Embedded Linux devices are susceptible to offline tampering and supply chain manipulation, rendering the integrity of persistent executables and shared libraries a practical security concern. This thesis integrates the Linux Integrity Subsystem into a Yocto-based embedded Linux image on a Raspberry Pi 4 and evaluates runtime integrity controls for persistent root filesystem artifacts. A controlled configuration ladder is implemented, ranging from a baseline without integrity mechanisms to IMA measurement, IMA appraisal, and appraisal combined with EVM metadata protection. Two policy profiles are examined: a strict profile extending appraisal to file reads in addition to execution and executable memory mapping, and a minimal profile restricted to binaries and shared libraries. Results indicate that policy scope dominates performance overhead. Under the strict profile, sequential and random read throughput decrease significantly, while boot time increases moderately. Furthermore, EVM prevents metadata forgery that can bypass hash-based appraisal.
Yazan Almislmani (Thu,) studied this question.