Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme

[Pavel Machek]

Hi!

> > > Perhaps I don't understand things fully, but what is the purpose of 
> > > providing measurement values locally via proc?
> > > 
> > > How can they be trusted without the TPM signing an externally generated 
> > > nonce?
> > 
> > If you can't trust what the kernel is outputting in /proc, you're screwed.
> 
> No, this is not the case. You can establish trust into the measurements 
> read through /proc by validating the TPM signature over the measurement 
> aggregate on a separate, trusted system. IMA measurements are not intended 
> to be used on the local system but on a separate system that is trusted not 
> to be compromised. The system validating the measurements does not
> trust 

Actually, you "could" also cat /proc files, then verify the signature
by hand (using pen and paper :-).

It seems to me that the mechanism is sound... it does what the docs
says. Another questions is "is it usefull"?

								Pavel 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/