File integrity checks. #133
Labels
enhancement
New feature or request
Comments
|
This looks really good already. Is there anything we can help with or support you? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
in-toto only calculates the hash of the file on disk, and does not know what data is actually loaded into memory. Both Windows and Linux have methods to verify the integrity of the files loaded into memory
Linux:
The IMA log when the
ima_policy=tcbrecords hashes of all the files loaded into memoryGRUB_CMDLINE_LINUX="ima_policy=tcb ima_hash=sha256 ima=on"TPM 2.0 PCR Register 10 stores the Aggregate SHASUM of the IMA Log.
These can be used to verify that the files on disk, which in-toto hashes, actually match what was in memory when the code was compiled.
The following screenshot shows the IMA log after running an exploit tool
Windows:
Windows should be a separate effort. I do believe there is an event log that we can verify with the TPM.
https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices
The text was updated successfully, but these errors were encountered: