Home

INTRODUCTION

IMA Digest Lists extension is composed of two parts:

kernel: https://github.com/euleros/linux (tag: ima-digest-lists-v3)
user space tools: https://github.com/euleros/digest-list-tools (tag: v0.2)

INSTALLATION INSTRUCTIONS

From sources

Enable the following options in the kernel configuration

CONFIG_IMA_DIGEST_LIST=y
CONFIG_IMA_PARSER_METADATA_PATH="/etc/ima/digest_lists/parser_metadata"
CONFIG_IMA_PARSER_BINARY_PATH="/usr/bin/upload_digest_lists"

CONFIG_PGP_LIBRARY=y
CONFIG_PGP_KEY_PARSER=y
CONFIG_PGP_TEST_KEY=y
CONFIG_PGP_PRELOAD=y
CONFIG_PGP_PRELOAD_PUBLIC_KEYS=y

Create a keyring of GPG keys that will be used to verify the signature of digest lists. The file must be named pubring.gpg and placed in the kernel source directory.
compile and install the kernel
compile and install digest-list-tools

From packages

SUSE Leap 42.3

# zypper addrepo https://download.opensuse.org/repositories/home:/rsassu/openSUSE_Leap_42.3/home:rsassu.repo

# zypper in kernel-default-4.15.13-10.2 digest-list-tools digest-list-tools-parser-sig

Fedora 27

# dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/robertosassu/ima-digest-lists/repo/fedora-27/robertosassu-ima-digest-lists-fedora-27.repo

# dnf install kernel-core-4.15.12-301.fc27.x86_64 kernel-modules-4.15.12-301.fc27.x86_64 kernel-4.15.12-301.fc27.x86_64 digest-list-tools digest-list-tools-parser-sig

USAGE INSTRUCTIONS

Follow the steps at https://github.com/euleros/digest-list-tools to generate the digest lists.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly