Difference between revisions of "Linux Kernel Integrity"

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
(Added a bunch of useful links to capture the current situation of TPM under Linux, maybe move to it's own page in the future.)
 
(One intermediate revision by one other user not shown)
Line 22: Line 22:
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)




Line 54: Line 53:
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2


=== IBM TSS Stack ===  
=== IBM TSS Stack ===  
Line 69: Line 69:
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  


   
   
== IMA ==
== IMA ==
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.
IMA namespacing: [[IMA Namespacing design considerations]]

Latest revision as of 14:03, 15 March 2018

linux-integrity@vger.kernel.org is the mailing list for TPM and IMA targeted patches and discussion.

For non-trivial patch sets, such as patch sets that touch multiple subsystems, it is recommended to CC the linux-security-module@vger.kernel.org mailing list for more broad screening.


TPM and IMA have have their own maintainers and GIT trees:

TPM 2.0

The TPM 2.0 infrastructure in and around linux is currently moving fast. Here is a link list which tries to capture the current situation.


Books & Links


Intel TSS Stack

The Intel TSS Stack, compliant with the TCG SAPI specifications consists of

Interesting Links can be found here:

Interesting Projects using Intel TSS Stack

Automated Full Disk De/Encryption with Clevis/Tang+TPM+Luks

StrongSwan VPN Server + IMA + TPMSupport (Remote Attestation)

Others:


IBM TSS Stack

The IBM Stack follows a more pragmatic approach - the code can be found at

including tools and everything.

James Bottomley has been actively developing against it

It comes with its own


IMA

See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.

IMA namespacing: IMA Namespacing design considerations