Re: [Linux-ima-user] Fwd: Installing IMA!

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sat, 2013-12-28 at 16:52 +0100, hassan khan wrote: 
> Hi again List!
> 
> I am working on a project which requires measuring the integrity of OS. One
> option is IMA but I am not sure if fits in the scenario below.
> 
> The a part of the scenario of the project is some what like this:
> 
> The systems boots up and measurement is done using trusted-grub. So the PCR
> 0-7 are filled up. Then the OS is loaded (linux). Then I have a software
> named "Checker". The purpose of this software is to check if something is
> modified in the system or not. 

"to check if something is modified in the system or not" is a bit vague.

> What I am thinking is that I will store the
> PCRs values for the "checker". Once the system is restarted and new values
> are extended into the PCRS, the existing (stored) PCRs values are then
> compared to the new PCRs values.
> 
> One thing I did is, I used a check-file feature in trusted-grub to ensure
> the integrity of my "checker" software as it will be only one executable
> file.
> 
> The problem is that now I want to measure the OS (preferably Linux) and
> extend the measurement into a PCR. But I am not getting any clue how to do
> that. I would be great if I can get any comment on how to solve this
> problem.
> 
> Thanks for your help!

trusted-grub was never upstreamed and, very unlikely, to be upstreamed.
The industry seems to be converging on secure boot.  Someone has added
support for measuring files to the TPM PCRs to the shim -
http://mjg59.dreamwidth.org/28746.html.

thanks,

Mimi