From: Pavel Machek <pavel@ucw.cz>
To: David Safford <safford@watson.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, serue@linux.vnet.ibm.com,
kjhall@linux.vnet.ibm.com, zohar@us.ibm.com
Subject: Re: [Patch 3/7] integrity: EVM as an integrity service provider
Date: Thu, 22 Mar 2007 23:19:17 +0000 [thread overview]
Message-ID: <20070322231917.GC4064@ucw.cz> (raw)
In-Reply-To: <1174931715.3493.44.camel@localhost.localdomain>
Hi!
> > > > + The Extended Verification Module is an integrity provider.
> > > > + An extensible set of extended attributes, as defined in
> > > > + /etc/evm.conf, are HMAC protected against modification
> > > > + using the TPM's KERNEL ROOT KEY, if configured, or with a
> > > > + pass-phrase. Possible extended attributes include authenticity,
> > > > + integrity, and revision level.
> >
> > What is identity provider good for? Can you explain it a bit more, or
> > perhaps point to Doc*/ somewhere?
>
> There are some papers and related userspace code at
> http://www.research.ibm.com/gsal/tcpa
> which describe the architecture in more detail, but basically this
> integrity provider is designed to complement mandatory access control
> systems like selinux and slim. Such systems can protect a running system
> against on-line attacks, but do not protect against off-line attacks
> (booting Knoppix and changing executables or their selinux labels), or
> against attacks which find weaknesses in the kernel or the LSM module
> itself.
Thanks. Can this go to Doc*/ somewhere?
...but... If I can attack your system using knoppix, I can get at your
data, already, right? So you'll need to encrypt your data, anyway?
> Using a TPM or passphrase, EVM can verify the integrity of all files
> (including the kernel and initrd) and their labels before they are
How does passphrase work here?
...so you have your data encrypted, and you have bootloader that
verifies kernel/initrd (you need that, anyway). Because you data are
encrypted, knoppix attack will not work... assuming crypto does some
integrity checks, but IIRC crypto needs to do that.
Pavel,
who is afraid, that this code will come back and bite him. He has
nightmares of opening PS4 box as a christmas gift, then not being able
to hack his new hardware.
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2007-03-27 16:14 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-23 16:09 [Patch 3/7] integrity: EVM as an integrity service provider Mimi Zohar
2007-03-25 8:14 ` Andrew Morton
2007-03-26 18:23 ` Serge E. Hallyn
2007-03-26 20:56 ` Mimi Zohar
2007-03-25 8:16 ` Andrew Morton
2007-03-25 12:13 ` Pavel Machek
2007-03-26 17:55 ` David Safford
2007-03-22 23:19 ` Pavel Machek [this message]
2007-03-27 17:32 ` David Safford
2007-03-26 3:13 ` Mimi Zohar
2007-03-26 5:28 ` Andrew Morton
2007-03-26 11:43 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070322231917.GC4064@ucw.cz \
--to=pavel@ucw.cz \
--cc=akpm@linux-foundation.org \
--cc=kjhall@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=serue@linux.vnet.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox