[Dev] Integrity protection mechanism for the root file system?

Janusz Kozerski j.kozerski at samsung.com
Wed Sep 17 08:39:05 GMT 2014


Hi Tom,

The work is almost done. We plan to finish everyhing by the end od September.
There is a few changes in the design compared to the wiki page:
https://wiki.tizen.org/wiki/Security:IntegrityMeasurement. Those are only minor
changes. I'll try to update the wiki page this week.

The main status is:
 - Kernel features are done and can be found on Dmitry Kasatkin git on
kernel.org
(http://git.kernel.org/cgit/linux/kernel/git/kasatkin/linux-digsig.git/log/?h=im
a-control-experimental). We want to upstream all patches, but it will take some
time (no sooner than December). So we've backported all integrity patches to
kernel-common on Tizen.org on sandbox/jkozerski/ima-evm branch
(https://review.tizen.org/gerrit/gitweb?p=profile%2Fcommon%2Fkernel-common.git;a
=shortlog;h=refs%2Fheads%2Fsandbox%2Fjkozerski%2Fima-evm). We've tried also to
backport all those patches to emulator-kernel, but it wasn't possible due to too
many conflicts (this kernel is a little bit old: 3.12).

- ima-evm-utils (repository:
https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/ima-evm-utils
) features are mostly done (there's one thing left). All patches are merged to
experimetal branch
(https://review.tizen.org/gerrit/gitweb?p=platform%2Fupstream%2Fima-evm-utils.gi
t;a=shortlog;h=refs%2Fheads%2Fexperimental). This library makes using of kernel
interfaces easier.

- ima-evm-reference-utils
(https://review.tizen.org/gerrit/#/admin/projects/platform/core/security/ima-evm
-reference-utils,branches). This is set of reference tools like: GUI, service,
console-tool, scripts. There is a few things to do here - mostly example
scripts, and console tool.


Plase ask if you have any questions.

BR,
Janusz

On 2014-09-17 09:58:37, Counihan, Tom wrote:
> 
> Folks,
> 
> While this https://bugs.tizen.org/jira/browse/TC-375  was raised and 
> disposition a year ago, I did observe some presentations subsequently; 
> https://archive.fosdem.org/2014/schedule/event/integrity_protection_so
> lutio 
> ns_for_embedded_systems/attachments/slides/414/export/events/attachmen
> ts/in 
> tegrity_protection_solutions_for_embedded_systems/slides/414/Integrity
> _Prot ection_For_Embedded_Systems_FOSDEM_2014.pdf
> 
> And then I stumbled here:
> https://wiki.tizen.org/wiki/Security:IntegrityMeasurement
> 
> I'd like to understand the current day status. How progressed is this?
> It hit the wiki April/may this year, and I now found a mail on tizen 
> dev from  Janusz announcing an intent to focus - but no real response 
> and no further update.
> 
> Any insight greatly appreciated.
> 
> 
> Warm Regards
> Tom.
> --------------------------------------------------------------
> Intel Shannon Limited
> Registered in Ireland
> Registered Office: Collinstown Industrial Park, Leixlip, County 
> Kildare Registered Number: 308263 Business address: Dromore House, 
> East Park, Shannon, Co. Clare
> 
> This e-mail and any attachments may contain confidential material for 
> the sole use of the intended recipient(s). Any review or distribution 
> by others is strictly prohibited. If you are not the intended 
> recipient, please contact the sender and delete all copies.
> 
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev



More information about the Dev mailing list