Xing, Cedric wrote:If I'm not mistaken, "crypto agile log" refers to the same format as "TCG2 log". It's "crypto agile" because it allows a plurality of hash algorithms/digests (specified in the "digests" array) to be extended to one PCR - each algorithm supported is called a "bank" of the PCR.
On 2/13/2024 8:05 AM, James Bottomley wrote:[..]
[..]The TCG crypto agile log format isHi James,
index (32 bit),
event tag (32 bit),
digests array,
sized event entry (up to 4GB)
So an IMA log entry can definitely be transformed into this format
(providing someone agrees to the tag or set of tags). The slight
problem would be that none of the current IMA tools would understand
it, but that could be solved over time (the kernel could use the TCG
format internally but transform to the IMA format for the current
securityfs IMA log).
Another problem of CEL is that NOT every byte of an event is
hashed/extended. CEL spec has defined for each "content_type" the subset
of bytes to hash, so a verifier must understand ALL content types to be
able to verify the integrity of a log. In other words, the integrity of
a "systemd" log can never be verified by a CEL conformant verifier.
Wait, James said, "crypto agile log format", not CEL. Crypto agile log
format looks more generic, no "recnum" for example.
[..]If we look at how CEL is defined, it separates information model from encoding. Information models have to be contextualized within specific applications, but encodings don't. The reason for 14 standards is because there are 14 different applications. The 15th may be able to combine the existing 14 into a single one, but probably cannot accommodate the 16th.
[..]IMHO, we don't have to follow TCG2 format..
https://xkcd.com/927/That is funny :-D
I can't agree more, so "no log" I think is always an option.
So to me, "no log" means that instead of going from 14 standards going
to 15, the kernel is saying "whee, infinite userspace log formats!", an
abdication of its role to support a stable application ABI.
The job here to define a kernel de-facto standard for the tags that this
configs implementation of a cryto agile log emits, right? As James says:
"(providing someone agrees to the tag or set of tags)"