Explore the latest developments in Linux Integrity subsystem and fs-verity integration in this 35-minute conference talk by Mimi Zohar from IBM. Delve into the original goals of the Linux Integrity subsystem, including file alteration detection, measurement appraisal, and local file integrity enforcement. Learn about the new feature of verifying "good" values stored as appended signatures. Discover how IMA support for fs-verity file digests and signatures in the IMA measurement list, along with fs-verity file digest signature verification, provides system-wide policy support for fs-verity. Understand how this integration closes an existing IMA integrity gap, creating a mutually beneficial scenario for both fs-verity and IMA. Gain insights into the new fs-verity support, the resolved IMA integrity gap, and potentially other open integrity challenges in the Linux ecosystem.
IMA Policy Support for fs-verity - A Win-win for Linux Integrity and File System Verification
Overview
Syllabus
IMA Policy Support for fs-verity: A Win-win for IMA & fs-verity - Mimi Zohar, IBM
Taught by
Linux Foundation
Tags
Related Courses
-
Overview and Recent Developments - Linux Integrity
-
The Future of Code Integrity Enforcement - Extending IMA
-
Linux Integrity Subsystem Status Update
-
Linux Integrity Subsystem Update - New Features and Future Development
-
fs-verity - Native File-based Authenticity
-
Surviving in the Wilderness: Integrity Protection and System Update for IoT Devices
