Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753617AbYKMDsr (ORCPT ); Wed, 12 Nov 2008 22:48:47 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751392AbYKMDsg (ORCPT ); Wed, 12 Nov 2008 22:48:36 -0500 Received: from e3.ny.us.ibm.com ([32.97.182.143]:41162 "EHLO e3.ny.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751016AbYKMDsf (ORCPT ); Wed, 12 Nov 2008 22:48:35 -0500 From: Mimi Zohar To: linux-kernel@vger.kernel.org Cc: Mimi Zohar , Andrew Morton , James Morris , Christoph Hellwig , Al Viro , David Safford , Serge Hallyn Subject: [PATCH 0/4] integrity Date: Wed, 12 Nov 2008 22:47:10 -0500 Message-Id: X-Mailer: git-send-email 1.5.5.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1795 Lines: 42 The Linux Integrity Module (LIM) Framework provides hooks for modules to perform collection, appraisal, and storage of system integrity measurements. One such module, IMA, collects measurements of file data, maintains this list in the kernel, and if available, stores (extends) the measurements into a hardware TPM. These measurements are collected, appraised, and stored before any access (read or execute) to the data, so that malicious code or data cannot remove or cover up its own measurement, to avoid detection. If the measurements are anchored in a TPM, the TPM can sign the measurements, for proof of integrity to a third party, such as in enterprise client management. Integrity measurement is complementary to LSM mandatory access control, which can be used to protect the integrity of system files. Integrity measurement policies can take advantage of LSM labels in deciding what to measure and to detect when the protection fails, with hardware strength. This patch set addresses a couple of concerns raised on the mailing list: - Uses a radix tree to store integrity information associated with an inode, instead of extending the inode structure. - Moves hooks out of vfs_permission and file_permission, which are deprecated. - Fixes the template list locking. - Updates and clarifies the integrity_audit kernel command line option. Dave Safford Mimi Zohar (4): integrity: TPM internel kernel interface integrity: Linux Integrity Module(LIM) integrity: IMA as an integrity service provider integrity: IMA radix tree -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/