Re: [PATCH 6/7] ima: Introduce template field evmxattrs

[Mimi Zohar <zohar@linux.ibm.com>]

Hi Roberto,

On Thu, 2021-05-20 at 10:57 +0200, Roberto Sassu wrote:
> This patch introduces the new template field evmxattrs, which contains the
> number of EVM protected xattrs (u32 in little endian), the xattr names
> separated by \0, the xattr lengths (u32 in little endian) and the xattr
> values. Xattrs can be used to verify the EVM portable signature, if it was
> included with the template fields sig or evmsig.

Verifying the file data hash and the template data hash, the value
extended into the TPM,  are straight forward.  In the first case all
that is needed is the public key, and in the other case the length of
the template data.  Verifying the template data hash doesn't require
any knowledge of the template data format.   All that is needed is the
length of the template data.

This patch set provides all the necessary information for verifying the
EVM portable signature, but it is so much more difficult.  For example,
the security xattrs are listed in whatever order listxattr returns, not
the order in which the hash is calculated.  Does the attestation server
really need to know which xattrs are included or their length?  If that
information is important for the attestation server, then perhaps
provide it separately from the xattrs data.

I'm thinking the attestation server just needs the ability of verifying
the EVM portable signature.   As each field is prefixed with the field
data length, the attestation server should be able to re-calculate the
expected hash - xattrs, followed by the individual "misc" data fields.

thanks,

Mimi