> -----Original Message----- > From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity- > owner@xxxxxxxxxxxxxxx] On Behalf Of Lakshmi Ramasubramanian > Sent: Tuesday, December 10, 2019 11:37 PM > To: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; > jarkko.sakkinen@xxxxxxxxxxxxxxx; Mimi Zohar <zohar@xxxxxxxxxxxxx>; > linux-integrity@xxxxxxxxxxxxxxx > Subject: Does IMA support SHA-256 PCR banks? > > Hi, > > I noticed that even when SHA-256 is selected as the digest algorithm for > IMA measurement, the PCR hash is still SHA-1. > > A net search found the text given below in the following wiki: > https://wiki.strongswan.org/projects/strongswan/wiki/IMA > > ********************************************************** > ************ > Since SHA-1 has been "shattered" we recommend to use SHA-256 for the > file measurement hashes. > > IMA implementation does not support SHA-256 PCR banks yet, so the > SHA-256 file hashes are extended into SHA-1 PCR registers. > ********************************************************** > ************ > > Is the above still true? > > In ima_init_digests() the digest algorithm for PCR extend is set from > the digest algorithm set in the PCR banks. > > Is there a way to configure IMA to use SHA-256 PCR banks? > > int __init ima_init_digests(void) > { > ... > for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) > digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id; > ... Hi Lakshmi currently the SHA256 PCR bank is extended with a padded SHA1. Some time ago, I posted some patches to support the TGC Crypto Agile format: https://lkml.org/lkml/2017/5/16/369 However, this is a bit complicate because the current format does not follow the TCG standard. A work to support the new IMA Canonical Event Log format has been presented at LSS: https://static.sched.com/hosted_files/lssna18/03/lss_2018_slides_V4.pdf Given that the patches are very invasive, to me seems a good idea to split this work in two parts: first, extend PCRs with the correct digest and second change the measurement list format. For the first part, the patch will be very simple, as IMA will just query the TPM to get the list of hash algorithms and will calculate all the digests in ima_calc_field_array_hash(). Also, the first part would be sufficient for remote attestation, as the data used to calculate the digests is passed to the verifier. The verifier can calculate by himself the digest of non-SHA1 PCR banks, even if they are not included in the measurement list. Roberto
