Linux下的签名可执行文件 [英] Signed executables under Linux

问题描述

出于安全原因，最好在执行前检查代码的完整性，避免被攻击者篡改软件.所以，我的问题是

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is

如何在 Linux 下签署可执行代码并只运行受信任的软件?

我阅读了 van Doom 等人的著作、Linux 签名可执行文件的设计和实现，以及 IBM 的 TLC(受信任的 Linux 客户端)由 Safford &佐哈尔.TLC 使用 TPM 控制器，这很好，但是论文是 2005 年的，我找不到当前的替代方案.

I have read the work of van Doom et al., Design and implementation of signed executables for Linux, and the IBM's TLC (Trusted Linux Client) by Safford & Zohar. TLC uses TPM controller, what is nice, but the paper is from 2005 and I was unable to find current alternatives.

你知道其他选择吗?

更新:其他操作系统呢?开放式Solaris?BSD家族?

UPDATE: And about other OS's? OpenSolaris? BSD family?

推荐答案

DigSig 内核模块实现了由名为 bsign 的工具签名的二进制文件.但是，从 Linux 内核 2.6.21 版开始，就没有任何工作可以解决.

The DigSig kernel module implements verification of binaries signed by a tool called bsign. However, there hasn't been any work on it since version 2.6.21 of the Linux kernel.

这篇关于Linux下的签名可执行文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！