RE: [PATCH 1/2] ima: use the IMA configured hash algo to calculate the boot aggregate

From: Roberto Sassu
Date: Thu Jan 30 2020 - 10:41:02 EST


> -----Original Message-----
> From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Roberto Sassu
> Sent: Thursday, January 30, 2020 4:27 PM
> To: Mimi Zohar <zohar@xxxxxxxxxxxxx>; Petr Vorel <pvorel@xxxxxxx>
> Cc: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>; linux-integrity@xxxxxxxxxxxxxxx;
> James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; linux-
> kernel@xxxxxxxxxxxxxxx
> Subject: RE: [PATCH 1/2] ima: use the IMA configured hash algo to calculate
> the boot aggregate
>
> > -----Original Message-----
> > From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity-
> > owner@xxxxxxxxxxxxxxx] On Behalf Of Mimi Zohar
> > Sent: Wednesday, January 29, 2020 11:51 PM
> > To: Petr Vorel <pvorel@xxxxxxx>
> > Cc: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>; linux-
> integrity@xxxxxxxxxxxxxxx;
> > James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; linux-
> > kernel@xxxxxxxxxxxxxxx; Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > Subject: Re: [PATCH 1/2] ima: use the IMA configured hash algo to
> calculate
> > the boot aggregate
> >
> > On Wed, 2020-01-29 at 09:30 +0100, Petr Vorel wrote:
> > > Hi Mimi,
> > >
> > > Reviewed-by: Petr Vorel <pvorel@xxxxxxx>
> > >
> > > > The original LTP ima_boot_aggregate.c test needed to be updated to
> > > > support TPM 2.0 before this change. ÂFor TPM 2.0, the PCRs are not
> > > > exported. ÂWith this change, the kernel could be reading PCRs from a
> > > > TPM bank other than SHA1 and calculating the boot_aggregate based
> on
> > a
> > > > different hash algorithm as well. ÂI'm not sure how a remote verifier
> > > > would know which TPM bank was read, when calculating the boot-
> > > > aggregate.
> > > Mimi, do you plan to do update LTP test?
> >
> > In order to test Roberto's patches that calculates and extends the
> > different TPM banks with the appropriate hashes, we'll need some test
> > to verify that it is working properly. ÂAs to whether this will be in
> > LTP or ima-evm-utils, I'm not sure.
>
> attest-tools (https://github.com/euleros/attest-tools, branch 0.2-devel) has
> the
> ability to parse the BIOS and IMA event logs, and to compare
> boot_aggregate
> with the digest of final PCR values obtained by performing in software the
> PCR
> extend operation with digests in the BIOS event log.
>
> To perform the test, it is necessary to have a complete BIOS event log.
>
> Create req.json with this content:
> ---
> {
> "reqs":{
> "dummy|verify":"",
> "ima_boot_aggregate|verify":""
> }
> }
> ---
>
> With the requirements above, we are telling attest-tools to verify only
> boot_aggregate. Without the dummy requirement, verification would
> fail (BIOS and remaining IMA measurement entries are not processed).
>
> On server side run:
> # attest_ra_server -p 10 -r req.json -s -i
>
> -s disables TPM signature verification
> -i allows IMA violations
>
> To enable TPM signature verification it is necessary to have a valid AK
> certificate. It can be obtained by following the instructions at:
>
> https://github.com/euleros/attest-tools/blob/0.2-devel/README
>
> On client side run:
> # echo test > aik_cert.pem
> # echo aik_cert.pem > list_privacy_ca
> # attest_ra_client -A
>
> The command above generates an AK.
>
> # attest_ra_client -s <server IP> -q -p 10 -P <PCR algo> -b -i
>
> The command above sends the TPM quote and the event logs
> to the RA server and gets the response (successful/failed
> verification).
>
> -b includes the BIOS event log from securityfs
> -i includes the IMA event log from securityfs
>
> To check that boot_aggregate is calculated properly, use -P sha256

and to check that IMA extends non-SHA1 PCR banks with an appropriate
digest,

> in attest_ra_client and set ima_hash=sha256 in the kernel command
> line.

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli