Linux Kernel Integrity
firstname.lastname@example.org is the mailing list for TPM and IMA targeted patches and discussion.
- Subscription information is here: http://vger.kernel.org/vger-lists.html#linux-integrity
For non-trivial patch sets, such as patch sets that touch multiple subsystems, it is recommended to CC the email@example.com mailing list for more broad screening.
TPM and IMA have have their own maintainers and GIT trees:
- IMA: Mimi Zohar, git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
- TPM: Jarkko Sakkinen, git://git.infradead.org/users/jjs/linux-tpmdd.git
The TPM 2.0 infrastructure in and around linux is currently moving fast. Here is a link list which tries to capture the current situation.
Books & Links
- A Practical Guide toTPM 2.0, free PDF, https://link.springer.com/book/10.1007/978-1-4302-6584-9
- TPM2.0 in Context, http://www.springer.com/de/book/9783319087436
- TCG Links https://trustedcomputinggroup.org/resources-using-trusted-platform-module-2-0-library-specification/
- Matthew Garrett's blog https://mjg59.dreamwidth.org/ (not only about tpm)
- James Bottomley's blog https://blog.hansenpartnership.com (not only about tpm)
Intel TSS Stack
The Intel TSS Stack, compliant with the TCG SAPI specifications consists of
- The Stack: https://github.com/01org/tpm2-tss
- The Tools: https://github.com/01org/tpm2-tools
- The Broker: https://github.com/01org/tpm2-abrmd (Access Broker & Resource Management Daemon)
Interesting Links can be found here:
- https://github.com/01org/tpm2-tools/wiki/How-to-use-tpm2-tools (needs to be updated)
- RSA signatures with TPM2.0 and OpenSSL https://dguerriblog.wordpress.com/
Interesting Projects using Intel TSS Stack
Automated Full Disk De/Encryption with Clevis/Tang+TPM+Luks
StrongSwan VPN Server + IMA + TPMSupport (Remote Attestation)
- Remote Attestation https://01.org/opencit
IBM TSS Stack
The IBM Stack follows a more pragmatic approach - the code can be found at
including tools and everything.
James Bottomley has been actively developing against it
It comes with its own
- TPM2.0 Simulator https://sourceforge.net/projects/ibmswtpm2/
- Attestation client/server http://ibmswtpm.sourceforge.net/ibmacs.html
See https://sourceforge.net/p/linux-ima/wiki/Home/ for details.
IMA namespacing: IMA Namespacing design considerations