Difference between revisions of "Linux Kernel Integrity"

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
(Added a bunch of useful links to capture the current situation of TPM under Linux, maybe move to it's own page in the future.)
m
Line 22: Line 22:
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
* Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)
* James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)




Line 54: Line 53:
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
* https://robertou.com/tpm2-sealed-luks-encryption-keys.html
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2
* https://github.com/WindRiver-OpenSourceLabs/cryptfs-tpm2


=== IBM TSS Stack ===  
=== IBM TSS Stack ===  
Line 69: Line 69:
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  
* Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html  


   
   
== IMA ==
== IMA ==
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.

Revision as of 00:18, 31 October 2017

linux-integrity@vger.kernel.org is the mailing list for TPM and IMA targeted patches and discussion.

For non-trivial patch sets, such as patch sets that touch multiple subsystems, it is recommended to CC the linux-security-module@vger.kernel.org mailing list for more broad screening.


TPM and IMA have have their own maintainers and GIT trees:

TPM 2.0

The TPM 2.0 infrastructure in and around linux is currently moving fast. Here is a link list which tries to capture the current situation.


Books & Links


Intel TSS Stack

The Intel TSS Stack, compliant with the TCG SAPI specifications consists of

Interesting Links can be found here:

Interesting Projects using Intel TSS Stack

Automated Full Disk De/Encryption with Clevis/Tang+TPM+Luks

StrongSwan VPN Server + IMA + TPMSupport (Remote Attestation)

Others:


IBM TSS Stack

The IBM Stack follows a more pragmatic approach - the code can be found at

including tools and everything.

James Bottomley has been actively developing against it

It comes with its own


IMA

See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.