well. > > Let me know if this works for you. I had only time to do 'soft' testing > and > it works with and without TPM on my Laptop. > > Greetings > Reiner > __________________________________________________________ > Reiner Sailer, Research Staff Member, Secure Systems Department > IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 > Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... > http://www.research.ibm.com/people/s/sailer/ > > > > From: "Tiago Lopes" <tia...@gm...> > > To: lin...@li... > > Date: 03/04/2008 01:54 PM > > Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2 > > > > > > > There is any estimated date to the release of new version Reiner? (just > asking to get an idea) > Thanks. > > Tiago Lopes > > > On Tue, Feb 26, 2008 at 6:29 PM, Reiner Sailer <sa...@us...> wrote: > Thanks! > > I will also put out a new sf patch for the 2.6.24.3: kernel (in the > works). > Unfortunately, I have to do the work myself since we are not allowed to > include any third party patches. > > Greetings > Reiner > __________________________________________________________ > Reiner Sailer, Research Staff Member, Secure Systems Department > IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 > Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... > http://www.research.ibm.com/people/s/sailer/ > > > > From: "Chaskiel Grundman" <cgr...@gm...> > > To: "Tiago Lopes" <tia...@gm...>, > lin...@li... > > Date: 02/26/2008 01:17 PM > > Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2: > > > > > > > > > On Tue, Feb 26, 2008 at 11:44 AM, Tiago Lopes <tia...@gm...> > wrote: > Hello, > > I've compiled linux-IMA on a 2.6.22 kernel previously and everything was > OK. > Patching on the newer kernel (2.6.24.2:) was ok, but compile fails: > I got linux-IMA to run on 2.6.24 > > The attached patch updates ima_init.c. you also need to remove the > unregister_security() call from ima_lsm_abort() in ima_lsmhooks.c (I have > other changes in that file (making capabilities work like they do in the > root_plug module), so did not include that file in the patch) > [attachment "ima-2.6.24.patch" deleted by Reiner Sailer/Watson/IBM] > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > > |
|
From: Reiner S. <sa...@us...> - 2008-03-06 22:24:12
|
Tiago, I just added a linux-ima release for 2.6.24.3 to sf.net/projects/linux-ima, which might patch into 2.6.24.2 as well. Let me know if this works for you. I had only time to do 'soft' testing and it works with and without TPM on my Laptop. Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Tiago Lopes" <tia...@gm...> To: lin...@li... Date: 03/04/2008 01:54 PM Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2 There is any estimated date to the release of new version Reiner? (just asking to get an idea) Thanks. Tiago Lopes On Tue, Feb 26, 2008 at 6:29 PM, Reiner Sailer <sa...@us...> wrote: Thanks! I will also put out a new sf patch for the 2.6.24.3: kernel (in the works). Unfortunately, I have to do the work myself since we are not allowed to include any third party patches. Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Chaskiel Grundman" <cgr...@gm...> To: "Tiago Lopes" <tia...@gm...>, lin...@li... Date: 02/26/2008 01:17 PM Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2: On Tue, Feb 26, 2008 at 11:44 AM, Tiago Lopes <tia...@gm...> wrote: Hello, I've compiled linux-IMA on a 2.6.22 kernel previously and everything was OK. Patching on the newer kernel (2.6.24.2:) was ok, but compile fails: I got linux-IMA to run on 2.6.24 The attached patch updates ima_init.c. you also need to remove the unregister_security() call from ima_lsm_abort() in ima_lsmhooks.c (I have other changes in that file (making capabilities work like they do in the root_plug module), so did not include that file in the patch) [attachment "ima-2.6.24.patch" deleted by Reiner Sailer/Watson/IBM] ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Reiner S. <sa...@us...> - 2008-03-05 03:25:15
|
No problem asking. People need to plan. Answer: Assuming changes are mostly related to the unregister call going away, a 2.6.24.3 kernel IMA patch should hopefully get out onto sf.net this week. Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Tiago Lopes" <tia...@gm...> To: lin...@li... Date: 03/04/2008 01:54 PM Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2 There is any estimated date to the release of new version Reiner? (just asking to get an idea) Thanks. Tiago Lopes On Tue, Feb 26, 2008 at 6:29 PM, Reiner Sailer <sa...@us...> wrote: Thanks! I will also put out a new sf patch for the 2.6.24.3: kernel (in the works). Unfortunately, I have to do the work myself since we are not allowed to include any third party patches. Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Chaskiel Grundman" <cgr...@gm...> To: "Tiago Lopes" <tia...@gm...>, lin...@li... Date: 02/26/2008 01:17 PM Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2: On Tue, Feb 26, 2008 at 11:44 AM, Tiago Lopes <tia...@gm...> wrote: Hello, I've compiled linux-IMA on a 2.6.22 kernel previously and everything was OK. Patching on the newer kernel (2.6.24.2:) was ok, but compile fails: I got linux-IMA to run on 2.6.24 The attached patch updates ima_init.c. you also need to remove the unregister_security() call from ima_lsm_abort() in ima_lsmhooks.c (I have other changes in that file (making capabilities work like they do in the root_plug module), so did not include that file in the patch) [attachment "ima-2.6.24.patch" deleted by Reiner Sailer/Watson/IBM] ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Tiago L. <tia...@gm...> - 2008-03-04 18:46:54
