http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2015%2FAbstracts%2FManolov 2026-05-07T12:04:12Z Revision history for this page on the wiki MediaWiki 1.36.1 http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2015/Abstracts/Manolov&diff=3581&oldid=prev 2015-07-01T13:57:49Z

<p>Created page with &quot;== Title == IMA/EVM: Real Applications for Embedded Networking Systems == Presenter == Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks == Abstract == I...&quot;</p> <p><b>New page</b></p><div>== Title ==<br /> <br /> IMA/EVM: Real Applications for Embedded Networking Systems<br /> <br /> == Presenter ==<br /> <br /> Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks <br /> <br /> == Abstract ==<br /> <br /> I am working on a project that requires integration of Linux IMA in a large scale networking equipment.<br /> <br /> These are the basic ideas behind the talk:<br /> <br /> * Provide a way for a platform supplier to delegate a Certificate Authority or building and IMA/EVM signing software to a third-party.<br /> <br /> * The Kernel Keyring needs to be able to add new CAs or certificate chains to provide a root of trust for all software from platform<br /> and other third-parties.<br /> <br /> * There should be a method (OCSP or CRL) for being able to revoke a particular CA from the kernel keyring.<br /> <br /> We will discuss experiments performed on the Linux kernel with different kinds of X509 certificate hierarchies for<br /> the validation of software being run.</div>

JamesMorris