https://bugzilla.redhat.com/show_bug.cgi?id=1329448
Bug ID: 1329448
Summary: Review Request: Tbootxm - trusted host with boot time
integrity checks
Product: Fedora
Version: rawhide
Component: Package Review
Severity: medium
Assignee: nob...@fedoraproject.org
Reporter: saurabh.kulka...@intel.com
QA Contact: extras...@fedoraproject.org
CC: package-review@lists.fedoraproject.org
Spec URL: <spec info here>
SRPM URL: <srpm info here>
Description:
This feature will enable measuring files present on the OS
at the time of boot. These measurements will extend upon those done by Intel
TXT and Tboot earlier in the boot process. In addition to measuring these
paths, it would be possible to attest (locally or remotely) these measurements
against a good known whitelist to provide boot time integrity. Measurements
constitute file hashes. We can potentially measure any file having a path on
the OS at the time of boot and store those measurements in the TPM. These
values are compared against a known whitelist to guarantee boot time integrity
of OS components. In order to remotely attest these measurements, the user
would need an Attestation server and a host trust agent installed (open-sourced
already). For measurements without remote attestation, no other component is
required. Please note : All measurements are done by an initrd hook. Existing
initrd will be modified to add our measurement agent hook for this to work.
Fedora Account System Username: srk892
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org
