File Credentials

All user processes are monitored (even root)
The access list for the “good” files contains :
- Full pathname
- SHA1 digest
If unauthorized file occurs :
- It is logged
- Proper PCR is extended
- Action is then defined in the policy (halt, execute etc.)
File information lookup :
- File inode
- Inode modification time
- Full pathname
- SHA1

All user processes are monitored (even root)