From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org
Cc: Roberto Sassu <roberto.sassu@huawei.com>,
Vitaly Chikunov <vt@altlinux.org>,
Patrick Uiterwijk <puiterwi@redhat.com>,
Petr Vorel <pvorel@suse.cz>
Subject: Re: [RFC PATCH 0/8] ima-evm-utils: calculate per TPM bank template digest
Date: Mon, 24 Feb 2020 08:23:19 -0800 [thread overview]
Message-ID: <bb7370d7-6c20-69ef-edfa-f50d75859100@linux.microsoft.com> (raw)
In-Reply-To: <1582420362.10443.18.camel@linux.ibm.com>
On 2/22/20 5:12 PM, Mimi Zohar wrote:
>
> There are two aspects to Roberto's changes - extending the TPM banks
> with the bank specific template digest and verifying the boot
> aggregate. This patch set only addresses the first aspect.
>
> Assuming both the sha1 and sha256 TPM banks are enabled,
>
> # tssgetcapability -cap 5
> 2 PCR selections
> hash TPM_ALG_SHA1
> TPMS
> _PCR_SELECTION length 3
> ff ff ff
> hash TPM_ALG_SHA256
> TPMS_PC
> R_SELECTION length 3
> ff ff ff
>
> the output would look like:
>
> # evmctl ima_measurement -v --list
> /sys/kernel/security/integrity/ima/binary_runtime_measurements
>
> sha1: PCRAgg 10: 7723f6d980725507e5d0eb643dc179aae0efb719
> sha1: TPM PCR-10: 7723f6d980725507e5d0eb643dc179aae0efb719
> sha1 PCR-10: succeed
>
> sha256: PCRAgg 10:
> 5254d6dce62765f884dc67dac8d59a8721ae14495ae4a0cb73426d0c013a82b2
> sha256: TPM PCR-10:
> 5254d6dce62765f884dc67dac8d59a8721ae14495ae4a0cb73426d0c013a82b2
> sha256 PCR-10: succeed
>
Thanks Mimi and Roberto for the update.
tpm2_pcrread command outputs the PCR values.
The one for PCR-10 matches the data output by evmctl.
-lakshmi
prev parent reply other threads:[~2020-02-24 16:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-21 18:38 [RFC PATCH 0/8] ima-evm-utils: calculate per TPM bank template digest Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 1/8] ima-evm-utils: treat unallocated banks as an error Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 2/8] ima-evm-utils: increase the size of "zero" and "fox" variables Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 3/8] ima-evm-utils: calculate the digests for multiple TPM banks Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 4/8] ima-evm-utils: add support in tpm2_read_pcrs to read different " Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 5/8] ima-evm-utils: read the PCRs for the requested " Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 6/8] ima-evm-utils: compare re-calculated PCRs with the TPM values Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 7/8] ima-evm-utils: use a common bank variable for TPM 1.2 and TPM 2.0 Mimi Zohar
2020-02-21 18:38 ` [RFC PATCH 8/8] ima-evm-utils: remove TPM 1.2 specific code Mimi Zohar
2020-02-22 0:11 ` [RFC PATCH 0/8] ima-evm-utils: calculate per TPM bank template digest Lakshmi Ramasubramanian
2020-02-23 1:12 ` Mimi Zohar
2020-02-24 16:23 ` Lakshmi Ramasubramanian [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bb7370d7-6c20-69ef-edfa-f50d75859100@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=linux-integrity@vger.kernel.org \
--cc=puiterwi@redhat.com \
--cc=pvorel@suse.cz \
--cc=roberto.sassu@huawei.com \
--cc=vt@altlinux.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.