Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme

From: Pavel Machek (pavel@private)
Date: Mon May 23 2005 - 13:39:29 PDT


> > > Perhaps I don't understand things fully, but what is the purpose of 
> > > providing measurement values locally via proc?
> > > 
> > > How can they be trusted without the TPM signing an externally generated 
> > > nonce?
> > 
> > If you can't trust what the kernel is outputting in /proc, you're screwed.
> No, this is not the case. You can establish trust into the measurements 
> read through /proc by validating the TPM signature over the measurement 
> aggregate on a separate, trusted system. IMA measurements are not intended 
> to be used on the local system but on a separate system that is trusted not 
> to be compromised. The system validating the measurements does not
> trust 

Actually, you "could" also cat /proc files, then verify the signature
by hand (using pen and paper :-).

It seems to me that the mechanism is sound... it does what the docs
says. Another questions is "is it usefull"?


This archive was generated by hypermail 2.1.3 : Mon May 23 2005 - 13:40:58 PDT