http://kernsec.org/wiki/api.php?action=feedcontributions&feedformat=atom&user=PeterHueweLinux Kernel Security Subsystem - User contributions [en]2026-04-04T14:09:04ZUser contributionsMediaWiki 1.36.1http://kernsec.org/wiki/index.php?title=Linux_Kernel_Integrity&diff=3920Linux Kernel Integrity2017-10-31T00:18:51Z<p>PeterHuewe: </p>
<hr />
<div>'''linux-integrity@vger.kernel.org''' is the mailing list for TPM and IMA targeted patches and discussion.<br />
<br />
* Subscription information is here: http://vger.kernel.org/vger-lists.html#linux-integrity<br />
<br />
For non-trivial patch sets, such as patch sets that touch multiple subsystems, it is recommended to CC the '''linux-security-module@vger.kernel.org''' mailing list for more broad screening.<br />
<br />
<br />
TPM and IMA have have their own maintainers and GIT trees:<br />
<br />
* '''IMA:''' Mimi Zohar, git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git<br />
* '''TPM:''' Jarkko Sakkinen, git://git.infradead.org/users/jjs/linux-tpmdd.git<br />
<br />
== TPM 2.0 ==<br />
The TPM 2.0 infrastructure in and around linux is currently moving fast.<br />
Here is a link list which tries to capture the current situation.<br />
<br />
<br />
=== Books & Links ===<br />
* A Practical Guide toTPM 2.0, free PDF, https://link.springer.com/book/10.1007/978-1-4302-6584-9<br />
* TPM2.0 in Context, http://www.springer.com/de/book/9783319087436<br />
* TCG Links https://trustedcomputinggroup.org/resources-using-trusted-platform-module-2-0-library-specification/<br />
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)<br />
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)<br />
<br />
<br />
=== Intel TSS Stack ===<br />
The Intel TSS Stack, compliant with the TCG SAPI specifications consists of <br />
* The Stack: https://github.com/01org/tpm2-tss<br />
* The Tools: https://github.com/01org/tpm2-tools<br />
* The Broker: https://github.com/01org/tpm2-abrmd (Access Broker & Resource Management Daemon)<br />
<br />
Interesting Links can be found here:<br />
* https://lenovopress.com/lp0599-technical-introduction-tpm-20-with-linux<br />
* http://www.jwsecure.com/2017/02/07/implementing-platform-protection-for-linux/<br />
* https://github.com/01org/tpm2-tools/wiki/How-to-use-tpm2-tools (needs to be updated)<br />
* RSA signatures with TPM2.0 and OpenSSL https://dguerriblog.wordpress.com/<br />
* https://archive.fosdem.org/2017/schedule/event/tpm2/attachments/slides/1517/export/events/attachments/tpm2/slides/1517/FOSDEM___TPM2_0_practical_usage.pdf<br />
* https://elinux.org/images/6/6e/ELC2017_TPM2-and-TSS_Tricca.pdf<br />
<br />
==== Interesting Projects using Intel TSS Stack ====<br />
Automated Full Disk De/Encryption with Clevis/Tang+TPM+Luks<br />
* http://redhat.slides.com/npmccallum/sad<br />
* https://github.com/latchset/clevis/pull/17<br />
* https://github.com/martinezjavier/clevis/blob/tpm2-pin/doc/clevis-bind-luks-tpm2.md<br />
<br />
StrongSwan VPN Server + IMA + TPMSupport (Remote Attestation)<br />
* https://wiki.strongswan.org/projects/strongswan/wiki/TPMPlugin<br />
<br />
Others:<br />
* Remote Attestation https://01.org/opencit <br />
* https://github.com/irtimmer/tpm2-pk11<br />
* https://github.com/rqou/tpm2-luks<br />
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html<br />
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2<br />
<br />
<br />
=== IBM TSS Stack === <br />
The IBM Stack follows a more pragmatic approach - the code can be found at<br />
* https://sourceforge.net/projects/ibmtpm20tss/<br />
including tools and everything.<br />
<br />
James Bottomley has been actively developing against it<br />
* https://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/<br />
* https://blog.hansenpartnership.com/tpm-enabling-gnome-keyring/<br />
* https://blog.hansenpartnership.com/tpm2-and-linux/<br />
<br />
It comes with its own<br />
* TPM2.0 Simulator https://sourceforge.net/projects/ibmswtpm2/<br />
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html <br />
<br />
<br />
== IMA ==<br />
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.</div>PeterHuewehttp://kernsec.org/wiki/index.php?title=Linux_Kernel_Integrity&diff=3919Linux Kernel Integrity2017-10-31T00:16:54Z<p>PeterHuewe: Added a bunch of useful links to capture the current situation of TPM under Linux, maybe move to it's own page in the future.</p>
<hr />
