Hi Sasha,

On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote:

On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote:

quoted

Hi Sasha,

On Wed, 2020-07-08 at 11:40 -0400, Sasha Levin wrote:

quoted

From: Maurizio Drocco <redacted>

[ Upstream commit 20c59ce010f84300f6c655d32db2610d3433f85c ]

Registers 8-9 are used to store measurements of the kernel and its
command line (e.g., grub2 bootloader with tpm module enabled). IMA
should include them in the boot aggregate. Registers 8-9 should be
only included in non-SHA1 digests to avoid ambiguity.

Prior to Linux 5.8, the SHA1 template data hashes were padded before
being extended into the TPM.  Support for calculating and extending
the per TPM bank template data digests is only being upstreamed in
Linux 5.8.

How will attestation servers know whether to include PCRs 8 & 9 in the
the boot_aggregate calculation?  Now, there is a direct relationship
between the template data SHA1 padded digest not including PCRs 8 & 9,
and the new per TPM bank template data digest including them.

Got it, I'll drop it then, thank you!

After re-thinking this over, I realized that the attestation server can
verify the "boot_aggregate" based on the quoted PCRs without knowing
whether padded SHA1 hashes or per TPM bank hash values were extended
into the TPM[1], but non-SHA1 boot aggregate values [2] should always
include PCRs 8 & 9.

Any place commit 6f1a1d103b48 was backported [2], this commit
20c59ce010f8 ("ima: extend boot_aggregate with kernel measurements")
should be backported as well.

thanks,

Mimi

[1] commit 1ea973df6e21 ("ima: Calculate and extend PCR with digests in ima_template_entry")
[2] commit 6f1a1d103b48 ("ima: Switch to ima_hash_algo for boot aggregate")