|
There is any estimated date to the release of new version Reiner? (just asking to get an idea) Thanks. Tiago Lopes On Tue, Feb 26, 2008 at 6:29 PM, Reiner Sailer <sa...@us...> wrote: > Thanks! > > I will also put out a new sf patch for the 2.6.24.3 kernel (in the works). > Unfortunately, I have to do the work myself since we are not allowed to > include any third party patches. > > Greetings > Reiner > __________________________________________________________ > Reiner Sailer, Research Staff Member, Secure Systems Department > IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 > Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... > http://www.research.ibm.com/people/s/sailer/ > > > > From: "Chaskiel Grundman" <cgr...@gm...> > > To: "Tiago Lopes" <tia...@gm...>, > lin...@li... > > Date: 02/26/2008 01:17 PM > > Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2 > > > > > > > > > On Tue, Feb 26, 2008 at 11:44 AM, Tiago Lopes <tia...@gm...> > wrote: > Hello, > > I've compiled linux-IMA on a 2.6.22 kernel previously and everything was > OK. > Patching on the newer kernel (2.6.24.2:) was ok, but compile fails: > I got linux-IMA to run on 2.6.24 > > The attached patch updates ima_init.c. you also need to remove the > unregister_security() call from ima_lsm_abort() in ima_lsmhooks.c (I have > other changes in that file (making capabilities work like they do in the > root_plug module), so did not include that file in the patch) > [attachment "ima-2.6.24.patch" deleted by Reiner Sailer/Watson/IBM] > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > > |
|
From: Reiner S. <sa...@us...> - 2008-02-27 10:15:17
|
Hi, this tells me that I have make a new patch. At this time it seems a small thing that I might be able to fix today/tomorrow morning. Thanks for letting us know!! Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Tiago Lopes" <tia...@gm...> To: lin...@li... Date: 02/26/2008 12:21 PM Subject: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2 Hello, I've compiled linux-IMA on a 2.6.22 kernel previously and everything was OK. Patching on the newer kernel (2.6.24.2:) was ok, but compile fails: security/ima/ima_init.c: In function 'ima_measure_init': security/ima/ima_init.c 159: error: implicit declaration of function 'unregister_security' make[2]: *** [security/ima/ima_init.o] Error 1 make[1]: *** [security/ima] Error 2 I'm out of luck, or this IMA patch doens't work on this kernel? Thanks. Tiago Lopes ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Reiner S. <sa...@us...> - 2008-02-26 18:35:21
|
Thanks! I will also put out a new sf patch for the 2.6.24.3 kernel (in the works). Unfortunately, I have to do the work myself since we are not allowed to include any third party patches. Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Chaskiel Grundman" <cgr...@gm...> To: "Tiago Lopes" <tia...@gm...>, lin...@li... Date: 02/26/2008 01:17 PM Subject: Re: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2 On Tue, Feb 26, 2008 at 11:44 AM, Tiago Lopes <tia...@gm...> wrote: Hello, I've compiled linux-IMA on a 2.6.22 kernel previously and everything was OK. Patching on the newer kernel (2.6.24.2:) was ok, but compile fails: I got linux-IMA to run on 2.6.24 The attached patch updates ima_init.c. you also need to remove the unregister_security() call from ima_lsm_abort() in ima_lsmhooks.c (I have other changes in that file (making capabilities work like they do in the root_plug module), so did not include that file in the patch) [attachment "ima-2.6.24.patch" deleted by Reiner Sailer/Watson/IBM] ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Reiner S. <sa...@us...> - 2008-02-26 17:59:42
|
