Bug 1329448

Summary: Review Request: Tbootxm - trusted host with boot time integrity checks
Product: [Fedora] Fedora Reporter: Saurabh Kulkarni <saurabh.kulkarni>
Component: Package ReviewAssignee: Neil Horman <nhorman>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: anto.trande, jamorgan, nhorman, package-review, saurabh.kulkarni
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: https://github.com/OpenAttestation/OpenAttestation/tree/tboot-xm_v1.0
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-13 11:33:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1273605    

Description Saurabh Kulkarni 2016-04-22 00:38:24 UTC 
Spec URL: <spec info here>
SRPM URL: <srpm info here>
Description: 

This feature will enable measuring files present on the OS
at the time of boot. These measurements will extend upon those done by Intel TXT and Tboot earlier in the boot process. In addition to measuring these paths, it would be possible to attest (locally or remotely) these measurements against a good known whitelist to provide boot time integrity. Measurements constitute file hashes. We can potentially measure any file having a path on the OS at the time of boot and store those measurements in the TPM. These values are compared against a known whitelist to guarantee boot time integrity of OS components. In order to remotely attest these measurements, the user would need an Attestation server and a host trust agent installed (open-sourced already). For measurements without remote attestation, no other component is required. Please note : All measurements are done by an initrd hook. Existing initrd will be modified to add our measurement agent hook for this to work. 

Fedora Account System Username: srk892
Comment 1 Antonio T. (sagitter) 2016-04-26 16:52:42 UTC 
(In reply to Saurabh Kulkarni from comment #0)
> Spec URL: <spec info here>
> SRPM URL: <srpm info here>
> 

Links ?
Comment 2 Neil Horman 2016-05-04 12:52:06 UTC 
yeah, saurabh, please read over the Fedora package review process before opening a bugzilla:
https://fedoraproject.org/wiki/Package_Review_Process
Comment 3 Saurabh Kulkarni 2016-05-12 22:46:20 UTC 
Hi Neil, sorry about that. All we have now is the working code that can be downloaded from github and built. We do not have an RPM yet. We are, however, working toward that.
Comment 4 Neil Horman 2016-05-13 11:33:54 UTC 
ok, but the point of a fedora review is having your code packaged as an rpm so that we can review the code and its packaging.  I'm closing this.  Please re-open it when you're ready to try including it in fedora.