Don't miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
IMA Update: Lessons Learned from Re-implementing IMA-measurement in User Space - Roberto Sassu, Huawei Technologies Duesseldorf GmbH
Integrity Measurement Architecture (IMA) was originally designed and developed by IBM Research to extend the trusted
boot chain of measurements to the running system. Subsequently, support for extending secure boot up to the running system (IMA-appraisal) was added and, with it, support for writing audit messages in the system logs.
For good and for bad, IMA-measurement and IMA-appraisal needed to be flexible to work in different environments from embedded/IoT to large systems. The original concepts of extending both trusted and secure boot have not changed, but some of the methods/designs could be improved.
This talk proposes a few kernel improvements based on our work in user space. First, it proposes a new design change to serialize and store the measurement list in a memory area shared between primary and secondary kernel, so that nothing needs to be done on kexec, as opposed to carrying out measurements from one kernel to another.
Second, it proposes a new testing tool for verifying that IMA reported a violation when a file is opened for read and
subsequently opened as write or vice-versa. Building on that, the talk also discusses a few alternatives on how to detect
such violations.
Finally, it proposes a new debugging technique, allowing to run a large number of integration tests without rebooting the
kernel.