Thanks for pointing this out! (Your earlier e-mail must have gotten lost in my mailbox.) I don't have any 64bit systems right now running IMA. Any input from those who do have access is very helpful. Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Chaskiel Grundman" <cgr...@gm...> To: lin...@li... Date: 02/26/2008 12:47 PM Subject: [Linux-ima-user] Fwd: ima on x86_64? (I have since figured out that enabling CONFIG_DEBUG_SLAB works around the crash, but I'd still like to know if other people are using ima on x86_64 or have had this problem) ---------- Forwarded message ---------- From: Chaskiel Grundman <cgr...@gm...> Date: Fri, Feb 22, 2008 at 3:49 PM Subject: ima on x86_64? To: lin...@li... I have been trying to get an ima-enabled 2.6.22 kernel working on my x86_64 laptop. However, it tends to crash during modprobe operations that the initramfs does. There are two common errors: one is a page fault in ima_lookup_measure_entry. it appears that a bad pointer is found in the list. The other kind of fault occurs in various parts of the vmalloc code. These are more variable, but the usual case is that a general protection fault occurs in __free_pages or __get_vm_area_node because a pointer has invalid syntax (current x86_64 cpu's don't have true 64 bit pointers. the upper 17 bits of pointers must either be all 0 or all 1) Neither problem occurs if the kernel is booted with ima=0 instead of ima=1. Is anyone using ima on x86_64? What kernel version/ima patch? Thanks ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Reiner S. <sa...@us...> - 2008-02-26 17:58:30
|
tells me that I have do make a new patch. At this time it seems a small thing that I might be able to fix today/tomorrow morning. Thanks for letting us know!! Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Tiago Lopes" <tia...@gm...> To: lin...@li... Date: 02/26/2008 12:21 PM Subject: [Linux-ima-user] Error compiling linux-ima on 2.6.24.2 Hello, I've compiled linux-IMA on a 2.6.22 kernel previously and everything was OK. Patching on the newer kernel (2.6.24.2:) was ok, but compile fails: security/ima/ima_init.c: In function 'ima_measure_init': security/ima/ima_init.c 159: error: implicit declaration of function 'unregister_security' make[2]: *** [security/ima/ima_init.o] Error 1 make[1]: *** [security/ima] Error 2 I'm out of luck, or this IMA patch doens't work on this kernel? Thanks. Tiago Lopes ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Chaskiel G. <cgr...@gm...> - 2008-02-26 17:46:47
|
(I have since figured out that enabling CONFIG_DEBUG_SLAB works around the crash, but I'd still like to know if other people are using ima on x86_64 or have had this problem) ---------- Forwarded message ---------- From: Chaskiel Grundman <cgr...@gm...> Date: Fri, Feb 22, 2008 at 3:49 PM Subject: ima on x86_64? To: lin...@li... I have been trying to get an ima-enabled 2.6.22 kernel working on my x86_64 laptop. However, it tends to crash during modprobe operations that the initramfs does. There are two common errors: one is a page fault in ima_lookup_measure_entry. it appears that a bad pointer is found in the list. The other kind of fault occurs in various parts of the vmalloc code. These are more variable, but the usual case is that a general protection fault occurs in __free_pages or __get_vm_area_node because a pointer has invalid syntax (current x86_64 cpu's don't have true 64 bit pointers. the upper 17 bits of pointers must either be all 0 or all 1) Neither problem occurs if the kernel is booted with ima=0 instead of ima=1. Is anyone using ima on x86_64? What kernel version/ima patch? Thanks |
|
From: Chaskiel G. <cgr...@gm...> - 2008-02-26 17:43:51
|
On Tue, Feb 26, 2008 at 11:44 AM, Tiago Lopes <tia...@gm...> wrote: > Hello, > > I've compiled linux-IMA on a 2.6.22 kernel previously and everything was > OK. > Patching on the newer kernel (2.6.24.2) was ok, but compile fails: I got linux-IMA to run on 2.6.24 The attached patch updates ima_init.c. you also need to remove the unregister_security() call from ima_lsm_abort() in ima_lsmhooks.c (I have other changes in that file (making capabilities work like they do in the root_plug module), so did not include that file in the patch) |
|
From: Saurabh A. <tan...@gm...> - 2008-02-26 17:40:46
|
Hi Tiago patch will specifically work on the version mentioned on the patch name, like ibm_ima_8.3_x.y.z.9.patch where x.y.z is kernel 2.6.22 / 2.6.24 _ saurabh On Tue, Feb 26, 2008 at 5:44 PM, Tiago Lopes <tia...@gm...> wrote: > Hello, > > I've compiled linux-IMA on a 2.6.22 kernel previously and everything was OK. > Patching on the newer kernel (2.6.24.2) was ok, but compile fails: > > security/ima/ima_init.c: In function 'ima_measure_init': > security/ima/ima_init.c 159: error: implicit declaration of function > 'unregister_security' > make[2]: *** [security/ima/ima_init.o] Error 1 > make[1]: *** [security/ima] Error 2 > > I'm out of luck, or this IMA patch doens't work on this kernel? > Thanks. > > Tiago Lopes > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > |
|
From: Tiago L. <tia...@gm...> - 2008-02-26 16:44:18
|
Hello, I've compiled linux-IMA on a 2.6.22 kernel previously and everything was OK. Patching on the newer kernel (2.6.24.2) was ok, but compile fails: security/ima/ima_init.c: In function 'ima_measure_init': security/ima/ima_init.c 159: error: implicit declaration of function 'unregister_security' make[2]: *** [security/ima/ima_init.o] Error 1 make[1]: *** [security/ima] Error 2 I'm out of luck, or this IMA patch doens't work on this kernel? Thanks. Tiago Lopes |
|
From: Tamleek A. <tam...@gm...> - 2008-02-06 16:02:07
|
