\url{https://wiki.archlinux.org/index.php/Kernel/Arch_Build_System} in combination with \url{https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture}:
\begin{lstlisting}
sudo pacman -S asp base-devel
cd ~
mkdir build && cd build
asp update linux
asp export linux #Linux repo exported to this directory
\end{lstlisting}
Change \emph{pkgbase} in \texttt{linux/PKGBUILD} to custom name, e.g. linux-ima.
Check \texttt{linux/config} for the following settings:
\begin{lstlisting}
CONFIG_INTEGRITY=y
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_LSM_RULES=y
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_IMA_APPRAISE=y
IMA_APPRAISE_BOOTPARAM=y
\end{lstlisting}
For optimizing file access, add to every fstab-entry \emph{iversion}.
It prevents creating a hash of the file at every access.
Instead the hash will only be created when writing the file.
\texttt{updpkgsums} generates new checksums for the modified files.
The theoretical tool that should be formed to one whole system implementation in this thesis
\section{Attack Vectors and Threat Model}
\section{Trust and Security}
\section{Systems of Trust}
@ -11,7 +18,13 @@
\section{Extend the Trust to External Hardware}
\section{Mitigation of Attack Vectors}
\chapter{Implemtentation and Limitations}
\section{Trusted Boot}
\section{Linux Kernel Integrity Tools}
\chapter{Conclusion and Outlook}
It is yet very hard to implement a system of this kind.
The tools are available, but the documentation is not.
I did at least figure out what a prototype can look like.
\autoref{tab:example} is an example of a table, in which the numbers are aligned at the comma, every second line is colored and the commands \texttt{\textbackslash toprule}, \texttt{\textbackslash midrule} and \texttt{\textbackslash bottomrule} are used \cite{arthur15}.
