The binary format described in /Documentation/ima/INSTALL is as follows:
PCR# Digest Flags Filename Separator
32 bit || 20*8 bit || 32 bit || char[x<=40] || '\0'
I tried reading the binary file and figured out the format is actually
slightly different. There is a 32 bit field (all zeros) after PCR#,
filenames include full path rather than just the name and are greater than
40 characters as well. The separator is '\n'.
So the format is as follows:
PCR# Zeros Digest Flags Filename Separator
32 bit || 32 bit || 20*8 bit || 32 bit || char[x] || '\n'
This works for me but I wonder why is it different from what is documented.
Is it dependent on kernel or platform?
On Wed, Jul 30, 2008 at 6:23 AM, Reiner Sailer <sailer@...> wrote:
> The format of the binary measurements is in the Documentation/ima/INSTALL
> file after patching the kernel. I believe the binary format is described is
> section 5.
> The binary format for each measurement has one variable length field (the
> name and path of the file being measured) which is the last parameter.
> There should also be some open-source code in the TrouSerS TSS stack
> implementation that reads those measurements, but I have not looked at this
> so this is a guess.
> [TrouSerS: http://trousers.sourceforge.net/]
> From: "Lavina Jain" <lavina.jain@...>
> To: linux-ima-user@...
> Cc: lavina.jain@...
> Date: 07/30/2008 03:25 AM
> Subject: [Linux-ima-user] Reading binary_runtime_measurements in a
> I was wondering whether it is possible to read an entry in
> binary_runtime_measurements in a C structure using a C program. Can
> somebody please explain the format of the binary file.
> Is there any application or code already available that verifies a PCR
> aggregate against measurement list.
> Kind Regards,
> "Unravelling life's mysteries and discovering life's secrets may take the
> courage and determination found only in a self-motivated pursuit."
> - Peter McWilliams
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> Build the coolest Linux based applications with Moblin SDK & win great
> Grand prize is a trip for two to an Open Source event anywhere in the world
> Linux-ima-user mailing list
"Unravelling life's mysteries and discovering life's secrets may take the
courage and determination found only in a self-motivated pursuit."
- Peter McWilliams