public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed
From: Matt Anderson <mra@hp.com>
To: linux-audit@redhat.com
Subject: Auditing the TPM
Date: Thu, 03 Jan 2008 14:22:45 -0500	[thread overview]
Message-ID: <477D3605.5080406@hp.com> (raw)

I have been experimenting with the TPM and the TrouSerS package some and
have so far come up with this list of possible events that could be
interesting from a OS auditing perspective:

    * Taking Ownership of the TPM
    * Clearing Ownership
    * Dis/Enabling the TPM
    * Dis/Activating the TPM
    * Recording PCR values
    * Adjustments to PCR values
    * Remote attestation connections/commands and their results
    * Requests of the Public Endorsement Key (EK)
    * Adjustments to the access controls on the EK
    * Creating/Destroying the EK
    * Changes to the TPM locked status (set/reset)


For some of these events it makes sense that the auditing would happen
in the TPM kernel driver, other events will need to be audited up in
user space to accurately capture all the important information.  Has
anyone in this community begun looking at what TPM events are
interesting from an audit perspective?

thanks
-matt

             reply	other threads:[~2008-01-03 19:23 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-03 19:22 Matt Anderson [this message]
2008-01-03 21:39 ` Auditing the TPM Steve Grubb
2008-01-03 23:22   ` Matt Anderson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=477D3605.5080406@hp.com \
    --to=mra@hp.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox