Menu
▾
▴
Re: [Linux-ima-user] IMA integration with TPM Emulator
|
From: Reiner S. <sa...@us...> - 2009-03-16 03:23:30
|
Hi Ahmed, you are right, if a TPM is recognized by IMA, then every measurement is extended into the TPM as soon as it is created and before control passes to the newly loaded program (this way it is too late for a malicious program to clean its traces). Now, if IMA does not recognize a TPM chip, then this reporting does not happen. IMA works with hardware TPM as well as with a virtual TPM (e.g., on Xen inside a Linux guest). If you want to make it work with another in-kernel TPM device emulator, then this should not be too hard; simply adjust the reporting of a measurement. If your emulator is in user-space, then creating a save way to report the measurement before the measured program is started might be hard; at least affecting performance noticeably. Does this help? Reiner Ahmed Ramadan <ahd...@ho...> wrote on 03/15/2009 11:03:21 AM: > [image removed] > > [Linux-ima-user] IMA integration with TPM Emulator > > Ahmed Ramadan > > to: > > IMA > > 03/15/2009 11:04 AM > > Sorry last mail did not include a subject. > > Hello, > > I am using a tpm emulator with the Java TSS (jTSS) package, to > demonstrate a remote attestation scenario. > Managed to get the IMA patch working, however I get the message NO > TPM-CHIP found (Bypass Mode) which is understandable why. > > My problem is that the "runtime_measurements" aren't reported / > extended into the emulator. > How can they be reported in a secure way ? Is there a workaround ? > Is there any setup guide of IMA with the emulator ? > > For my understanding in machines with real TPM these measurement > would be reported / extended automatically into the TPM ? am i right > on this assumption ? > > > Regards, Ahmed > > Express your personality in color! Preview and select themes for Hotmail®. > See how. > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
