SORRY, This page is under construction
This guide is intended to build Ubuntu with Trusted Computing.
Download ISO image. and install to your HDD.
Update to be work with latest packages.
Install additional packages, dpkg-dev, devscripts, fakeroot, pbuilder
Download source package and test the build.
$ sudo apt-get build-dep grub $ apt-get source grub $ cd grub-0.97 $ debchange -i $ dpkg-buildpackage -rfakeroot -us -uc
OK? Next apply the IMA patch.
Download source package and test the build.
TBD
Reboot
http://sourceforge.net/projects/trustedgrub
$ wget http://jaist.dl.sourceforge.net/sourceforge/trustedgrub/TrustedGRUB-1.1.3.tgz $ tar xvfz TrustedGRUB-1.1.3.tgz $ cd TrustedGRUB-1.1.3 $ ./build_tgrub.sh $ cd TrustedGRUB-1.1.3 $ ./configure CFLAGS="-fno-stack-protector" STAGE2_CFLAGS="-fno-stack-protector" $ make $ sudo make install $ sudo /usr/local/sbin/grub-install /dev/sda
Download source package and test the build.
$ sudo apt-get build-dep linux-image-debug-2.6.24-12-generic $ apt-get source linux-image-debug-2.6.24-12-generic $ cd linux-2.6.24 $ debchange -i $ cp /boot/config-2.6.24-12-generic .config $ make oldconfig UBUNTUBUILD=1 DEBIAN_SRCTOP=./ fakeroot make-kpkg -initrd kernel_image kernel_headers modules_image $ dpkg-buildpackage -rfakeroot -us -uc
OK? Next, try to apply the Integrity Measurement patch.
This is original IMA patch using LSM. The patch is available from http://sourceforge.net/projects/linux-ima
$ sudo apt-get build-dep linux-image-debug-2.6.24-12-generic $ apt-get source linux-image-debug-2.6.24-12-generic $ cd linux-2.6.24 $ debchange -i $ wget http://nchc.dl.sourceforge.net/sourceforge/linux-ima/ibm_ima_8.3_2.6.24.3.patch $ patch -p1 --dry-run < ibm_ima_8.3_2.6.24.3.patch some failes, since the AppArmor patch was applied. $ patch -p1 < ibm_ima_8.3_2.6.24.3.patch Manualy fix security/Kconfig and security/Makefile. $ cp /boot/config-2.6.24-12-generic .config $ make -s menuconfig Device Driver > Character devices > TPM hardware Supports = Y Device Driver > Character devices > TPM hardware Supports > * Interface= Y Cryptographic API > SHA1 = Y Security options > Capability = N Security options > SELinux = N Security options > AppArmor = N Security options > TCG run-time Integrity Measuremenet = Y $ UBUNTUBUILD=1 DEBIAN_SRCTOP=./ fakeroot make-kpkg -initrd kernel_image kernel_headers modules_image $ cd .. $ sudo dpkg -i linux-headers-2.6.24.3_2.6.24-13.23ubuntu1_i386.deb $ sudo dpkg -i linux-image-2.6.24.3_2.6.24-13.23ubuntu1_i386.deb
Edit /boot/grub/menu.lst to enable IMA.
title Ubuntu hardy (development branch), kernel 2.6.24.3 root (hd0,0) kernel /boot/vmlinuz-2.6.24.3 root=UUID=e915d681-5805-4cdd-b5ca-6e7bacd474b5 ro quiet splash locale=ja_JP ima=1 initrd /boot/initrd.img-2.6.24.3 quiet
Reboot the system. and check the measurements
$ ls /sys/kernel/security/ ima tpm0 $ sudo cat /sys/kernel/security/ima/ascii_runtime_measurements <snip> 10 094fe12401c97bdfeef1c11938f331fb143fe056 /usr/bin/sudo $ sha1sum /usr/bin/sudo 094fe12401c97bdfeef1c11938f331fb143fe056 /usr/bin/sudo
New version based on Linux Integrity Module (LIM). This IMA works with other LSM-MAC modules, like SELinux, AppArmor, SMACK, TOMOYO.
$ sudo apt-get install trousers
$ sudo apt-get install tpm-tools $ tpm_version TPM Version: 01010000 Manufacturer Info: 57454300
http://sourceforge.net/projects/tpmmanager
$ wget http://nchc.dl.sourceforge.net/sourceforge/tpmmanager/tpmmanager-0.4.tar.gz $ cd tpmmanager-0.4 $ ./configure $ make $ sudo make install
http://projects.csail.mit.edu/tc/tpmj/
http://sourceforge.net/projects/tpmj/
$ wget http://nchc.dl.sourceforge.net/sourceforge/tpmj/tpmj-alpha0.3.0.zip $ unzip tpmj-alpha0.3.0.zip TBD
TBD
[ページ情報]
更新日時: 2008-04-03 10:23:23, 更新者: munetoh
[権限]
表示:無制限, 編集:ログインユーザ, 削除/設定:メンバー
Fork
編集