All of lore.kernel.org
 help / color / mirror / Atom feed
* [tpm2] Use PCR10 of sha256 PCR bank
@ 2020-05-07 22:52 eduardolfalcao
  0 siblings, 0 replies; only message in thread
From: eduardolfalcao @ 2020-05-07 22:52 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 4004 bytes --]

Hello guys.

I am new to TPM2, and I'm trying it for approx 3 weeks.

First, I set up my environment, and configured the default IMA policy:

 #!/bin/sh
# PROC_SUPER_MAGIC
dont_measure fsmagic=0x9fa0
# SYSFS_MAGIC
dont_measure fsmagic=0x62656572
# DEBUGFS_MAGIC
dont_measure fsmagic=0x64626720
# TMPFS_MAGIC
dont_measure fsmagic=0x01021994
# RAMFS_MAGIC
dont_measure fsmagic=0x858458f6
# SECURITYFS_MAGIC
dont_measure fsmagic=0x73636673
# MEASUREMENTS
measure func=BPRM_CHECK
measure func=FILE_MMAP mask=MAY_EXEC
measure func=MODULE_CHECK uid=0


The I configured the grub to use sha256:

sudo sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="ima_policy=tcb ima_hash=sha256"/' /etc/default/grub
sudo update-grub

After rebooting, I just noticed that PCR10 is used for sha1, but it is not used for sha256.

ubuntu(a)ubuntu:~$ tpm2_pcrread 
sha1:
  0 : 0x4F7F3D318FC01183E7DE3A0DCC4BE34FBCCDBA7D
  1 : 0xD0DF6DEABE5A83A927BE7F1AC5C76DF42B5FF333
  2 : 0x9D360B5F970A10C59FBF023EF5C5D9E546ABDDCD
  3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236
  4 : 0x8AF8DEDB82AC4B6C134217F96D6CCA75B71283E2
  5 : 0x0E892480CC081670FC80BCDF3B87EA3FB1D218D4
  6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236
  7 : 0x518BD167271FBB64589C61E43D8C0165861431D8
  8 : 0x0000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000
  10: 0xBB07F51CB74DC7BE01AF413A0557C0DA6FD1E61A
  11: 0x0000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000
sha256:
  0 : 0xE4B28BC5903BADFD7F4D33EA968A902B25CAB39599DE43E9BD1D86A4235905EF
  1 : 0x150FD1738628C5852A6FF5B63B3185EFA55B3BB37E19ADC1A40522182061A33D
  2 : 0xD907F34E551760DAE63FD94BFC44B2D629CB556596D3914C4170B1F3D605A3FE
  3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
  4 : 0x3D3B637E8C2D01305762025C4F3B7E3DEB169D8976A29607C387DC028A5514B8
  5 : 0xAB79C14B70120A8F628C73B4D9B460A980752EEDED1B149A6D3DFED57E8ACABB
  6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
  7 : 0x65CAF8DD1E0EA7A6347B635D2B379C93B9A1351EDC2AFC3ECDA700E534EB3068
  8 : 0x0000000000000000000000000000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000000000000000000000000000
  10: 0x0000000000000000000000000000000000000000000000000000000000000000
  11: 0x0000000000000000000000000000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000000000000000000000000000

How do I manage to use sha256 and get the IMA measurements displayed on PCR10 of sha256 bank?
Could anyone help me?

Best regards :)

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2020-05-07 22:52 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-07 22:52 [tpm2] Use PCR10 of sha256 PCR bank eduardolfalcao

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.