The Linux Integrity Measurement Architecture (IMA) calculates the digest of each file, as it is accessed by the system. Digests can be included in a measurement log and reported in a remote attestation process, or can be compared with references values to deny access to corrupted files. The integrity of the measurement log is guaranteed by the TPM. IMA can also be used for appraisal, in which case the integrity of each reference value is protected with an HMAC or with a digital signature in the file system.
The Digest Lists extension builds on IMA by extending it with a new approach. Instead of creating a distinct log entry for each accessed file, IMA first pre-loads reference measurement lists and adds a new entry to the log only if the digest of an accessed file is not found in the pre-loaded lists. If appraisal is enabled, IMA checks the signature of many file digests at once instead of the signature of each file.
- system performance: the TPM is used only to protect the measurements of digests lists and of the files not included in the digest lists;
- efficiency: only one signature is verified for all digests in a list, as opposed to one signature for each file;
- availability of reference measurements: the Digest Lists extension obtains them from existing packages of Linux distributions, thus solving one of the main challenges of remote attestation;
- powerful sealing policies: the Digest Lists extension enables predictable PCR values, allowing users to define sealing policies for TPM keys based on all the software that can be loaded on the system; usage of the keys is denied by the TPM if unauthorized software is loaded.
The Digest Lists extension consists of two parts:
- kernel patches for IMA: https://github.com/euleros/linux/wiki/IMA-Digest-Lists-Extension;
- user space tools: https://github.com/euleros/digest-list-tools/wiki.
Besides the source code and documentation, in the second link you can also find instructions to easily test the feature by installing the pre-built RPM packages for SUSE and Red Hat distributions.
Your feedback on this proposal is much appreciated, either via Github or by e-mail at firstname.lastname@example.org.