RE: [PATCH 1/2] ima: use the IMA configured hash algo to calculate the boot aggregate

[Roberto Sassu]

> -----Original Message-----
> From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Mimi Zohar
> Sent: Wednesday, January 29, 2020 11:51 PM
> To: Petr Vorel <pvorel@xxxxxxx>
> Cc: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>; linux-integrity@xxxxxxxxxxxxxxx;
> James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>; linux-
> kernel@xxxxxxxxxxxxxxx; Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> Subject: Re: [PATCH 1/2] ima: use the IMA configured hash algo to calculate
> the boot aggregate
> 
> On Wed, 2020-01-29 at 09:30 +0100, Petr Vorel wrote:
> > Hi Mimi,
> >
> > Reviewed-by: Petr Vorel <pvorel@xxxxxxx>
> >
> > > The original LTP ima_boot_aggregate.c test needed to be updated to
> > > support TPM 2.0 before this change. ÂFor TPM 2.0, the PCRs are not
> > > exported. ÂWith this change, the kernel could be reading PCRs from a
> > > TPM bank other than SHA1 and calculating the boot_aggregate based on
> a
> > > different hash algorithm as well. ÂI'm not sure how a remote verifier
> > > would know which TPM bank was read, when calculating the boot-
> > > aggregate.
> > Mimi, do you plan to do update LTP test?
> 
> In order to test Roberto's patches that calculates and extends the
> different TPM banks with the appropriate hashes, we'll need some test
> to verify that it is working properly. ÂAs to whether this will be in
> LTP or ima-evm-utils, I'm not sure.

attest-tools (https://github.com/euleros/attest-tools, branch 0.2-devel) has the
ability to parse the BIOS and IMA event logs, and to compare boot_aggregate
with the digest of final PCR values obtained by performing in software the PCR
extend operation with digests in the BIOS event log.

To perform the test, it is necessary to have a complete BIOS event log.

Create req.json with this content:
---
{
  "reqs":{
    "dummy|verify":"",
    "ima_boot_aggregate|verify":""
  }
}
---

With the requirements above, we are telling attest-tools to verify only
boot_aggregate. Without the dummy requirement, verification would
fail (BIOS and remaining IMA measurement entries are not processed).

On server side run:
# attest_ra_server -p 10 -r req.json -s -i

-s disables TPM signature verification
-i allows IMA violations

To enable TPM signature verification it is necessary to have a valid AK
certificate. It can be obtained by following the instructions at:

https://github.com/euleros/attest-tools/blob/0.2-devel/README

On client side run:
# echo test > aik_cert.pem
# echo aik_cert.pem > list_privacy_ca
# attest_ra_client -A

The command above generates an AK.

# attest_ra_client -s <server IP> -q -p 10 -P <PCR algo> -b -i

The command above sends the TPM quote and the event logs
to the RA server and gets the response (successful/failed
verification).

-b includes the BIOS event log from securityfs
-i includes the IMA event log from securityfs

To check that boot_aggregate is calculated properly, use -P sha256
in attest_ra_client and set ima_hash=sha256 in the kernel command
line.

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli