> -----Original Message----- > From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity- > owner@xxxxxxxxxxxxxxx] On Behalf Of Mimi Zohar > Sent: Wednesday, January 29, 2020 11:51 PM > To: Petr Vorel <pvorel@xxxxxxx> > Cc: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>; linux-integrity@xxxxxxxxxxxxxxx; > James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; linux- > kernel@xxxxxxxxxxxxxxx; Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Subject: Re: [PATCH 1/2] ima: use the IMA configured hash algo to calculate > the boot aggregate > > On Wed, 2020-01-29 at 09:30 +0100, Petr Vorel wrote: > > Hi Mimi, > > > > Reviewed-by: Petr Vorel <pvorel@xxxxxxx> > > > > > The original LTP ima_boot_aggregate.c test needed to be updated to > > > support TPM 2.0 before this change. For TPM 2.0, the PCRs are not > > > exported. With this change, the kernel could be reading PCRs from a > > > TPM bank other than SHA1 and calculating the boot_aggregate based on > a > > > different hash algorithm as well. I'm not sure how a remote verifier > > > would know which TPM bank was read, when calculating the boot- > > > aggregate. > > Mimi, do you plan to do update LTP test? > > In order to test Roberto's patches that calculates and extends the > different TPM banks with the appropriate hashes, we'll need some test > to verify that it is working properly. As to whether this will be in > LTP or ima-evm-utils, I'm not sure. attest-tools (https://github.com/euleros/attest-tools, branch 0.2-devel) has the ability to parse the BIOS and IMA event logs, and to compare boot_aggregate with the digest of final PCR values obtained by performing in software the PCR extend operation with digests in the BIOS event log. To perform the test, it is necessary to have a complete BIOS event log. Create req.json with this content: --- { "reqs":{ "dummy|verify":"", "ima_boot_aggregate|verify":"" } } --- With the requirements above, we are telling attest-tools to verify only boot_aggregate. Without the dummy requirement, verification would fail (BIOS and remaining IMA measurement entries are not processed). On server side run: # attest_ra_server -p 10 -r req.json -s -i -s disables TPM signature verification -i allows IMA violations To enable TPM signature verification it is necessary to have a valid AK certificate. It can be obtained by following the instructions at: https://github.com/euleros/attest-tools/blob/0.2-devel/README On client side run: # echo test > aik_cert.pem # echo aik_cert.pem > list_privacy_ca # attest_ra_client -A The command above generates an AK. # attest_ra_client -s <server IP> -q -p 10 -P <PCR algo> -b -i The command above sends the TPM quote and the event logs to the RA server and gets the response (successful/failed verification). -b includes the BIOS event log from securityfs -i includes the IMA event log from securityfs To check that boot_aggregate is calculated properly, use -P sha256 in attest_ra_client and set ima_hash=sha256 in the kernel command line. Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli