Menu
▾
▴
Re: [Linux-ima-user] Chain of trust in IMA and IMA for Ubuntu!
|
From: Mimi Z. <zo...@li...> - 2014-01-13 14:49:10
|
On Mon, 2014-01-13 at 14:50 +0100, hassan Ahamad wrote: > Are the linux - Debian distribution on which IMA is enabled? > > thanks! Unless something has recently changed, Debian has not enabled IMA/IMA-appraisal. A direct-io lockdep prevents Debian from even booting with 'CONCURENNCY=Makefile' specified in /etc/init.d/rc. Dmitry Kasatkin posted a method for resolving the direct-io lockdep. I recently posted a different method for resolving it - http://marc.info/?l=linux-security-module&m=138919062430367&w=2 Still waiting for comments... thanks, Mimi > On Sun, Jan 12, 2014 at 7:19 PM, Peter Moody <pm...@go...> wrote: > > > > > On Sun, Jan 12 2014 at 07:11, Mimi Zohar wrote: > > > On Thu, 2014-01-09 at 20:41 +0100, hassan Ahamad wrote: > > > > >> A second question: is there IMA package available for ubuntu and SE > > Linux? > > > > > > For measurement, the kernel needs to be configured with CONFIG_IMA > > > enabled. The builtin policy 'ima_tcb' needs to be specified on the boot > > > command line. There are dracut patches for loading a different policy, > > > but unlike for appraisal, no other packages are required. > > > > IMA will be enabled in the ubuntu kernel starting with 14.04 (due to be > > released in April). You'll still need to include ima_tcb on the boot > > command line. > > > > Cheers, > > peter |