<div>'''linux-integrity@vger.kernel.org''' is the mailing list for TPM and IMA targeted patches and discussion.<br />
<br />
* Subscription information is here: http://vger.kernel.org/vger-lists.html#linux-integrity<br />
<br />
For non-trivial patch sets, such as patch sets that touch multiple subsystems, it is recommended to CC the '''linux-security-module@vger.kernel.org''' mailing list for more broad screening.<br />
<br />
<br />
TPM and IMA have have their own maintainers and GIT trees:<br />
<br />
* '''IMA:''' Mimi Zohar, git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git<br />
* '''TPM:''' Jarkko Sakkinen, git://git.infradead.org/users/jjs/linux-tpmdd.git<br />
<br />
== TPM 2.0 ==<br />
The TPM 2.0 infrastructure in and around linux is currently moving fast.<br />
Here is a link list which tries to capture the current situation.<br />
<br />
<br />
=== Books & Links ===<br />
* A Practical Guide toTPM 2.0, free PDF, https://link.springer.com/book/10.1007/978-1-4302-6584-9<br />
* TPM2.0 in Context, http://www.springer.com/de/book/9783319087436<br />
* TCG Links https://trustedcomputinggroup.org/resources-using-trusted-platform-module-2-0-library-specification/<br />
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)<br />
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)<br />
<br />
<br />
<br />
=== Intel TSS Stack ===<br />
The Intel TSS Stack, compliant with the TCG SAPI specifications consists of <br />
* The Stack: https://github.com/01org/tpm2-tss<br />
* The Tools: https://github.com/01org/tpm2-tools<br />
* The Broker: https://github.com/01org/tpm2-abrmd (Access Broker & Resource Management Daemon)<br />
<br />
Interesting Links can be found here:<br />
* https://lenovopress.com/lp0599-technical-introduction-tpm-20-with-linux<br />
* http://www.jwsecure.com/2017/02/07/implementing-platform-protection-for-linux/<br />
* https://github.com/01org/tpm2-tools/wiki/How-to-use-tpm2-tools (needs to be updated)<br />
* RSA signatures with TPM2.0 and OpenSSL https://dguerriblog.wordpress.com/<br />
* https://archive.fosdem.org/2017/schedule/event/tpm2/attachments/slides/1517/export/events/attachments/tpm2/slides/1517/FOSDEM___TPM2_0_practical_usage.pdf<br />
* https://elinux.org/images/6/6e/ELC2017_TPM2-and-TSS_Tricca.pdf<br />
<br />
==== Interesting Projects using Intel TSS Stack ====<br />
Automated Full Disk De/Encryption with Clevis/Tang+TPM+Luks<br />
* http://redhat.slides.com/npmccallum/sad<br />
* https://github.com/latchset/clevis/pull/17<br />
* https://github.com/martinezjavier/clevis/blob/tpm2-pin/doc/clevis-bind-luks-tpm2.md<br />
<br />
StrongSwan VPN Server + IMA + TPMSupport (Remote Attestation)<br />
* https://wiki.strongswan.org/projects/strongswan/wiki/TPMPlugin<br />
<br />
Others:<br />
* Remote Attestation https://01.org/opencit <br />
* https://github.com/irtimmer/tpm2-pk11<br />
* https://github.com/rqou/tpm2-luks<br />
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html<br />
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2<br />
<br />
=== IBM TSS Stack === <br />
The IBM Stack follows a more pragmatic approach - the code can be found at<br />
* https://sourceforge.net/projects/ibmtpm20tss/<br />
including tools and everything.<br />
<br />
James Bottomley has been actively developing against it<br />
* https://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/<br />
* https://blog.hansenpartnership.com/tpm-enabling-gnome-keyring/<br />
* https://blog.hansenpartnership.com/tpm2-and-linux/<br />
<br />
It comes with its own<br />
* TPM2.0 Simulator https://sourceforge.net/projects/ibmswtpm2/<br />
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html <br />
<br />
<br />
<br />
== IMA ==<br />
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.</div>PeterHuewehttp://kernsec.org/wiki/index.php?title=Main_Page&diff=3918Main Page2017-10-30T23:37:25Z<p>PeterHuewe: Added Link to Linux Integrity, as more pages will follow under that entry page.</p>
<hr />
<div>= Linux Kernel Security Subsystem =<br />
<br />
<br />
This is the Linux kernel security subsystem wiki, a resource for developers and users.<br />
<br />
It also features resources for the [[Linux Kernel Integrity | Linux Kernel Integrity Subsystem]]<br />
<br />
== Resources==<br />
<br />
* [[Kernel Repository]]<br />
<br />
* [[Projects]]<br />
<br />
* [[Events]]<br />
<br />
<br />
----<br />
<br />
If you would like an account on this site, please email ''jmorris _at namei.org''.</div>PeterHuewe