Pavel Machek <[email protected]> wrote on 05/23/2005 04:39:29 PM:
>
> Actually, you "could" also cat /proc files, then verify the signature
> by hand (using pen and paper :-).
Theoretically, yes. The signature is 2048bit and to validate the signed
aggregate requires recursively applying SHA1 over all measurements.
> It seems to me that the mechanism is sound... it does what the docs
> says. Another questions is "is it usefull"?
>
> Pavel
>
We implemented some exemplary IMA-applications. If you like, visit our
project page and check out the references:
http://www.research.ibm.com/secure_systems_department/projects/tcglinux/
There you also find a complete measurement list and a response of a measured
system replying to an authorized remote measurement-list-request.
Thanks
Reiner
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]