Linux Kernel Integrity

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(Added a bunch of useful links to capture the current situation of TPM under Linux, maybe move to it's own page in the future.)
m (IMA)
 
(One intermediate revision by one user not shown)
Line 22: Line 22:
 
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
 
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
 
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)
 
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)
 
  
  
Line 54: Line 53:
 
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
 
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
 
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2
 
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2
 +
  
 
=== IBM TSS Stack ===  
 
=== IBM TSS Stack ===  
Line 69: Line 69:
 
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  
 
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  
  
 
 
   
 
   
 
== IMA ==
 
== IMA ==
 
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.
 
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.
 +
 +
IMA namespacing: [[IMA Namespacing design considerations]]

Latest revision as of 14:03, 15 March 2018

linux-integrity@vger.kernel.org is the mailing list for TPM and IMA targeted patches and discussion.

For non-trivial patch sets, such as patch sets that touch multiple subsystems, it is recommended to CC the linux-security-module@vger.kernel.org mailing list for more broad screening.


TPM and IMA have have their own maintainers and GIT trees:

Contents

[edit] TPM 2.0

The TPM 2.0 infrastructure in and around linux is currently moving fast. Here is a link list which tries to capture the current situation.


[edit] Books & Links


[edit] Intel TSS Stack

The Intel TSS Stack, compliant with the TCG SAPI specifications consists of

Interesting Links can be found here:

[edit] Interesting Projects using Intel TSS Stack

Automated Full Disk De/Encryption with Clevis/Tang+TPM+Luks

StrongSwan VPN Server + IMA + TPMSupport (Remote Attestation)

Others:


[edit] IBM TSS Stack

The IBM Stack follows a more pragmatic approach - the code can be found at

including tools and everything.

James Bottomley has been actively developing against it

It comes with its own


[edit] IMA

See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.

IMA namespacing: IMA Namespacing design considerations

Personal tools
Namespaces

Variants
Actions
Navigation
Tools