> -----Original Message----- > From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity- > owner@xxxxxxxxxxxxxxx] On Behalf Of Roberto Sassu > Sent: Thursday, January 30, 2020 4:27 PM > To: Mimi Zohar <zohar@xxxxxxxxxxxxx>; Petr Vorel <pvorel@xxxxxxx> > Cc: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>; linux-integrity@xxxxxxxxxxxxxxx; > James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; linux- > kernel@xxxxxxxxxxxxxxx > Subject: RE: [PATCH 1/2] ima: use the IMA configured hash algo to calculate > the boot aggregate > > > -----Original Message----- > > From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity- > > owner@xxxxxxxxxxxxxxx] On Behalf Of Mimi Zohar > > Sent: Wednesday, January 29, 2020 11:51 PM > > To: Petr Vorel <pvorel@xxxxxxx> > > Cc: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>; linux- > integrity@xxxxxxxxxxxxxxx; > > James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; linux- > > kernel@xxxxxxxxxxxxxxx; Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > Subject: Re: [PATCH 1/2] ima: use the IMA configured hash algo to > calculate > > the boot aggregate > > > > On Wed, 2020-01-29 at 09:30 +0100, Petr Vorel wrote: > > > Hi Mimi, > > > > > > Reviewed-by: Petr Vorel <pvorel@xxxxxxx> > > > > > > > The original LTP ima_boot_aggregate.c test needed to be updated to > > > > support TPM 2.0 before this change. For TPM 2.0, the PCRs are not > > > > exported. With this change, the kernel could be reading PCRs from a > > > > TPM bank other than SHA1 and calculating the boot_aggregate based > on > > a > > > > different hash algorithm as well. I'm not sure how a remote verifier > > > > would know which TPM bank was read, when calculating the boot- > > > > aggregate. > > > Mimi, do you plan to do update LTP test? > > > > In order to test Roberto's patches that calculates and extends the > > different TPM banks with the appropriate hashes, we'll need some test > > to verify that it is working properly. As to whether this will be in > > LTP or ima-evm-utils, I'm not sure. > > attest-tools (https://github.com/euleros/attest-tools, branch 0.2-devel) has > the > ability to parse the BIOS and IMA event logs, and to compare > boot_aggregate > with the digest of final PCR values obtained by performing in software the > PCR > extend operation with digests in the BIOS event log. > > To perform the test, it is necessary to have a complete BIOS event log. > > Create req.json with this content: > --- > { > "reqs":{ > "dummy|verify":"", > "ima_boot_aggregate|verify":"" > } > } > --- > > With the requirements above, we are telling attest-tools to verify only > boot_aggregate. Without the dummy requirement, verification would > fail (BIOS and remaining IMA measurement entries are not processed). > > On server side run: > # attest_ra_server -p 10 -r req.json -s -i > > -s disables TPM signature verification > -i allows IMA violations > > To enable TPM signature verification it is necessary to have a valid AK > certificate. It can be obtained by following the instructions at: > > https://github.com/euleros/attest-tools/blob/0.2-devel/README > > On client side run: > # echo test > aik_cert.pem > # echo aik_cert.pem > list_privacy_ca > # attest_ra_client -A > > The command above generates an AK. > > # attest_ra_client -s <server IP> -q -p 10 -P <PCR algo> -b -i > > The command above sends the TPM quote and the event logs > to the RA server and gets the response (successful/failed > verification). > > -b includes the BIOS event log from securityfs > -i includes the IMA event log from securityfs > > To check that boot_aggregate is calculated properly, use -P sha256 and to check that IMA extends non-SHA1 PCR banks with an appropriate digest, > in attest_ra_client and set ima_hash=sha256 in the kernel command > line. Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli
