Re: [Linux-ima-user] [Linux-ima-devel] ReCaculate PCR value from IMA measurement list

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2011-03-28 at 21:34 +0800, Yu Xi wrote:
> Dear all,

> 
> I'm writing a testing program to recaculate the pcr value from IMA
> measurement list following the procedure below:
> 
> 
> 
> 
>  {
>    uchar PCR_tmp[20] = {0...0}  // the initial value of pcr assigned
> to zero
> 
>    for (i=0; i<MList.len; i++)
>         PCR_tmp = SHA1(PCR_tmp || MList[i])  // where || means
> concatenation
> 
>    if (PCR == PCR_tmp)
>         return OK
>    else
>         return INVALID
>  }
> 
> 
> However the newly calculated value doesn't match the real PCR.  
> I found that some measurement enty in the list is
> "0000000000000000000000", is this the reason for the problem? Could
> anybody help me to solve the problem? Thank you very much.
> -- 
> Regards
> Xi Yu (禹熹)

Yes, the zero hashes are an indication of an invalidation of the PCR,
either a Time-of-Measure/Time-of-Use(ToMToU) or open-writers error.
Unlike with executables, where the fs prevents executables from being
modified when used, or from being executed when being modified, there
are no such protections when reading a file.

To validate a measurement list that was invalidated, replace the 0x00
hash values with 0xFF's. Refer to ima_tpm.sh: test02 (IMA LTP testsuite)
for an example.

Mimi