03-07-2019
Adding an application in trusted computing base
How to add new application/ code into trusted computing base in linux? or How to bind new command for IMA-measurement at boot time in Ubuntu?
Last edited by RudiC; 03-07-2019 at 06:01 AM..
Reason: Removed italic formatting
7 More Discussions You Might Find Interesting
1. Cybersecurity
About a year ago, a friend of mine who worked on the OReilly Snort book took a propsal he and I had worked on for a book on Trusted Computing. Though the editor thought the content was good and worthwhile, he felt that there wasn't enough of a market to justify printing such a work.
How many... (0 Replies)
Discussion started by: kduffin
0 Replies
2. Virtualization and Cloud Computing
Tim Bass
Thu, 15 Nov 2007 23:55:07 +0000
*I predict we may experience less*debates*on the use of the term “event cloud”*related to*CEP in the future, now that both IBM and Google* have made announcements about “cloud computing” and “computing cloud”, IBM Turning Data Centers Into ‘Computing... (0 Replies)
Discussion started by: Linux Bot
0 Replies
3. AIX
I wanted to do an "Alternate Disk Migration" via my NIM server to update several clients (all LPARs in a p670) from 5.1 ML6 to 5.2 ML3. As a prerequisite the procedure says "if the system has the Trusted Computing Base enabled it has to be switched off before".
Well, i didn't give this too much... (3 Replies)
Discussion started by: bakunin
3 Replies
4. Linux
Anyone have a current/cumulative list of all Trusted Computing-based drivers, modules, etc., that have been added to the kernel? (0 Replies)
Discussion started by: Varsel
0 Replies
5. Shell Programming and Scripting
HI Guys,
I have below input.
Output Base on Below Condition.
1> if forth column is empty and next coming line have same name with \es then add that column name on all rows
2>rest of all are es:vsDataEUtranCellFDD
Input:-
CCL01736 CCL01736_7A_1 es:vsDataEUtranCellFDD ... (3 Replies)
Discussion started by: pareshkp
3 Replies
6. HP-UX
is there a way for my C++ application to find out which mode the hpux OS is running in?
standard mode or trusted mode. (3 Replies)
Discussion started by: einsteinBrain
3 Replies
7. Shell Programming and Scripting
Hi Expert,
Anybody can figure it out on how to generate new port base on my last port let say my last port var1=124 and increment for new port 125,126 but this new two ports need to look at first if this port is not in used by any service, if the port is in used add 1 to new port and if in used... (6 Replies)
Discussion started by: lxdorney
6 Replies
LEARN ABOUT CENTOS
tb_polgen
TB_POLGEN(8) User Manuals TB_POLGEN(8)
NAME
tb_polgen - manage tboot verified launch policy
SYNOPSIS
tb_polgen COMMAND [OPTION]
DESCRIPTION
tb_polgen is used to manage tboot verified launch policy.
COMMANDS
--create
Create an empty tboot verified launch policy file.
--type nonfatal | continue | halt
Nonfatal means ignoring all non-fatal errors and continuing. Continue means ignoring verification errors and halting other-
wise. Halt means halting on any errors.
[--ctrl policy-control-value]
The default value 1 is to extend policy into PCR 17.
policy-file
--add Add a module hash entry into a policy file.
--num module-number | any
The module-number is the 0-based module number corresponding to modules loaded by the bootloader.
--pcr TPM-PCR-number | none
The TPM-PCR-number is the PCR to extend the module's measurement into.
--hash any | image
[--cmdline command-line]
The command line is from grub.conf, and it should not include the module name (e.g. "/xen.gz").
[--image image-file-name]
policy-file
--del Delete a module hash entry from a policy file.
--num module-number | any
The module-number is the 0-based module number corresponding to modules loaded by the bootloader.
[--pos hash-number]
The hash-number is the 0-based index of the hash, within the list of hashes for the specified module.
policy-file
--unwrap
Extract the tboot verified launch policy from a TXT LCP element file.
--elt elt-file
policy-file
--show policy-file
Show the policy information in a policy file.
--help Print out the help message.
--verbose
Enable verbose output; can be specified with any command.
EXAMPLES
tb_polgen --create --type nonfatal vl.pol
tb_polgen --add --num 0 --pcr none --hash image --cmdline "cmdline" --image /boot/xen.gz vl.pol
tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "cmdline" --image /boot/vmlinuz-2.6.18.8-xen vl.pol
tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initrd-2.6.18.8-xen.img vl.pol
tb_polgen --del --num 1 vl.pol
tb_polgen --show --verbose vl.pol
Note1:
It is not necessary to specify a PCR for module 0, since this module's measurement will always be extended to PCR 18. If a PCR is speci-
fied, then the measurement will be extended to that PCR in addition to PCR 18.
Note2:
--unwrap is not implemented correctly. There should be a defined UUID for this and that should be checked before copying the data. There
should be a wrap or similar command to generates an element file for a policy.
SEE ALSO
lcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8).
tboot 2011-12-31 TB_POLGEN(8)