Menu
▾
▴
Re: [Linux-ima-user] Chain of trust in IMA and IMA for Ubuntu!
|
From: Mimi Z. <zo...@li...> - 2014-01-16 16:41:51
|
On Thu, 2014-01-16 at 15:48 +0100, hassan Ahamad wrote: > TrustedGRUB is measuring the Linux kernel (see: > http://projects.sirrix.com/trac/trustedgrub/wiki/Documentation). Thus the > chain-of-trust, I was talking about (BIOS->TrustedGRUB->Linux-Kernel (with > IMA)->applications), is complete. > > I am curious as IMA is only extending PCR 10. Which piece of code is > extending PCR 0 - 7? <securityfs>/tpm0/binary_bios_measurements contains the measurements that extend the PCRs 0 - 7. The IMA LTP testsuite contains examples how to verify PCRs and the boot-aggregate. Mimi |