[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-security-module
Subject:    RFC: An Overview of the Linux Integrity Subsystem
From:       Mimi Zohar <zohar () linux ! vnet ! ibm ! com>
Date:       2010-12-10 13:37:06
Message-ID: 1291988226.3127.15.camel () localhost ! localdomain
[Download RAW message or body]

Following the EVM talk at this year's Linux Security Summit held in
conjunction with LinuxCon, a discussion ensued questioning some of the
integrity design decisions as implemented in the EVM/IMA-appraisal patch
set.  A whitepaper "An Overview of the Linux Integrity Subsystem"
attempts to address these concerns.
(http://downloads.sf.net/project/linux-ima/linux-ima/Integrity_overview.pdf)

For anyone interested in the proposed integrity subsystem,
linux-ima.sourceforge.net has been updated with new, hopefully,
simplified installation directions, patches to use the new
Trusted/Encrypted keys, which is now in the security-testing/#next tree,
a few bug fixes, and a sample dracut patch to enable EVM in the
initramfs.  (The patches are against the 2.6.36 stable tree.)

thanks,

Mimi Zohar
David Safford

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]