You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
1.1 KiB
31 lines
1.1 KiB
\chapter{Installation instructions}
|
|
\section{Installing IMA on Arch}
|
|
\url{https://wiki.archlinux.org/index.php/Kernel/Arch_Build_System} in combination with \url{https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture}:
|
|
|
|
\begin{lstlisting}
|
|
sudo pacman -S asp base-devel
|
|
cd ~
|
|
mkdir build && cd build
|
|
asp update linux
|
|
asp export linux #Linux repo exported to this directory
|
|
\end{lstlisting}
|
|
Change \emph{pkgbase} in \texttt{linux/PKGBUILD} to custom name, e.g. linux-ima.
|
|
Check \texttt{linux/config} for the following settings:
|
|
\begin{lstlisting}
|
|
CONFIG_INTEGRITY=y
|
|
CONFIG_IMA=y
|
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
|
CONFIG_IMA_LSM_RULES=y
|
|
CONFIG_INTEGRITY_SIGNATURE=y
|
|
CONFIG_IMA_APPRAISE=y
|
|
IMA_APPRAISE_BOOTPARAM=y
|
|
\end{lstlisting}
|
|
For optimizing file access, add to every fstab-entry \emph{iversion}.
|
|
It prevents creating a hash of the file at every access.
|
|
Instead the hash will only be created when writing the file.
|
|
|
|
\texttt{updpkgsums} generates new checksums for the modified files.
|
|
|
|
\texttt{makepkg -s} then makes the new kernel
|
|
|
|
S\texttt{S}l\texttt{l}M\texttt{M}x\texttt{x}i\texttt{i} \textsf{Hallowelt}
|