Re: [PATCH 0/8] X.509: Software public key subtype changes

From: Mimi Zohar
Date: Tue Feb 23 2016 - 07:28:44 EST


On Tue, 2016-02-23 at 10:16 +0000, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> > To measure and appraise just the kexec initramfs, define a policy
> > containing:
>
> Doesn't this require a TPM?

For appraising file signatures, a TPM is definitely not required! Even
in the case of making sure that the file measurements are being taken, a
TPM is not required. For purposes of testing changes to the asymmetric
keys or the key subsystem in general, a TPM is not required.

The TPM is needed for quoting PCRs. When a TPM is available, IMA, in
addition to adding the file measurements to the run time measurement
list, extends a TPM PCR with the file measurements. A trusted third
party, can then validate the measurement list against the PCR quote.

The real question is which files need to be measured and appraised in
order to either prevent or, at least, to be able to detect a system
compromise. But for your use case scenario, of making sure that changes
to the asymmetric keys or the key subsystem in general has not broken
IMA, measuring and appraising a single file should be enough.

Mimi