Date: Mon, 23 May 2005 19:59:09 -0400 (EDT)
From: James Morris <jmorris@redhat.com>
To: Reiner Sailer <sailer@us.ibm.com>
cc: Pavel Machek <pavel@ucw.cz>, <Valdis.Kletnieks@vt.edu>, <Toml@us.ibm.com>,
       <linux-security-module@wirex.com>, <linux-kernel@vger.kernel.org>,
       <Emilyr@us.ibm.com>, <Kylene@us.ibm.com>
Subject: Re: [PATCH 2 of 4] ima: related Makefile compile order change and
 Readme
In-Reply-To: <Pine.WNT.4.63.0505231657140.2372@laptop>
Message-ID: <Xine.LNX.4.44.0505231938340.890-100000@thoron.boston.redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1269
Lines: 40

On Mon, 23 May 2005, Reiner Sailer wrote:

> > It seems to me that the mechanism is sound... it does what the docs
> > says. Another questions is "is it usefull"?
> > 
> >                         Pavel 
> > 
> 
> We implemented some exemplary IMA-applications. If you like, visit our 
> project page and check out the references:
> http://www.research.ibm.com/secure_systems_department/projects/tcglinux/
> There you also find a complete  measurement list and a response of a measured 
> system replying to an authorized remote measurement-list-request.

How did you retrieve the TPM-aggregate?

I'm still not sure why exporting just the kernel measurement values via 
proc is useful.

Wouldn't you need to retrieve the measurement list atomically with the 
TPM-aggregate?

In which case, we'd need an interface which takes a nonce and returns the
kernel measurement list and the TPM-aggregate together.

Is the source of your example IMA attestation application available?


- James
-- 
James Morris
<jmorris@redhat.com>


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/