Thanks Kent and Saurabh The problem was with securityfs... i have edited '/etc/fstab ' for securityfs and its automatically mounted. Problem with ima is solved. Now my software TPM is not working, i have already some email exchanged with Mario Stressor regarding software TPM installation but could get through it. The error i get is "Can't open TPM driver!" Any help or link regarding software TPM installation will be greatly appriciated. Regards, On Feb 6, 2008 8:15 PM, Kent Yoder <shp...@gm...> wrote: > Hi Tamleek, > > You probably don't have securityfs mounted. IIRC you can mount it with: > > # mount -t securityfs securityfs /sys/kernel/security > > Kent > > On Feb 6, 2008 5:02 AM, Tamleek Ali <tam...@gm...> wrote: > > Hi All, > > > > Now i can see that ima is running using the 'dmesg | grep IMA' that is > > stated in the section 4 of the install instructions in the patch but I > > cannot find the mentioned /ima/binary_measurements nor the script > > print_ima_measuremnts that is mentioned in the section 5 of the > > instructions. > > > > note that i also tried to see the measurements using > > > > 'cat /sys/kernel/security/ima/ascii_runtime_measurements' > > > > but no file present in "/sys/kernel/security" > > > > please advice what needs to be done in order to read the measurements?? > > > > Regards > > Khanjee > > > > > > > > On Feb 5, 2008 4:43 PM, Tamleek Ali <tam...@gm...> wrote: > > > Hi All, > > > > > > I applied the IMA patch and then compiled the kernel successfully, > with > > the instructions given in the patch. However, still after rebooting and > > making SELinux disable, i could not see any message regarding IMA in the > > "dmesg". > > > > > > If any body can help me regarding installation of IMA, i will very > > thankful. > > > > > > Thanking you in advance. > > > Khanjee > > > > > > > > > > > > > > > > > > > > > > > > On Feb 5, 2008 12:14 PM, Tamleek Ali <tam...@gm...> wrote: > > > > > > > i cant see ima enabled in the > > > > > > > > #dmesg | grep ima > > > > > > > > the steps that i performed are as follows... > > > > > > > > 1. downloaded the ibm-ima latest patch from sourceforge.net i.e > > ibm-ima-patch-2.6.22... > > > > > > > > 2. based on the patch downloaded the same kernel from kernel.org i.e > . > > linux-2.6.22.tar.gz.. > > > > > > > > 3. copied both the files to /usr/src > > > > > > > > 4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src > > > > > > > > 5. cd kernel directory > > > > > > > > 6. checked whether the patch works > > > > > > > > #patch -p1 --dry-run < ibm-ima-2.6.22.patch > > > > and then patched successfully > > > > #cd /usr/src/linux-2.6.22 > > > > > > > > 7. #make ; make modules_install; make install; > > > > > > > > 8. booted with the kernel with options selinux = 0 ima=1 > > > > > > > > Now i cannot see any ima in the dmesg. > > > > > > > > i need to ask that > > > > 1. i dont have a hardware TPM neither have software TPM... will it > work > > without the tpm ?? > > > > 2. i couldnt do the menuconfig, as it didnt work on my system... can > it > > be a problem?? > > > > 3. is it nessesary to have the same kernel version as of ima patch?? > > > > > > > > Help needed please. > > > > > > > > > > > > Khanjee > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Linux-ima-user mailing list > > Lin...@li... > > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > > > > > > -- > Kent Yoder > IBM LTC Security Dev. > |
|
From: Kent Y. <shp...@gm...> - 2008-02-06 15:16:08
|
Hi Tamleek, You probably don't have securityfs mounted. IIRC you can mount it with: # mount -t securityfs securityfs /sys/kernel/security Kent On Feb 6, 2008 5:02 AM, Tamleek Ali <tam...@gm...> wrote: > Hi All, > > Now i can see that ima is running using the 'dmesg | grep IMA' that is > stated in the section 4 of the install instructions in the patch but I > cannot find the mentioned /ima/binary_measurements nor the script > print_ima_measuremnts that is mentioned in the section 5 of the > instructions. > > note that i also tried to see the measurements using > > 'cat /sys/kernel/security/ima/ascii_runtime_measurements' > > but no file present in "/sys/kernel/security" > > please advice what needs to be done in order to read the measurements?? > > Regards > Khanjee > > > > On Feb 5, 2008 4:43 PM, Tamleek Ali <tam...@gm...> wrote: > > Hi All, > > > > I applied the IMA patch and then compiled the kernel successfully, with > the instructions given in the patch. However, still after rebooting and > making SELinux disable, i could not see any message regarding IMA in the > "dmesg". > > > > If any body can help me regarding installation of IMA, i will very > thankful. > > > > Thanking you in advance. > > Khanjee > > > > > > > > > > > > > > > > On Feb 5, 2008 12:14 PM, Tamleek Ali <tam...@gm...