This section briefly describes the functional subsystems that implement the required security functionalities
and the logical subsystems that are part of each of the functional subsystems.
The subsystems are structured into those implemented within the SLES kernel, and those implemented as
trusted processes.
4.4.1 Hardware
The hardware consists of the physical resources such as CPU, main memory, registers, caches, and devices
that effectively make up the computer system. Chapter 3 details the various hardware architectures supported
in this evaluation.
4.4.2 Firmware
The firmware consists of the software residing in the hardware that is started when the system goes through a
power-on reset. In addition to initializing the hardware and starting the operating system, on the partitioning-
capable platforms the firmware provides LPAR support as well.
4.4.3 Kernel subsystems
This section describes the subsystems implemented as part of the SLES kernel.
• File and I/O: This subsystem includes only the file and I/O management kernel subsystem.
• Process control: This subsystem includes the process control and management kernel subsystem.
• Inter-process communication: This subsystem includes the IPC kernel subsystem.
• Networking: This subsystem contains the kernel networking subsystem.
• Memory management: This subsystem contains the kernel memory management subsystem.
• Kernel modules: This subsystem contains routines in the kernel that create an infrastructure to
support loadable modules.
• Device drivers: This subsystem contains the kernel device driver subsystem.
• Audit: This subsystem contains the kernel auditing subsystem.
4.4.4 Trusted process subsystems
This section describes the subsystems implemented as trusted processes.
• System initialization: This subsystem consists of the boot loader (GRUB, LILO, Yaboot, or z/IPL)
and the init program.
• Identification and authentication: This subsystem contains the su, passwd, and login trusted
commands, as well as the agetty trusted process. This subsystem also includes PAM shared library
modules.
• Network applications: This subsystem contains vsftpd and sshd trusted processes, which interact
with PAM modules to perform authentication. It also includes the ping program.
• Batch processing: This subsystem contains the trusted programs used for the processing of batch
jobs. They are crontab and cron and at and atd.
• System management: This subsystem contains the trusted programs used for system management
activities. Those include the following programs:
29