On Wed, Dec 15, 2021 at 09:27:42AM +0000, Roberto Sassu via devel wrote: > Hello everyone > > I have done some work in the integrity subsystem, called > Digest Lists Integrity Module (DIGLIM). > > It simplifies the effort necessary to do IMA appraisal, by > reusing the digests included in the header of existing > RPM packages as reference values. It wouldn't require > any change in the building infrastructure. > > It also provides an alternative way of attesting systems, > by keeping the TPM PCR extended with software > measurements, stable and predictable. The main benefit > is the ability to seal a TPM key to the desired software > configuration, so that a TLS secure communication can > be established when only software from installed RPMs > is executed. It would be possible to integrate this solution > in Keylime. > > I have proposed this feature for upstream inclusion: > > https://lore.kernel.org/linux-integrity/20210914163401.864635-1-roberto.sa...@huawei.com/ > > I also rebuilt the Fedora kernel in copr, with DIGLIM: > > https://copr.fedorainfracloud.org/coprs/robertosassu/DIGLIM/ > > You can find the instructions about how to use it here: > > https://lore.kernel.org/linux-integrity/48cd737c504d45208377daa27d625...@huawei.com/ > > I would like to join one of your subgroups, for example > fedora-contributor, so that I can propose a new feature > for Fedora 36/37.
You don't need any particular group membership to propose changes. :) https://docs.fedoraproject.org/en-US/program_management/changes_policy/ Of course being a fedora packager is useful if your change involves updates/changes to packages, but you could submit them as PR's and convince existing maintainers to merge them. kevin
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
