[Linux-ima-user] Chain of trust in IMA and IMA for Ubuntu!

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi!

Does IMA require prior installation of Trusted-Grub? What I have understood
is that IMA starts the measurements from Kernel level, kernel is modified
such that it measures itself and also measures the application loaded (and
eventually gets executed). But in this case where is that immutable code or
in other words the core root of trust which starts the measurement when
system is booted, which measure BIOS and so on..

So long story short, how do I maintain this chain of trust (immutable code
(TPM) --> bootloader Stage 1 --> Stage 2 --> kernel ---> Applications) with
out trusted grub?

*--> means 'measures'

A second question: is there IMA package available for ubuntu and SE Linux?

best,
HK