This section describes the enhancements we have made to the Linux system to implement the measurement functionality. Before any of our dynamic measurements are initiated (i.e., before linuxrc or init are started), our kernel pre-loads its measurement list with the expected measurements for BIOS, bootloader, kernel, and initrd (if applies), and uses the aggregate of the real boot process, found in a pre-defined TPM PCR, as the starting point for our own measurement aggregate. If the actual boot process differs from the expected one, the validation of the measurement list will fail. We focus on the stages measuring dynamic run-time content following the initial OS boot.
Our prototype implementation is done on a RedHat 9.0 Linux distribution as a Linux Security Module (LSM) of a 2.6.5 kernel 3. The prototype implementation is divided into four major components: inserting measurement points into the system to measure files or memory (Section 5.1), measuring files or memory (Section 5.2), protecting against by-passing the measurements (Section 5.3), and validating the measurements to ensure that an implementation of our architecture is actually in place on the attesting system (Section 5.4).