secureboot

Signed-off-by: Holger Dengler <dengler@linutronix.de>

1 files changed, 25 insertions, 0 deletions

diff --git a/security/secureboot/frm_secboot_linux.tex b/security/secureboot/frm_secboot_linux.tex
new file mode 100644
index 0000000..73364ee
--- /dev/null
+++ b/security/secureboot/frm_secboot_linux.tex
@@ -0,0 +1,25 @@
+% ----------------------------
+\subsection{Linux}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Linux Integrity Targets}
+\begin{itemize}
+\item Kernel Parameters
+ \begin{itemize}
+ \item Append only
+ \item Devicetree
+ \end{itemize}
+\item Signed Modules (enforced)
+\item Filesystem Integrity
+ \begin{itemize}
+ \item IMA/EVM: Hash/Signature per File
+ \item dm-verity: Hashtree per Block-Device
+ \end{itemize}
+\item Mandatory Access Control
+ \begin{itemize}
+ \item SELinux/SMACK
+ \item Tomoyo/AppArmor
+ \end{itemize}
+\end{itemize}
+\end{frame}