Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify or remove 3.2.10 IMA #79

Closed
scriptingxss opened this issue Mar 11, 2021 · 1 comment
Closed

Modify or remove 3.2.10 IMA #79

scriptingxss opened this issue Mar 11, 2021 · 1 comment
Labels
question Further information is requested
Milestone
1.0

Comments

@scriptingxss
Copy link
Collaborator

Implementing an IMA requires a TPM chip to store measurement hashes of files. TPMs on embedded devices are rare and could be more costly than "security chips" offered by various semiconductor vendors. TPM libraries, drivers, remote attestation server, and bootloader support could be major dependencies factored in.

We should think about modifying this requirement tailored to level 3 capable devices with TPMs (could be small market adoption) or generalize to specify the usage of integrity protection solutions such as IMA/EVM, dm-verity, and dm-integrity which could cast a wider net.
@scriptingxss scriptingxss added the question Further information is requested label Mar 12, 2021
@cbassem cbassem added this to the 1.0 milestone Mar 12, 2021
@scriptingxss
Copy link
Collaborator Author

Updated 3.2.10 with the following
Verify that an Integrity Measurement Architecture (IMA) or similar integrity subsystem is in use and appropriately configured.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
2 participants
@cbassem @scriptingxss