Re: [Linux-ima-user] Chain of trust in IMA and IMA for Ubuntu!

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, Jan 14, 2014 at 09:43:16AM -0500, Mimi Zohar wrote:
> On Tue, 2014-01-14 at 13:40 +0100, hassan Ahamad wrote: 
> > I somehow made IMA work on Ubuntu by compiling the kernel. However I can
> > see the measurements from IMA by using this command "sudo cat
> > /sys/kernel/security/ima/ascii_runtime_measurements", But I haven't
> > installed trusted-grub, this again confuses me that how the chain of trust
> > will establish now and are the measurements trusted in this case.
> 
> You're absolutely correct, something needs to measure the kernel and
> initramfs for there to be a measurement chain of trust.  The problem is
> that trusted grub has been around for years, but has not been upstreamed
> for, lets leave it as, "political" reasons.  The community has moved on
> to secure-boot, using grub2.  For secure boot, a hash of the kernel
> image has to be calculated.  The question is whether grub2 adds the
> measurement to a PCR.

So it's not currently /quite/ that simple on a Secure Boot system, but
there's some chance we'll get closer to it being just that.  Right now
you'd have to make shim also hash grub2 and add its measurement to a
PCR, as well as having grub2 do so for its config, the kernel, and any
initramfses to be loaded.  Doing so on a UEFI machine isn't a particularly
difficult change to grub2 - but you may face the same political
problems.  It's probably worth asking Vladimir Serbinenko, who I've
Cced, as he's the upstream maintainer of grub2.

That all being said, on a UEFI machine, the firmware normally starts a
binary using a pair of calls named LoadImage() and StartImage().
During normal operation, if a system is configured to use a TPM, these
calls will be doing the hashing and adding to the PCR.  Currently, though,
if you're on a Secure Boot enabled system, shim is being loaded through
those, and then it's emulating those calls when verifying and loading
grub2.  Currently shim isn't adding things to the PCR either, so that's
one more place that needs to do better.  It's not particularly
difficult, though, we just haven't done it.

-- 
        Peter