On Mon, 23 May 2005, Reiner Sailer wrote: > > It seems to me that the mechanism is sound... it does what the docs > > says. Another questions is "is it usefull"? > > > > Pavel > > > > We implemented some exemplary IMA-applications. If you like, visit our > project page and check out the references: > http://www.research.ibm.com/secure_systems_department/projects/tcglinux/ > There you also find a complete measurement list and a response of a measured > system replying to an authorized remote measurement-list-request. How did you retrieve the TPM-aggregate? I'm still not sure why exporting just the kernel measurement values via proc is useful. Wouldn't you need to retrieve the measurement list atomically with the TPM-aggregate? In which case, we'd need an interface which takes a nonce and returns the kernel measurement list and the TPM-aggregate together. Is the source of your example IMA attestation application available? - James -- James Morris <jmorris@private>
This archive was generated by hypermail 2.1.3 : Mon May 23 2005 - 16:59:52 PDT