Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261668AbVEUGQV (ORCPT ); Sat, 21 May 2005 02:16:21 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261676AbVEUGQU (ORCPT ); Sat, 21 May 2005 02:16:20 -0400 Received: from mail.kroah.org ([69.55.234.183]:17031 "EHLO perch.kroah.org") by vger.kernel.org with ESMTP id S261674AbVEUGQD (ORCPT ); Sat, 21 May 2005 02:16:03 -0400 Date: Fri, 20 May 2005 23:02:36 -0700 From: Greg KH To: Reiner Sailer Cc: linux-kernel@vger.kernel.org, linux-security-module@mail.wirex.com, kylene@us.ibm.com, emilyr@us.ibm.com, toml@us.ibm.com Subject: Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme Message-ID: <20050521060236.GB24597@kroah.com> References: <1116596180.8156.8.camel@secureip.watson.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1116596180.8156.8.camel@secureip.watson.ibm.com> User-Agent: Mutt/1.5.8i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1555 Lines: 33 On Fri, May 20, 2005 at 09:36:20AM -0400, Reiner Sailer wrote: > The IBM Integrity Measurement Architecture (IMA) builds information > about the software that was loaded into a system run-time since the > last reboot. For each loaded executable (binary, kernel module, > library), the IMA calculates once a SHA1 value over the executable file > and stores it for later reference. IMA uses (optionally) the Trusted > Computing Group Trusted Platform Module to protect the integrity of > the accumulated measurements. IMA can, for example, be used to build > services that detect compromised malicious software loaded into the > runtime or can be used to validate expected system configurations. Do you have any benchmarks with this code running in TPM and non-TPM mode vs. normal operation? Also, your coding style has some issues (spaces instead of tabs), {} for one line if statements, etc. Please fix them up. Also DO NOT USE PROC! Please use the proper kernel interfaces if you wish to dump loads of statistics to userspace (your own filesystem, sysfs, debugfs (hint, hint, hint...) Also, there are a lot more virtual fs in the kernel than you are checking against in your "don't care about these files" test. You need to have a comprehensive list if you want to get it correct. thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/