> wrote: > > > > > i cant see ima enabled in the > > > > > > #dmesg | grep ima > > > > > > the steps that i performed are as follows... > > > > > > 1. downloaded the ibm-ima latest patch from sourceforge.net i.e > ibm-ima-patch-2.6.22... > > > > > > 2. based on the patch downloaded the same kernel from kernel.org i.e. > linux-2.6.22.tar.gz.. > > > > > > 3. copied both the files to /usr/src > > > > > > 4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src > > > > > > 5. cd kernel directory > > > > > > 6. checked whether the patch works > > > > > > #patch -p1 --dry-run < ibm-ima-2.6.22.patch > > > and then patched successfully > > > #cd /usr/src/linux-2.6.22 > > > > > > 7. #make ; make modules_install; make install; > > > > > > 8. booted with the kernel with options selinux = 0 ima=1 > > > > > > Now i cannot see any ima in the dmesg. > > > > > > i need to ask that > > > 1. i dont have a hardware TPM neither have software TPM... will it work > without the tpm ?? > > > 2. i couldnt do the menuconfig, as it didnt work on my system... can it > be a problem?? > > > 3. is it nessesary to have the same kernel version as of ima patch?? > > > > > > Help needed please. > > > > > > > > > Khanjee > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > -- Kent Yoder IBM LTC Security Dev. |
|
From: Tamleek A. <tam...@gm...> - 2008-02-06 11:02:09
|
Hi All, Now i can see that ima is running using the 'dmesg | grep IMA' that is stated in the section 4 of the install instructions in the patch but I cannot find the mentioned /ima/binary_measurements nor the script print_ima_measuremnts that is mentioned in the section 5 of the instructions. note that i also tried to see the measurements using 'cat /sys/kernel/security/ima/ascii_runtime_measurements' but no file present in "/sys/kernel/security" please advice what needs to be done in order to read the measurements?? Regards Khanjee On Feb 5, 2008 4:43 PM, Tamleek Ali <tam...@gm...> wrote: > Hi All, > > I applied the IMA patch and then compiled the kernel successfully, with > the instructions given in the patch. However, still after rebooting and > making SELinux disable, i could not see any message regarding IMA in the > "dmesg". > > If any body can help me regarding installation of IMA, i will very > thankful. > > Thanking you in advance. > Khanjee > > > > > On Feb 5, 2008 12:14 PM, Tamleek Ali <tam...@gm...> wrote: > > > i cant see ima enabled in the > > > > #dmesg | grep ima > > > > the steps that i performed are as follows... > > > > 1. downloaded the ibm-ima latest patch from sourceforge.net i.e > > ibm-ima-patch-2.6.22... > > > > 2. based on the patch downloaded the same kernel from kernel.org i.e. > > linux-2.6.22.tar.gz.. > > > > 3. copied both the files to /usr/src > > > > 4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src > > > > 5. cd kernel directory > > > > 6. checked whether the patch works > > > > #patch -p1 --dry-run < ibm-ima-2.6.22.patch > > and then patched successfully > > #cd /usr/src/linux-2.6.22 > > > > 7. #make ; make modules_install; make install; > > > > 8. booted with the kernel with options selinux = 0 ima=1 > > > > Now i cannot see any ima in the dmesg. > > > > i need to ask that > > 1. i dont have a hardware TPM neither have software TPM... will it work > > without the tpm ?? > > 2. i couldnt do the menuconfig, as it didnt work on my system... can it > > be a problem?? > > 3. is it nessesary to have the same kernel version as of ima patch?? > > > > Help needed please. > > > > > > Khanjee > > > > > > > > > > > > > |
|
From: Tamleek A. <tam...@gm...> - 2008-02-05 11:43:59
|
Hi All, I applied the IMA patch and then compiled the kernel successfully, with the instructions given in the patch. However, still after rebooting and making SELinux disable, i could not see any message regarding IMA in the "dmesg". If any body can help me regarding installation of IMA, i will very thankful. Thanking you in advance. Khanjee On Feb 5, 2008 12:14 PM, Tamleek Ali <tam...@gm...> wrote: > i cant see ima enabled in the > > #dmesg | grep ima > > the steps that i performed are as follows... > > 1. downloaded the ibm-ima latest patch from sourceforge.net i.e > ibm-ima-patch-2.6.22... > > 2. based on the patch downloaded the same kernel from kernel.org i.e. > linux-2.6.22.tar.gz.. > > 3. copied both the files to /usr/src > > 4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src > > 5. cd kernel directory > > 6. checked whether the patch works > > #patch -p1 --dry-run < ibm-ima-2.6.22.patch > and then patched successfully > #cd /usr/src/linux-2.6.22 > > 7. #make ; make modules_install; make install; > > 8. booted with the kernel with options selinux = 0 ima=1 > > Now i cannot see any ima in the dmesg. > > i need to ask that > 1. i dont have a hardware TPM neither have software TPM... will it work > without the tpm ?? > 2. i couldnt do the menuconfig, as it didnt work on my system... can it be > a problem?? > 3. is it nessesary to have the same kernel version as of ima patch?? > > Help needed please. > > > Khanjee > > > > > > |
|
From: Tamleek A. <tam...@gm...> - 2008-02-05 07:14:47
|
i cant see ima enabled in the
#dmesg | grep ima
the steps that i performed are as follows...
1. downloaded the ibm-ima latest patch from sourceforge.net i.e
ibm-ima-patch-2.6.22...
2. based on the patch downloaded the same kernel from kernel.org i.e.
linux-2.6.22.tar.gz..
3. copied both the files to /usr/src
4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src
5. cd kernel directory
6. checked whether the patch works
#patch -p1 --dry-run < ibm-ima-2.6.22.patch
and then patched successfully
#cd /usr/src/linux-2.6.22
7. #make ; make modules_install; make install;
8. booted with the kernel with options selinux = 0 ima=1
Now i cannot see any ima in the dmesg.
i need to ask that
1. i dont have a hardware TPM neither have software TPM... will it work
without the tpm ??
2. i couldnt do the menuconfig, as it didnt work on my system... can it be a
problem??
3. is it nessesary to have the same kernel version as of ima patch??
Help needed please.
Khanjee
|
|
From: Reiner S. <sa...@us...> - 2007-12-29 20:24:12
|
Hi Spark, try 'cat /sys/kernel/security/ima/ascii_runtime_measurements' Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Spark Blurr" <spa...@gm...> To: lin...@li... Date: 12/29/2007 03:19 PM Subject: [Linux-ima-user] Unable to locate /ima/binary_measurements Hi, I am a student learning how to use the tpm for attestation and sealing/unsealing of documents as part of my project. I am following the instructions in the ima patch and successfully patched the linux kernel. I have verified that the ima is running using the 'dmesg | grep IMA' that is stated in the section 4 of the install instructions in the patch but I couldnt find the mentioned /ima/binary_measurements nor the script print_ima_measuremnts that is mention in the section 5 of the instructions. Section 5: To read the measurements, read from /ima/binary_measurements. Please advise on their locations and what needs to be done in order to read the measurements. Thanks, Spark ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Spark B. <spa...@gm...> - 2007-12-29 15:10:13
|
Hi, I am a student learning how to use the tpm for attestation and sealing/unsealing of documents as part of my project. I am following the instructions in the ima patch and successfully patched the linux kernel. I have verified that the ima is running using the 'dmesg | grep IMA' that is stated in the section 4 of the install instructions in the patch but I couldnt find the mentioned /ima/binary_measurements nor the script print_ima_measuremnts that is mention in the section 5 of the instructions. Section 5: To read the measurements, read from /ima/binary_measurements. Please advise on their locations and what needs to be done in order to read the measurements. Thanks, Spark |
|
From: Reiner S. <sa...@us...> - 2007-12-24 07:26:19
|
SGkgQ2hyaXMsDQoNCkkgYW0gbm90IGFic29sdXRlbHkgc3VyZSB3aGF0IHlvdSBhcmUgdHJ5aW5n IHRvIGRvLg0KDQpJbiBjYXNlIHlvdSBhcmUgdHJ5aW5nIHRvIHJlLWNhbGN1bGF0ZSB0aGUgVFBN IFBDUiB2YWx1ZSBmcm9tIHRoZQ0KbWVhc3VyZW1lbnQgbGlzdCwgdGhlbiB5b3UgbWlnaHQgbm90 IGRvIHRoaXMgY29ycmVjdGx5Lg0KDQpZb3VyIGNvZGUgc2VlbXMgdG8gc2ltcGx5IGNvbmNhdGVu YXRlIGFsbCBzaGExIHZhbHVlcyBhbmQgY2FsY3VsYXRlIGENCnNpbmdsZSBzaGExIG92ZXIgaXQu IFRoaXMgaXMgbm90IGhvdyB0aGUgVFBNLWV4dGVuZCB3b3JrcyBhbmQgZG9lcyBub3QNCmNvcnJl Y3RseSBzaW11bGF0ZSB0aGUgZXh0ZW5zaW9uLg0KDQpZb3UgYWN0dWFsbHkgaGF2ZSB0byBmaW5h bGl6ZSB0aGUgaGFzaCBlYWNoIHRpbWUgYWZ0ZXIgYWRkaW5nIGFuIElNQQ0KbWVhc3VyZW1lbnQg