Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme

From: Reiner Sailer (sailer@private)
Date: Mon May 23 2005 - 14:36:55 PDT

Pavel Machek <pavel@private> wrote on 05/23/2005 04:39:29 PM:

> Actually, you "could" also cat /proc files, then verify the signature
> by hand (using pen and paper :-).

Theoretically, yes. The signature is 2048bit and to validate the signed 
aggregate requires recursively applying SHA1 over all measurements.

> It seems to me that the mechanism is sound... it does what the docs
> says. Another questions is "is it usefull"?
>                         Pavel 

We implemented some exemplary IMA-applications. If you like, visit our 
project page and check out the references:
There you also find a complete  measurement list and a response of a measured 
system replying to an authorized remote measurement-list-request.


This archive was generated by hypermail 2.1.3 : Mon May 23 2005 - 14:37:31 PDT