On Wed, 2021-07-21 at 12:07 -0400, Mimi Zohar wrote:
> On Wed, 2021-07-21 at 11:42 -0400, Mike Snitzer wrote:
> > On Tue, Jul 20 2021 at 10:12P -0400,
> > Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> >
> > > Hi Tushar, Mike,
> > >
> > > On Mon, 2021-07-12 at 17:48 -0700, Tushar Sugandhi wrote:
> > > > +struct dm_ima_device_table_metadata {
> > > > + /*
> > > > + * Contains data specific to the device which is common across
> > > > + * all the targets in the table.e.g. name, uuid, major, minor etc.
> > > > + * The values are stored in comma separated list of key1=val1,key2=val2; pairs
> > > > + * delimited by a semicolon at the end of the list.
> > > > + */
> > > > + char *device_metadata;
> > > > + unsigned int device_metadata_len;
> > > > + unsigned int num_targets;
> > > > +
> > > > + /*
> > > > + * Contains the sha256 hashs of the IMA measurements of the
> > > > + * target attributes key-value pairs from the active/inactive tables.
> > > > + */
> > >
> > > From past experience hard coding the hash algorithm is really not a
> > > good idea.
> > >
> > > Mimi
> > >
> > > > + char *hash;
> > > > + unsigned int hash_len;
> > > > +
> > > > +};
> >
> > Hi Mimi,
> >
> > The dm-ima.c code is using SHASH_DESC_ON_STACK and then storing the
> > more opaque result via 'hash' and 'hash_len'.
> >
> > So if/when the dm-ima.c hash algorithm were to change this detail
> > won't change the dm_ima_device_table_metadata structure at all right?
> > But even if changes were needed this is purely an implementation
> > detail correct? Why might users care which algorithm is used by
> > dm-ima to generate the hashes?
> >
> > Assuming there is a valid reason for users to care about this, we can
> > improve this aspect as follow-on work.. so I don't consider this a
> > blocker for this patchset at this point. Please clarify if you feel
> > it should be a blocker.
>
> This goes back to my question as to if or how the template data in
> these DM critical data records are to be validated by the attestation
> server. Asumming the hash/hash_len is being stored in the IMA
> measurement list, the less the attestation should need to know about
> the specific kernel version the better.
Hi Mike, Tushar, Laskshmi,
Perhaps, when defining a new IMA "critical data" record, especially if
you know it's going to change, the critical data should contain a
version number.
thanks,
Mimi
