https://bugzilla.redhat.com/show_bug.cgi?id=1329448 Bug ID: 1329448 Summary: Review Request: Tbootxm - trusted host with boot time integrity checks Product: Fedora Version: rawhide Component: Package Review Severity: medium Assignee: nobody@xxxxxxxxxxxxxxxxx Reporter: saurabh.kulkarni@xxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: package-review@xxxxxxxxxxxxxxxxxxxxxxx Spec URL: <spec info here> SRPM URL: <srpm info here> Description: This feature will enable measuring files present on the OS at the time of boot. These measurements will extend upon those done by Intel TXT and Tboot earlier in the boot process. In addition to measuring these paths, it would be possible to attest (locally or remotely) these measurements against a good known whitelist to provide boot time integrity. Measurements constitute file hashes. We can potentially measure any file having a path on the OS at the time of boot and store those measurements in the TPM. These values are compared against a known whitelist to guarantee boot time integrity of OS components. In order to remotely attest these measurements, the user would need an Attestation server and a host trust agent installed (open-sourced already). For measurements without remote attestation, no other component is required. Please note : All measurements are done by an initrd hook. Existing initrd will be modified to add our measurement agent hook for this to work. Fedora Account System Username: srk892 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/package-review@xxxxxxxxxxxxxxxxxxxxxxx