dG8gdGhlIHNpbXVsYXRlZCBQQ1IuIFRoaXMgd2F5LCB5b3Ugc2hvdWxkIC0taW4gdGhlIGVuZC0t DQpleGFjdGx5IGdldCB0aGUgcmVhbCBQQ1IgdmFsdWUgcmVzdWx0aW5nIGZyb20gdGhlIG9yZGVy ZWQgbWVhc3VyZW1lbnQgbGlzdC4NCg0KWW91IGNvdWxkIGNvbnNpZGVyIGxvb2tpbmcgaGVyZSB0 byBmaW5kIHNvbWUgaW5mb3JtYXRpb24gYWJvdXQgaG93IHRvDQpyZWNhbGN1bGF0ZSB0aGUgUENS IDoNCmh0dHA6Ly9kb21pbm8ucmVzZWFyY2guaWJtLmNvbS9jb21tL3Jlc2VhcmNoX3Blb3BsZS5u c2YvcGFnZXMvc2FpbGVyLmltYS5odG1sDQoNCkRvZXMgdGhpcyBoZWxwPw0KDQpHcmVldGluZ3MN ClJlaW5lcg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0KUmVpbmVyIFNhaWxlciwgUmVzZWFyY2ggU3RhZmYgTWVtYmVyLCBTZWN1cmUg U3lzdGVtcyBEZXBhcnRtZW50DQpJQk0gVCBKIFdhdHNvbiBSZXNlYXJjaCBDdHIsIDE5IFNreWxp bmUgRHJpdmUsIEhhd3Rob3JuZSBOWSAxMDUzMg0KUGhvbmU6IDkxNCA3ODQgNjI4MCAgKHQvbCA4 NjMpICBGYXg6IDkxNCA3ODQgNjIwNSwgc2FpbGVyQHVzLmlibS5jb20NCmh0dHA6Ly93d3cucmVz ZWFyY2guaWJtLmNvbS9wZW9wbGUvcy9zYWlsZXIvDQoNCg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgRnJvbTogICAgICAg aHF6aDEyMzQgPGhxemgxMjM0QDE2My5jb20+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0K ICBUbzogICAgICAgICBsaW51eC1pbWEtdXNlckBsaXN0cy5zb3VyY2Vmb3JnZS5uZXQgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgDQogIERhdGU6ICAgICAgIDEyLzI0LzIwMDcgMDI6MTIgQU0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgU3ViamVjdDogICAgW0xpbnV4LWltYS11c2Vy XSBpIGhhdmUgYSBxdWVzdGlvbiBvbiB2ZXJpZnkgb2YgSU1BICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KDQoNCg0KDQoNCg0KDQpk ZWFyIHNhaWxlcjoNCiAgICAgICBpICdsbCBzaG93IG15IHByb2dyYW0gb2YgY2FsY3VsYXRlIHRo ZSBsaXN0IGluIElNQS5pdCBzZWVtcyBub3QNCnJpZ2h0ICxjb3VsZCB5b3UgZ2l2ZSBtZSBzb21l IHN1Z2dlc3Rpb24uDQoNCnN0cnVjdCBpbWFfcXVldWVfZW50cnkgKnFlOw0KIHN0cnVjdCBjcnlw dG9faGFzaCAqdGZtOw0KIHN0cnVjdCBzY2F0dGVybGlzdCBzZzsNCiBzdHJ1Y3QgaGFzaF9kZXNj IGRlc2M7DQogICAgdGZtID0gY3J5cHRvX2FsbG9jX2hhc2goInNoYTEiLCAwLCBDUllQVE9fQUxH X0FTWU5DKTsNCiBpZiAoIXRmbSB8fCBJU19FUlIodGZtKSkgew0KICBpbWFfaW52YWxpZGF0ZV9w Y3IoIk5vIFNIQTEgYXZhaWxhYmxlIik7DQogIHJldHVybiAtRUZBVUxUOw0KIH0NCiBkZXNjLnRm bSA9IHRmbTsNCiBkZXNjLmZsYWdzID0gMDsNCiBjcnlwdG9faGFzaF9pbml0KCZkZXNjKTsNCiBs aXN0X2Zvcl9lYWNoX2VudHJ5X3JjdShxZSwgJmltYV9tZWFzdXJlbWVudHMsIGxhdGVyKSAgew0K ICBtZW1jcHkoYnVmcCwgcWUtPmVudHJ5LT5kaWdlc3QsIDIwKTsNCiAgc2dfaW5pdF9vbmUoJnNn LCBidWZwLCAyMCk7DQogIGNyeXB0b19oYXNoX3VwZGF0ZSgmZGVzYywgJnNnLCAyMCk7DQogfQ0K IGNyeXB0b19oYXNoX2ZpbmFsKCZkZXNjLCBidWZwKTsNCiBjcnlwdG9fZnJlZV9oYXNoKHRmbSk7 DQogICBpbiBteSBvcGluaW9uLnRoZSByZXN1bHQgb2YgaGFzaCBsaXN0IHdpbGwgc2F2ZWQgdG8g YnVmcC53aHkgaXMgbm90DQpyaWdodD8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICB5b3VycyBjaHJpcw0KDQoNCg0Kv+zA1s/C1Nij rNOuyKG0872xo6G40MrcyKvQwsrAveejrLjQytzQwrXEyfq77qOhDQotLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t DQpUaGlzIFNGLm5ldCBlbWFpbCBpcyBzcG9uc29yZWQgYnk6IE1pY3Jvc29mdA0KRGVmeSBhbGwg Y2hhbGxlbmdlcy4gTWljcm9zb2Z0KFIpIFZpc3VhbCBTdHVkaW8gMjAwNS4NCmh0dHA6Ly9jbGsu YXRkbXQuY29tL01SVC9nby92c2UwMTIwMDAwMDcwbXJ0L2RpcmVjdC8wMS8NCl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpMaW51eC1pbWEtdXNlciBtYWls aW5nIGxpc3QNCkxpbnV4LWltYS11c2VyQGxpc3RzLnNvdXJjZWZvcmdlLm5ldA0KaHR0cHM6Ly9s aXN0cy5zb3VyY2Vmb3JnZS5uZXQvbGlzdHMvbGlzdGluZm8vbGludXgtaW1hLXVzZXINCg== |
|
From: hqzh1234 <hqz...@16...> - 2007-12-24 06:07:35
|
dear sailer:
i 'll show my program of calculate the list in IMA.it seems not
right ,could you give me some suggestion.
