On 12/10/19 3:38 AM, Janne Karhunen wrote: Hi Janne,
Now, we can attempt to tackle this if there is a common agreement on what to do with the case. First thing that comes to my mind based on a comment from Mimi concerning the prior work on the topic by Dave is that the measurement list should probably get periodically exported to a file with its own measurement. Rest of the measurement entries would then get freed, so the system would start again from a clean state (ie. state where there is only 1 entry in the measurement list, the older generation list name and the measurement). For remote attestation of the system you would have to concatenate all the lists and verify their validity by walking down the chain, starting from the existing in-kernel measurement that is kept secure. In other words, each exported list would have a measurement of the earlier generation list and we would build a simple list chain.
Do we need to keep multiple on-disk lists? Can the measurement entries be written to one on-disk file - say, when the current in-memory buffer reaches a certain threshold?
A remote attestation of the system would then read the on-disk file and the current in-memory buffer to perform the validation.
I am assuming one of the reasons for keeping the measurement list in memory is for better performance. If buffered file I/O is supported in Linux, can that be leveraged for improved file I/O performance?
https://docs.microsoft.com/en-us/windows/win32/fileio/file-caching thanks, -lakshmi
