The EVM/IMA-appraisal patches have gone through a number of iterations.
The latest EVM patches were posted last Monday, separately from the
IMA-appraisal patches to facilitate review, but have not received any
additional Acks, particularly from the fs side, which are needed for the
patches to be upstreamed. Anybody on this list able to help get the
needed review and Acks?
Additional info:
Dave Safford's whitepaper overview of the proposed Linux integrity
subsystem:
http://downloads.sf.net/project/linux-ima/linux-ima/Integrity_overview.pdf.
EVM:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6.36.git/#next-evm
IMA-appraisal (waiting for EVM to be upstreamed, before posting)
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6.36.git/#next-...
Digital signature extensions (Dmitry Kasatkin):
http://meego.gitorious.org/meego-platform-security/ima-ksign
Digital signature utilities (Dmitry Kasatkin):
http://meego.gitorious.org/meego-platform-security/evm-utils.
Other, including a sample dracut patch to enable EVM in the initramfs:
http://linux-ima.sf.net
Thanks,
Mimi Zohar
Dave Safford