[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#850339: initramfs-tools: Support Linux Integrity



Control: tag -1 moreinfo

On Thu,  5 Jan 2017 21:16:58 -0500 Stefan Berger <stefanb@linux.vnet.ibm.com> wrote:
> Package: initramfs-tools
> Version: 0.103ubuntu4.3
> Severity: wishlist
> 
> Linux implements the Integrity Measurement Architecture (IMA) and the Extended
> Verfication Module (EVM).
> 
> IMA measures application and libraries as they are started and, using a policy,
> it can also verify the signatures associated with the applications and
> libraries. For this to work the operating system has load a policy and keys
> into the kernel. This should be done when the system is booted.
> 
> EVM protects file metadata against offline tampering. It does this by signing
> (HMAC, public key signature) file attributes. For this to work the operating
> system has to load the key used for verfication and signing into the kernel.
> This should be done when the system is booted.

As your implementation only adds new hook and boot scripts, why not put
them in a separate package?

Ben.

-- 
Ben Hutchings
Hoare's Law of Large Problems:
        Inside every large problem is a small problem struggling to get
out.

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: