Re: [RFC PATCH -next] ima: Make tpm hash configurable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'd like to present three possible cases, expanding on Mimi's
observation that the template hash is currently the hash of the
template data.

My vote is #2, but all have merits.

----------

1. Leave the SHA-1 template hash.

A. This does not break existing applications.

B. The template data is protected by the TPM quote, which does not
have to be SHA-1.

C. The SHA-1 digest provides some debug usefulness against a
non-malicious alteration of the template data. The application can
report which event record is incorrect.

----------

2. Include template hashes for all PCR banks.

A. This breaks existing applications on the attestor side, but could
be made backward compatible / deprecated at the verifier side.

B. The redundant data is an attack surface, in that the verifier must
remember to check the hashes against the quote AND against the
template data.

C. The digest provides debug usefulness against malicious attacks on
the template data.

D. This permits the use case where the template hash is NOT a hash of
the template data. In the UEFI event log (using IMA terms), the
template hash can be a digest of some other data and the template data
is a hint as to where and what that data is.

E.g., the UEFI event EV_CPU_MICROCODE template data field has a patch
descriptor, while the template hash is a digest of the patch itself.

----------

3. Include a template hash for the strongest hash algorithm.

A. It's not always clear what the strongest algorithm is.

Otherwise, this is the same as #2.

On 8/18/2023 7:17 PM, Mimi Zohar wrote:
On Fri, 2023-08-18 at 09:25 +0800, Guozihua (Scott) wrote:
On 2023/8/17 22:19, Mimi Zohar wrote:
On Thu, 2023-08-17 at 14:13 +0800, GUO Zihua wrote:

True SHA1 is being phased out due to hash collisions.  Verifying the
template data hash against the template data isn't necessary for the
attestation server to verify a TPM quote against any of the enabled TPM
banks.  The attestation server walks the measurement list calculating
the bank specific template data hash.  Breaking existing applications
is unreasonable.





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux