On Wed, 2020-02-12 at 16:08 -0500, david.safford@xxxxxxxxx wrote: > On Tue, 2020-02-11 at 18:10 -0500, Mimi Zohar wrote: > > On Tue, 2020-02-11 at 11:10 -0500, david.safford@xxxxxxxxx wrote: > > > > <snip> > > > > > This new feature will require setting up some infrastructure for > > storing the partial measurement list(s) in order to validate a TPM > > quote. Userspace already can save partial measurement list(s) without > > any kernel changes. The entire measurement list does not need to be > > read each time. lseek can read past the last record previously read. > > The only new aspect is truncating the in kernel measurement list in > > order to free kernel memory. > > This is a pretty important new feature. > A lot of people can't use IMA because of the memory issue. > Also, I really think we need to let administrators choose the tradeoffs > of keeping the list in memory, on a local file, or only on the > attestation server, as best fits their use cases. Dave, I understand that some use cases require the ability of truncating the measurement list. We're discussing how to truncate the measurement list. For example, in addition to the existing securityfs binary_runtime_measurements file, we could define a new securityfs file indicating the number of records to delete. > > > > < snip> > > > > Until there is proof that the measurement list can be exported to a > > file before kexec, instead of carrying the measurement list across > > kexec, and a TPM quote can be validated after the kexec, there isn't a > > compelling reason for the kernel needing to truncate the measurement > > list. > > If this approach doesn't work with all the kexec use cases, then it is > useless, and the ball is in my court to prove that it does. Fortunately > I have to test that anyway for the coming TLV support. > > Working on it... Testing could be done independently of the TLV support. To verify that you aren't loosing any measurements, boot with a measurement policy like "ima_policy=tcb" on the boot command line. thanks, Mimi
