Hi folks,
I have a question about the format of the IMA measurement log (/sys/kernel/security/ima/binary_runtime_measurements).
The current IMA format uses the following structure:
struct ima_template_entry {
int pcr;
u8 digest[TPM_DIGEST_SIZE]; /* sha1 or md5 measurement hash */
struct ima_template_desc *template_desc; /* template descriptor */
u32 template_data_len;
struct ima_field_data template_data[0]; /* template related data */
};
My question is, why does the IMA log not use the same log format that is used for PCR events in the TCG EFI spec? This would allow the same parser to be used for binary_bios_measurements and binary_runtime_measurements, while still maintaining all information captured by the current template format simply as event data.
Here is the EFI structure that is logged for each event in binary_bios_measurements (it is similar the structure used by IMA but different enough to require different parsing).
typedef struct {
TCG_PCRINDEX PCRIndex;
TCG_EVENTTYPE EventType;
TCG_DIGEST digest;
UINT32 EventSize;
UINT8 Event[1];
} TCG_PCR_EVENT;
>From the TCG EFI Spec: https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
Note the above structure is for the TPM1.2 speficiation. There is a slightly different crypto-agile TCG_PCR_EVENT2 structure for TPM2.0.
I feel that, when possible, it is best that the kernel keep continuity with other components which will be measuring events into the TPM for ease of parsing when these logs are used for attestation.
I understand these may not be trivial changes (and log format changes may break existing applications) but I would like to get some thoughts on why some of these decisions were made and possible ways to get more continuity in Linux system attestation moving forward.
Thanks!
Jordan
