Menu
▾
▴
Re: [Linux-ima-user] Chain of trust in IMA and IMA for Ubuntu!
|
From: Tamleek A. <tam...@gm...> - 2014-01-17 04:48:50
|
Hi, I guess the IMA start extending PCR 10 with ''boot-aggregate'' that already contains the previous measurements i.e. BIOS->TrustedGRUB etc. so the chain gets completed. Regards, Tamleek Ali On Thu, Jan 16, 2014 at 9:41 PM, Mimi Zohar <zo...@li...>wrote: > On Thu, 2014-01-16 at 15:48 +0100, hassan Ahamad wrote: > > TrustedGRUB is measuring the Linux kernel (see: > > http://projects.sirrix.com/trac/trustedgrub/wiki/Documentation). Thus > the > > chain-of-trust, I was talking about (BIOS->TrustedGRUB->Linux-Kernel > (with > > IMA)->applications), is complete. > > > > I am curious as IMA is only extending PCR 10. Which piece of code is > > extending PCR 0 - 7? > > <securityfs>/tpm0/binary_bios_measurements contains the measurements > that extend the PCRs 0 - 7. The IMA LTP testsuite contains examples how > to verify PCRs and the boot-aggregate. > > Mimi > > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > |
