You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implementing an IMA requires a TPM chip to store measurement hashes of files. TPMs on embedded devices are rare and could be more costly than "security chips" offered by various semiconductor vendors. TPM libraries, drivers, remote attestation server, and bootloader support could be major dependencies factored in.
We should think about modifying this requirement tailored to level 3 capable devices with TPMs (could be small market adoption) or generalize to specify the usage of integrity protection solutions such as IMA/EVM, dm-verity, and dm-integrity which could cast a wider net.
The text was updated successfully, but these errors were encountered:
Updated 3.2.10 with the following Verify that an Integrity Measurement Architecture (IMA) or similar integrity subsystem is in use and appropriately configured.
Implementing an IMA requires a TPM chip to store measurement hashes of files. TPMs on embedded devices are rare and could be more costly than "security chips" offered by various semiconductor vendors. TPM libraries, drivers, remote attestation server, and bootloader support could be major dependencies factored in.
We should think about modifying this requirement tailored to level 3 capable devices with TPMs (could be small market adoption) or generalize to specify the usage of integrity protection solutions such as IMA/EVM, dm-verity, and dm-integrity which could cast a wider net.
The text was updated successfully, but these errors were encountered: