James Morris <[email protected]> wrote on 05/23/2005 07:59:09 PM:
> On Mon, 23 May 2005, Reiner Sailer wrote:
>
> > > It seems to me that the mechanism is sound... it does what the docs
> > > says. Another questions is "is it usefull"?
> > >
> > > Pavel
> > >
> >
> > We implemented some exemplary IMA-applications. If you like, visit our
> > project page and check out the references:
> >
http://www.research.ibm.com/secure_systems_department/projects/tcglinux/
> > There you also find a complete measurement list and a response of a
measured
> > system replying to an authorized remote measurement-list-request.
>
> How did you retrieve the TPM-aggregate?
We use the general TPM interface and a TPM library that IBM open-sourced
in the
"early times of TPM". Today, the there is also the TrouSerS open-source
(sorceforge)
stack that can be used to retrieve a quote. Other libraries are certainly
available as well. Any implementation offering TPM-Spec quote function can
be used.
> I'm still not sure why exporting just the kernel measurement values via
> proc is useful.
It is useful in practice because once the system is up and running, the
measurement list grows very slowly. Thus, retrieving the measurements
separately from the signature did not result in sync problems
(measurements
being added between retrieving the signature and retrieving the
measurement
list). We did not have a single case where we run into the problem but one
can
construct system loads that might trigger an async between the retrievals.
In this
case, one can adjust the measurement list (skip entries added after the
TPM signature
was created) if you first retrieve the TPM signature and then the
measurement list.
You'll discover the last signed measurement entries by recalculating the
signed
aggregate.
> Wouldn't you need to retrieve the measurement list atomically with the
> TPM-aggregate?
You can do this atomically but then you need to implement the quote
functionality
in the kernel when retrieving the list or you need to develop a quote* TPM
command
that includes the measurement list with the signature blob (non-TPM-spec
conform).
We chose to go with the original Quote (TPM signature) and keep the
defined TPM
interface, since we preferred keeping existing interfaces until we
encounter problems.
> In which case, we'd need an interface which takes a nonce and returns
the
> kernel measurement list and the TPM-aggregate together.
> Is the source of your example IMA attestation application available?
This application is not available at this time. However, its major
building blocks
are almost all open-source (TSS stack, TPM kernel driver, IMA). The rest
is mainly
communication infrastructure and building SHA1-databases to compare
measurements
against expected and known measurements.
>
> - James
> --
> James Morris
> <[email protected]>
>
>
>
The point you are making is a good one. We implemented a trade-off and if
users of
IMA suggest that the trade-off towards compatibility is leading to
problems, it is
worth to re-evaluate this trade-off and create an atomic function.
Thanks.
Reiner
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]