Measured boot on Arch

cerino · 2025-05-01 13:51:05

Measured boot is a security measure to ensure that critical files remain without manipulation even after the secure boot circle has completed. The Arch kernel does include the "integrity" lsm required but the wiki seems to hold no information on how to set this up or if it can even work on arch. Measured boot is already a widely used default on mobile and even ChromeOS if I am not mistaken.
Does Arch support this technology or are there any reasons why it wold not work?
The gentoo Wiki states that it is recommended for dev systems only but without stating why
https://wiki.gentoo.org/wiki/Integrity_ … chitecture

Last edited by cerino (2025-05-01 13:54:06)

seth · 2025-05-01 13:58:24

gentoo wiki wrote:

First, enable the IMA subsystem in the Linux kernel configuration.

zgrep -iE '_i(ma|ntegrity)' /proc/config.gz

Edit: doesn't seem even in the hardened kernel, https://gitlab.archlinux.org/archlinux/ … ads#L10936

Last edited by seth (2025-05-01 13:59:52)

cerino · 2025-05-01 14:20:04

Interesting, any clue why though? And whats the reason the integrity lsm is available by default anyway? Im still trying to wrap my head around this tech and all of its components but isnt that kinda pointless to enable one part by default and not even compile the other required components?

Last edited by cerino (2025-05-01 14:21:14)

seth · 2025-05-01 15:17:51

https://docs.kernel.org/next/admin-guid … e.html#faq
https://gitlab.archlinux.org/archlinux/ … ads#L10913

Why the preferences, idk, sorry.

WorMzy · 2025-05-01 17:02:59

Mod note: moving to kernel and hardware

Arch Linux

#1 2025-05-01 13:51:05

Measured boot on Arch

#2 2025-05-01 13:58:24

Re: Measured boot on Arch

#3 2025-05-01 14:20:04

Re: Measured boot on Arch

#4 2025-05-01 15:17:51

Re: Measured boot on Arch

#5 2025-05-01 17:02:59

Re: Measured boot on Arch

Board footer