[Cc'ing Monty Wiseman and David Safford)
Hi Jordan,
On Fri, 2018-12-28 at 19:25 +0000, Jordan Hand wrote:
> Hi folks,
>
> I have a question about the format of the IMA measurement log
> (/sys/kernel/security/ima/binary_runtime_measurements).
>
> The current IMA format uses the following structure:
>
> struct ima_template_entry {
> int pcr;
> u8 digest[TPM_DIGEST_SIZE]; /* sha1 or md5 measurement hash */
> struct ima_template_desc *template_desc; /* template descriptor */
> u32 template_data_len;
> struct ima_field_data template_data[0]; /* template related data */
> };
>
> My question is, why does the IMA log not use the same log format
> that is used for PCR events in the TCG EFI spec? This would allow
> the same parser to be used for binary_bios_measurements and
> binary_runtime_measurements, while still maintaining all information
> captured by the current template format simply as event data.
>
> Here is the EFI structure that is logged for each event in
> binary_bios_measurements (it is similar the structure used by IMA
> but different enough to require different parsing).
>
> typedef struct {
> TCG_PCRINDEX PCRIndex;
> TCG_EVENTTYPE EventType;
> TCG_DIGEST digest;
> UINT32 EventSize;
> UINT8 Event[1];
> } TCG_PCR_EVENT;
>
> From the TCG EFI Spec: https://trustedcomputinggroup.org/wp-content/
> uploads/EFI-Protocol-Specification-rev13-160330final.pdf
> Note the above structure is for the TPM1.2 speficiation. There is a
> slightly different crypto-agile TCG_PCR_EVENT2 structure for
> TPM2.0.
>
> I feel that, when possible, it is best that the kernel keep
> continuity with other components which will be measuring events into
> the TPM for ease of parsing when these logs are used for
> attestation.
>
> I understand these may not be trivial changes (and log format
> changes may break existing applications) but I would like to get
> some thoughts on why some of these decisions were made and possible
> ways to get more continuity in Linux system attestation moving
> forward.
Although IMA was only upstreamed in 2009, some of the code dates back
to the early 2000's. The first paper "Design and implementation of a
TCG-based integrity measurement architecture" was published in Usenix
2004.
You should probably look at Monty Wiseman's and David Safford's LSS-NA
2018 talk titled "A Canonical Event Log Structure for IMA". Slides
and recordings of LSS-NA 2018 can be found on the LF website.
Defining a new log format is definitely non trivial and may not break
existing userspace applications.
Mimi
