Re: [PATCH 0/2] public key: IMA signer logging: Log public key of IMA Signature signer in IMA log

From: Lakshmi
Date: Wed May 22 2019 - 15:39:51 EST


On 5/22/19 11:57 AM, Ken Goldman wrote:


1 - How is your solution - including a public key with each event - related to this issue?
This a change from my earlier proposal. In the new proposal I am making the public key is not included with each event. The data included in each IMA event does not change. For instance, when IMA signature validation is selected (ima-sig template, for instance), each event will have the IMA signature (which includes the 4 Byte Key Identifier and the Signature)

2 - I don't understand how a large cloud affects scale. Wouldn't the verifier would typically be checking known machines - those of their enterprise - not every machine on the cloud?

Can't we assume a typical attestation use case has a fairly locked down OS with a limited number of applications.
Yes - the attestation service (verifier) will be attesting only client machines known to the enterprise. But such clients could be running different versions of the OS and the kernel modules.
We cannot assume that this would be a limited set. Therefore, maintaining the hash\signature of all such components, for all versions of the components, and re-validating that in the service is not a scalable solution.

Instead, we want the IMA sub-system on the clients to do the signature validation (As it is done today). In addition to that, the clients will log the public keys from keyrings such as IMA, Platform, and BuiltIn Trusted Keys - this will be done only once and not in each IMA event (This is a change from my earlier proposal).

Using this data the service will verify that the clients used only trusted key(s) for signature validation.


Like I said, it should be rare. In the worst case, can't the service tell by trying both keys?If the service is validating the signature again it can try all the
keys. But we don't want to take that approach - instead we want to verify the keys used by the client.


I thought your solution was to change the IMA measurements, adding the public key to each entry with a new template? Did I misunderstand, or do you have a new proposal?
I have a new proposal as described above. Sorry if I had confused you.


How does this solve the collision issue? If there are two keys with the same key ID, isn't there still a collision?
Like I have said above, the client will log all the keys from the relevant keyrings (IMA, Platform, etc.) The service will verify that they are all known\trusted keys - which gives the assurance that the IMA signature validation done by the client was performed using trusted signing key(s).


I understand how the client keyring is used in IMA to check file
signatures, but how is that related to the attestation service?
In my new proposal, the keys in the client keyrings will be logged in the IMA log. The attestation service will verify that they are known\trusted keys.

Thanks,
-lakshmi