On Fri, May 20, 2005 at 09:36:20AM -0400, Reiner Sailer wrote:
> The IBM Integrity Measurement Architecture (IMA) builds information
> about the software that was loaded into a system run-time since the
> last reboot. For each loaded executable (binary, kernel module,
> library), the IMA calculates once a SHA1 value over the executable file
> and stores it for later reference. IMA uses (optionally) the Trusted
> Computing Group Trusted Platform Module to protect the integrity of
> the accumulated measurements. IMA can, for example, be used to build
> services that detect compromised malicious software loaded into the
> runtime or can be used to validate expected system configurations.
Do you have any benchmarks with this code running in TPM and non-TPM
mode vs. normal operation?
Also, your coding style has some issues (spaces instead of tabs), {} for
one line if statements, etc. Please fix them up.
Also DO NOT USE PROC! Please use the proper kernel interfaces if you
wish to dump loads of statistics to userspace (your own filesystem,
sysfs, debugfs (hint, hint, hint...)
Also, there are a lot more virtual fs in the kernel than you are
checking against in your "don't care about these files" test. You need
to have a comprehensive list if you want to get it correct.
thanks,
greg k-h
This archive was generated by hypermail 2.1.3 : Fri May 20 2005 - 23:16:40 PDT