Pavel Machek <pavel@private> wrote on 05/23/2005 04:39:29 PM: > > Actually, you "could" also cat /proc files, then verify the signature > by hand (using pen and paper :-). Theoretically, yes. The signature is 2048bit and to validate the signed aggregate requires recursively applying SHA1 over all measurements. > It seems to me that the mechanism is sound... it does what the docs > says. Another questions is "is it usefull"? > > Pavel > We implemented some exemplary IMA-applications. If you like, visit our project page and check out the references: http://www.research.ibm.com/secure_systems_department/projects/tcglinux/ There you also find a complete measurement list and a response of a measured system replying to an authorized remote measurement-list-request. Thanks Reiner
This archive was generated by hypermail 2.1.3 : Mon May 23 2005 - 14:37:31 PDT