Re: ima pcr question

From: Jerry Snitselaar <jsnitsel@redhat.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	linux-integrity@vger.kernel.org
Subject: Re: ima pcr question
Date: Sat, 18 Jan 2020 16:20:04 -0700	[thread overview]
Message-ID: <20200118232004.lt2u2u6ryitrkaa2@cantor> (raw)
In-Reply-To: <20200118191414.m4gqggwfavkjlef4@cantor>

On Sat Jan 18 20, Jerry Snitselaar wrote:
>On Fri Jan 17 20, James Bottomley wrote:
>>On Fri, 2020-01-17 at 15:29 -0700, Jerry Snitselaar wrote:
>>>On Mon Jan 13 20, Mimi Zohar wrote:
>>>> On Mon, 2020-01-13 at 17:06 -0700, Jerry Snitselaar wrote:
>>>> > We had a report of messages from ima saying "Error communicating
>>>> > with
>>>> > TPM".  Looking into it a bit, it looks like with some Dell
>>>> > systems
>>>> > (possibly others as well) in the bios they can set the hash
>>>> > algorithm
>>>> > being used. In this case with that set to sha256 the messages
>>>> > appear. Flipping the system to using sha1 makes them disappear.
>>>> > Looking at the ima code, ima_calc_boot_aggregate_tfm hard codes
>>>> > using
>>>> > sha1. Should that be changed to use whatever the default is in
>>>> > the
>>>> > config, or possibly find out from the tpm what algorithm is being
>>>> > used?
>>>>
>>>> The ima-ng template contains two digests.  The first digest is the
>>>> value being extended into the TPM, while the second digest is
>>>> either
>>>> the boot aggregate or file data hash.  It sounds like the problem
>>>> is
>>>> with the first digest.  Changing the boot-aggregate to use sha256
>>>> might be a good idea, but probably won't fix the problem.
>>>>
>>>> Mimi
>>>>
>>>
>>>The error message is coming from ima_pcrread, and the tpm_digest that
>>>gets passed
>>>by ima_calc_boot_aggregate_tfm to ima_pcrread is declared:
>>>
>>>	struct tpm_digest d = { .alg_id = TPM_ALG_SHA1, .digest = {0}
>>>};
>>>
>>>According to Dell their default BIOS setting is to use sha256. What
>>>they see with that
>>>setting is:
>>>
>>>[ 5.475036] ima: Error Communicating to TPM chip
>>>[ 5.475083] tsc: Refined TSC clocksource calibration: 3311.999 MHz
>>>[ 5.475092] clocksource: tsc: mask: 0xffffffffffffffff max_cycles:
>>>0x2fbd936b72f, max_idle_ns: 440795283163 ns
>>>[ 5.475118] ima: Error Communicating to TPM chip
>>>[ 5.475165] ima: Error Communicating to TPM chip
>>>[ 5.475235] clocksource: Switched to clocksource tsc
>>>[ 5.475266] ima: Error Communicating to TPM chip
>>>[ 5.475311] ima: Error Communicating to TPM chip
>>>[ 5.475341] ima: Error Communicating to TPM chip
>>>[ 5.475371] ima: Error Communicating to TPM chip
>>>[ 5.475402] ima: Error Communicating to TPM chip
>>>[ 5.489049] ima: No architecture policies found
>>
>>The implication seems to be that on a DELL setting the bios default to
>>sha256 turns off the TPM's sha1 pcr banks ... is that the case?
>>
>>tssgetcapability -cap 5
>>
>>should confirm or deny this.
>>
>>James
>>
>
>I believe so, I'm waiting to get access to the system here to double check.
>Before with the intel stack, tpm2_pcrlist -s would return both sha1 and sha256,
>but the plain tpm2_pcrlist command would show only banks for one or the other
>depending on which setting was in the bios. For the other it would just print
>out the algorithm and nothing else.
>
>I should be able to run the tss2 command later today.
>
>Regards,
>Jerry

with sha1 selected:

[root@dell-per830-01 ~]# tssgetcapability -cap 5
2 PCR selections
     hash TPM_ALG_SHA1
     TPMS_PCR_SELECTION length 3
     ff ff ff 
     hash TPM_ALG_SHA256
     TPMS_PCR_SELECTION length 3
     00 00 00 

with sha256 selected:

[root@dell-per830-01 ~]# tssgetcapability -cap 5
2 PCR selections
     hash TPM_ALG_SHA1
     TPMS_PCR_SELECTION length 3
     00 00 00 
     hash TPM_ALG_SHA256
     TPMS_PCR_SELECTION length 3
     ff ff ff