Menu
▾
▴
Re: [Linux-ima-user] [Linux-ima-devel] ReCaculate PCR value from IMA measurement list
|
From: Mimi Z. <zo...@li...> - 2011-03-30 11:40:37
|
On Wed, 2011-03-30 at 10:47 +0800, Yu Xi wrote: > Thank you very much, Mimi. Following the "ima_measure.c" program in > LTP, I have succeeded in finishing the remote attestation demo > program. However, I notice one minor problem of ima. When validating > the composite hash (the hash caculated from struct<file content hash, > file name>), one has to set up the size of the char array, which is > used for storing file name, to be as exact as 256 and fill the rest > space of the array to be "0" to get things work. This is not quite > friendly for programmers. Why not caculate the composite hash from the > valid bytes in the struct(not including the whole filename char array, > but only the valid filename bytes), but not from the whole struct? I > think that might make more sense. Hi Xu Yi, Agreed. Support for different types of template data was discussed last spring, resulting in the following patches: ima: add template length to binary_runtime_measurements log ima: add support for additional template hash algorithms ima: define ima-nglong template ima: add LSM labels to the ima-nglong template The LSS 2010 EVM slides have examples of the different templates: http://userweb.kernel.org/~jmorris/lss2010_slides/EVM-security-summit.odp thanks, Mimi |