struct ima_queue_entry *qe;
struct crypto_hash *tfm;
struct scatterlist sg;
struct hash_desc desc;
tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
if (!tfm || IS_ERR(tfm)) {
ima_invalidate_pcr("No SHA1 available");
return -EFAULT;
}
desc.tfm = tfm;
desc.flags = 0;
crypto_hash_init(&desc);
list_for_each_entry_rcu(qe, &ima_measurements, later) {
memcpy(bufp, qe->entry->digest, 20);
sg_init_one(&sg, bufp, 20);
crypto_hash_update(&desc, &sg, 20);
}
crypto_hash_final(&desc, bufp);
crypto_free_hash(tfm);
in my opinion.the result of hash list will saved to bufp.why is not
right?
yours chris
|
|
From: Reiner S. <sa...@us...> - 2007-11-06 22:12:10
|
Hi Salvo, IMA is not an access enforcement technology. It simply keeps a log of what is loaded into the run-time of a system. As part of running applications, IMA can also measure configuration files that might be important to conclude about the integrity of the configuration a running application. This helps a remote party to reason about the run-time integrity from the point the system boots and applications start. The documentation for the IMA patch is included in the patch. After patching the kernel, the ima documentation can be found in the Documentation subdirectory of the linux kernel source code. Some more info on how IMA works can be found: http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html For your problem, you might look at applications that focus on the secure root of storage part of trusted computing, such as EVM/SLIM. http://lwn.net/Articles/160126/ and related recent 2007 kernel mailing list postings Best Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Salvatore Caratozzolo" <s.c...@ca...> To: lin...@li... Date: 11/06/2007 04:49 AM Subject: [Linux-ima-user] info IMA hi i downloaded IMA and i'd like to use it to prevent tampering attacks to my filesystem!it is possible? example: if i add etc/passwd to the database (or list) of IMA, if i try to modify it , IMa must asks me a password or my TPM owner password to let do it! if so how does IMA use TPM to control the file? i want to use it with my Broadcom TPM v1.2 , Kubuntu 7.04, Feisty Fawn with 2.6.20.16 kernel. does exist a guide to install the patch? tnx for your support! salvo ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Salvatore C. <s.c...@ca...> - 2007-11-06 09:49:52
|
hi i downloaded IMA and i'd like to use it to prevent tampering attacks to my filesystem!it is possible? example: if i add etc/passwd to the database (or list) of IMA, if i try to modify it , IMa must asks me a password or my TPM owner password to let do it! if so how does IMA use TPM to control the file? i want to use it with my Broadcom TPM v1.2 , Kubuntu 7.04, Feisty Fawn with 2.6.20.16 kernel. does exist a guide to install the patch? tnx for your support! salvo |
|
From: Reiner S. <sa...@us...> - 2007-08-31 14:53:56
|
Rinaldo, many thanks for making me aware of the problem in INSTALL. Bug reports are highly appreciated! I will patch this Install after the long labor-day weekend when I have access to my development systems. Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "rinberg\@libero\.it" <ri...@li...> To: "linux-ima-user" <lin...@li...> Cc: Reiner Sailer/Watson/IBM@IBMUS Date: 08/31/2007 03:42 AM Subject: Re: [Linux-ima-user] manual measure error > you forgot to specify the "&" in front of "mr" in your measure request. > > The 'write' takes a POINTER. > > Please try again changing > > write(fd_mreq, mr, sizeof(struct measure_request)) > > to > write(fd_mreq, &mr, sizeof(struct measure_request)) > > > Greetings > Reiner Thank you really for your quick answer, it saved me from a lot of worry as the deadline of the project is coming... This **solved my issue** :) btw I had those code lines from the: /usr/src/linux/Documentation/ima/INSTALL ----------------------------------------------------------------- if (write(fd_mreq, mr, sizeof(struct measure_request)) -- (A) <error measuring>; | /* now use the file -- see NOTE below */ |- protected ... | section (see Note) /* then close the file */ | close(fd_config) -- (B) ----------------------------------------------------------------- So this is a sort of "bug report" within the documentation, nothing serious but I trusted them and didn't check the write. Take care and thanks again, Rinaldo Bergamini |
32 messages has been excluded from this view by a project administrator.
