Re: [Linux-ima-devel] [PATCH 11/12] ima: don't report measurements if digests are included in the loaded lists
From: Ken Goldman
Date: Wed Aug 09 2017 - 16:35:34 EST
On 7/25/2017 11:44 AM, Roberto Sassu wrote:
Don't report measurements if the file digest has been included in
an uploaded digest list.
The advantage of this solution is that the boot time overhead, when
a TPM is available, is very small because a PCR is extended only
for unknown files. The disadvantage is that verifiers do not know
anymore which and when files are accessed (they must assume that
the worst case happened, i.e. all files have been accessed).
Am I reading this correctly that you want to measure certain files, but
not ones that have been included in a "digest list", which sounds like a
white list of sorts.
If so, I have two concerns:
1 - How would the client get this digest list? Shouldn't it be up to
the relying party to decide what is trusted and not trusted, not the client?
What of the case with two different relying parties that have a
different list of trusted applications? E.g., one trusts any version of
program X, while the other trusts only version 3.1 and up?
2 - What about files on the digest list that were not run? The relying
party may want to know if a program wasn't run? E.g., antivirus or a
firewall.
If the rule is "don't measure if it's on the digest list", how does the
relying party know if it was run?