Re: [Linux-ima-user] An IMA newbie question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Rajiv,

One thing just occurred to me:

My machine was PXEbooted and diskless.  Is this supported in trusted boot
measurement list?

Regards,

David

On Mon, Aug 8, 2011 at 7:45 PM, Rajiv Andrade <sr...@li...>wrote:

> Maybe I can help with the first section:
>
> On 08-08-2011 13:01, Mimi Zohar wrote:
> > On Fri, 2011-08-05 at 12:13 -0700, David Li wrote:
> >> Hi Mimi,
> >>
> >> A few more questions. Maybe this is because I am not familiar with the
> >> TPM specs.
> >>
> >>  1. For boot measurements, I don't quite understand the contents in
> >> tpm0/ascii_bios_measurements:
> >> ------------------------
> >> -bash-4.1# cat ascii_bios_measurements
> >>  0 298df125b260ef64201bdf0815c003873eedd50e 08 [S-CRTM Version]
> >>  0 601c176e940570ac499814b48464e40e3ace1e24 80000008 []
> >>  0 530983fd9caddb20e6f0da59e05f1c66b4d170c8 80000008 []
> >>  2 753287ecae33ed00090081a45280a2b81777b7a5 80000004 []
> >>  2 94c047a4256e04cccc99e43fdc6bb4c1cdef1ec3 80000004 []
> >>  2 b3b175a24d63c62c2c64bfd66a4a0de41bef105b 80000004 []
> >>  2 6b5a2268e60f5bdaa80f164f9e5d8bf88cb130c2 80000005 []
> >>  2 6b5a2268e60f5bdaa80f164f9e5d8bf88cb130c2 80000005 []
> >>  2 6b5a2268e60f5bdaa80f164f9e5d8bf88cb130c2 80000005 []
> >>  2 6b5a2268e60f5bdaa80f164f9e5d8bf88cb130c2 80000005 []
> >> <snip>
> >>
> >> The 1st col is the PCR#.
> > yes
> >
> >> Is the 2nd col the hash value corresponding to some BIOS executable or
> >> file?  Why do some of them have the same hash value for the same PCR?
> > Yes, this is the hash.  I'll defer to others on the mailing list about
> > the BIOS measurement specifics.
> It doesn't happen here, maybe the bios is registering such events
> duplicated by mistake? Can you send us the binary blob of such event log
> (binary_bios_measurements)?
> >> What's the 3rd col?
> The event type, according to tpm_bios.c:
>
> enum tcpa_event_types {
>    PREBOOT = 0,
>    POST_CODE,
>    UNUSED,
>    NO_ACTION,
>    SEPARATOR,
>    ACTION,
>    EVENT_TAG,
>    SCRTM_CONTENTS,
>    SCRTM_VERSION,
>    CPU_MICROCODE,
>    PLATFORM_CONFIG_FLAGS,
>    TABLE_OF_DEVICES,
>    COMPACT_HASH,
>    IPL,
>    IPL_PARTITION_DATA,
>    NONHOST_CODE,
>    NONHOST_CONFIG,
>    NONHOST_INFO,
> };
>
> It's odd though that there's a high bit being set for some of them, the
> same doesn't happen here. After looking at the binary log we can say who's
> the culprit, tpm_bios or the bios itself setting the event log incorrectly,
> and then come up with a workaround.
>
> Rajiv
>
>