Linux Kernel Integrity

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(Added a bunch of useful links to capture the current situation of TPM under Linux, maybe move to it's own page in the future.)
m
Line 22: Line 22:
 
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
 
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
 
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)
 
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)
 
  
  
Line 54: Line 53:
 
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
 
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
 
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2
 
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2
 +
  
 
=== IBM TSS Stack ===  
 
=== IBM TSS Stack ===  
Line 69: Line 69:
 
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  
 
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  
  
 
 
   
 
   
 
== IMA ==
 
== IMA ==
 
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.
 
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.

Revision as of 00:18, 31 October 2017

linux-integrity@vger.kernel.org is the mailing list for TPM and IMA targeted patches and discussion.

For non-trivial patch sets, such as patch sets that touch multiple subsystems, it is recommended to CC the linux-security-module@vger.kernel.org mailing list for more broad screening.


TPM and IMA have have their own maintainers and GIT trees:

Contents

TPM 2.0

The TPM 2.0 infrastructure in and around linux is currently moving fast. Here is a link list which tries to capture the current situation.


Books & Links


Intel TSS Stack

The Intel TSS Stack, compliant with the TCG SAPI specifications consists of

Interesting Links can be found here:

Interesting Projects using Intel TSS Stack

Automated Full Disk De/Encryption with Clevis/Tang+TPM+Luks

StrongSwan VPN Server + IMA + TPMSupport (Remote Attestation)

Others:


IBM TSS Stack

The IBM Stack follows a more pragmatic approach - the code can be found at

including tools and everything.

James Bottomley has been actively developing against it

It comes with its own


IMA

See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools