| Message ID | 1582310338-1562-1-git-send-email-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | ima-evm-utils: calculate per TPM bank template digest | expand |
Hi Mimi, > IMA currently extends the different TPM banks by padding/truncating the > SHA1 template digest. Although the IMA measurement list only includes > the SHA1 template digest, the template digest could be re-calculated > properly for each bank. Roberto Sassu's proposed "ima: support stronger > algorithms for attestation" kernel patch set makes this change. > > In order to test the proposed kernel change, this patch set walks the > IMA measurement list, re-calculating the per TPM bank template digest > and extending the TPM bank PCR with the bank specific digest. The last > step, after walking the measurement list, is comparing the the resulting > TPM per bank PCR values with the actual TPM per bank PCR values. I have built the kernel with Roberto's patch set and also built evmctl with your patch set. Could you please include an example for how evmctl can be used to test Roberto's change? thanks, -lakshmi
On Fri, 2020-02-21 at 16:11 -0800, Lakshmi Ramasubramanian wrote: > Hi Mimi, > > > IMA currently extends the different TPM banks by padding/truncating the > > SHA1 template digest. Although the IMA measurement list only includes > > the SHA1 template digest, the template digest could be re-calculated > > properly for each bank. Roberto Sassu's proposed "ima: support stronger > > algorithms for attestation" kernel patch set makes this change. > > > > In order to test the proposed kernel change, this patch set walks the > > IMA measurement list, re-calculating the per TPM bank template digest > > and extending the TPM bank PCR with the bank specific digest. The last > > step, after walking the measurement list, is comparing the the resulting > > TPM per bank PCR values with the actual TPM per bank PCR values. > > I have built the kernel with Roberto's patch set and also built evmctl > with your patch set. > > Could you please include an example for how evmctl can be used to test > Roberto's change? There are two aspects to Roberto's changes - extending the TPM banks with the bank specific template digest and verifying the boot aggregate. This patch set only addresses the first aspect. Assuming both the sha1 and sha256 TPM banks are enabled, # tssgetcapability -cap 5 2 PCR selections hash TPM_ALG_SHA1 TPMS _PCR_SELECTION length 3 ff ff ff hash TPM_ALG_SHA256 TPMS_PC R_SELECTION length 3 ff ff ff the output would look like: # evmctl ima_measurement -v --list /sys/kernel/security/integrity/ima/binary_runtime_measurements sha1: PCRAgg 10: 7723f6d980725507e5d0eb643dc179aae0efb719 sha1: TPM PCR-10: 7723f6d980725507e5d0eb643dc179aae0efb719 sha1 PCR-10: succeed sha256: PCRAgg 10: 5254d6dce62765f884dc67dac8d59a8721ae14495ae4a0cb73426d0c013a82b2 sha256: TPM PCR-10: 5254d6dce62765f884dc67dac8d59a8721ae14495ae4a0cb73426d0c013a82b2 sha256 PCR-10: succeed Mimi
On 2/22/20 5:12 PM, Mimi Zohar wrote: > > There are two aspects to Roberto's changes - extending the TPM banks > with the bank specific template digest and verifying the boot > aggregate. This patch set only addresses the first aspect. > > Assuming both the sha1 and sha256 TPM banks are enabled, > > # tssgetcapability -cap 5 > 2 PCR selections > hash TPM_ALG_SHA1 > TPMS > _PCR_SELECTION length 3 > ff ff ff > hash TPM_ALG_SHA256 > TPMS_PC > R_SELECTION length 3 > ff ff ff > > the output would look like: > > # evmctl ima_measurement -v --list > /sys/kernel/security/integrity/ima/binary_runtime_measurements > > sha1: PCRAgg 10: 7723f6d980725507e5d0eb643dc179aae0efb719 > sha1: TPM PCR-10: 7723f6d980725507e5d0eb643dc179aae0efb719 > sha1 PCR-10: succeed > > sha256: PCRAgg 10: > 5254d6dce62765f884dc67dac8d59a8721ae14495ae4a0cb73426d0c013a82b2 > sha256: TPM PCR-10: > 5254d6dce62765f884dc67dac8d59a8721ae14495ae4a0cb73426d0c013a82b2 > sha256 PCR-10: succeed > Thanks Mimi and Roberto for the update. tpm2_pcrread command outputs the PCR values. The one for PCR-10 matches the data output by evmctl. -lakshmi
IMA currently extends the different TPM banks by padding/truncating the SHA1 template digest. Although the IMA measurement list only includes the SHA1 template digest, the template digest could be re-calculated properly for each bank. Roberto Sassu's proposed "ima: support stronger algorithms for attestation" kernel patch set makes this change. In order to test the proposed kernel change, this patch set walks the IMA measurement list, re-calculating the per TPM bank template digest and extending the TPM bank PCR with the bank specific digest. The last step, after walking the measurement list, is comparing the the resulting TPM per bank PCR values with the actual TPM per bank PCR values. (Verifying the non SHA1 TPM banks depends on a kernel built with Roberto's "ima: support stronger algorithms for attestation" patch set.) Mimi Mimi Zohar (8): ima-evm-utils: treat unallocated banks as an error ima-evm-utils: increase the size of "zero" and "fox" variables ima-evm-utils: calculate the digests for multiple TPM banks ima-evm-utils: add support in tpm2_read_pcrs to read different TPM banks ima-evm-utils: read the PCRs for the requested TPM banks ima-evm-utils: compare re-calculated PCRs with the TPM values ima-evm-utils: use a common bank variable for TPM 1.2 and TPM 2.0 ima-evm-utils: remove TPM 1.2 specific code src/evmctl.c | 349 ++++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 284 insertions(+), 65 deletions(-)