Menu
▾
▴
Re: [TrouSerS-users] Question about verify IMA Measurement list
|
From: 柯晋 <ars...@gm...> - 2008-08-03 02:03:50
|
Hi Seiji,
Yes,They are all the same.In addition,Do I need to install grub-ima
before install IMA?Now I am using Trusted Grub as the BootLoader.In my
opinion ,it seems that grub-ima and IMA are two independent modules. My OS
is ubuntu 8.04,but the grub-ima INSTALL just give the mothod of installing
in RedHat Enterprise Linux 5.I have tried to download the grub-0.97 source
code then apply the grub-ima patch myself,but it failed in two places when
patching. I wonder if the grub-ima only support RedHat EL or other LInux
Editons which are compatible with RedHat(using .rpm ,Like Suse)?In this Page
: http://sourceforge.jp/projects/openpts/wiki/HowToBuildForUbuntuHardy
the method to install grub-ima in ubuntu is still (TBD)To be Determined,So I
want to know that if there is somebody success Using grub-ima in ubuntu?
--
KeJin
2008/8/3 Seiji Munetoh <sei...@gm...>
> Hi,
>
> Is The IML you get from GetEventLog call same with
> /sys/kernel/security/ima/ascii_runtime_measurements ?
> And is the PCR value same with
> /sys/class/misc/tpm0/device/pcrs ?
>
> --
> Seiji
>
> 2008/8/2 柯晋 <ars...@gm...>:
> > Hi Seiji,
> > Yes,I have tried to do so,but the result is still wrong.And I have
> > tried to Get EventLog both before and after ReadPCR,but it makes no
> > differences.
> >
> >
> > 2008/8/2 Seiji Munetoh <sei...@gm...>
> >>
> >> Hi,
> >>
> >> Have you try to run the code twice?
> >> The new build code is measured by IMA again and the PCR also updated.
> >> But, the IML and the PCR will be different due to the some time-lag.
> >>
> >> --
> >> Seiji
> >>
> >> 2008/8/1 柯晋 <ars...@gm...>:
> >> > Hi ,
> >> > I am trying to validate the Measurement list but have some problem
> with
> >> > it.
> >> > I have got a list of measurements ( a array of TSS_PCR_EVENT)by
> using
> >> > Tspi_TPM_GetEventLog ();then I re-calculate the PCR value according to
> >> > the
> >> > ulPcrIndex and rgbPcrValue of TSS_PCR_EVENT.Here are parts of my code:
> >> >
> >> >
> >> >
> ///////////////////////////////////////////////////////////////////////////////////////////////////////////
> >> > TSS_PCR_EVENT* PCREvents;
> >> > unsigned char SHA1buf[20];
> >> > unsigned char tmpbuf[40];
> >> >
> >> > BYTE *rgbPcrValue;
> >> > UINT32 ulPcrValueLength;
> >> > int index =10; //which PCR to validate
> >> >
> >> > Tspi_TPM_GetEventLog(hTPM, &ulEventNumber,&PCREvents);
> >> > memset(SHA1buf,0,20);
> >> > for(j=0;j<ulEventNumber;j++)
> >> > {
> >> > if(PCREvents[j].ulPcrIndex==index)
> >> > {
> >> > //re-alculate PCR
> >> > memcpy(tmpbuf,SHA1buf,20);
> >> > memcpy(tmpbuf+20,PCREvents[j].rgbPcrValue,20);
> >> > SHA1(tmpbuf,40,SHA1buf);
> >> > }
> >> > }
> >> > //Read PCR
> >> > Tspi_TPM_PcrRead( hTPM, 10, &ulPcrValueLength, &rgbPcrValue );
> >> >
> >> > ret=memcmp(SHA1buf,rgbPcrValue,20); //validate the
> re-alculate
> >> > PCR
> >> > by comparing with the value read from Tspi_TPM_PcrRead
> >> > if(ret==0)
> >> > printf( "correct!!\n" );
> >> > else
> >> > printf( "wrong!!\n" );
> >> >
> >> >
> //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
> >> >
> >> > When the Index is 0,1,2,3,4,5,6,7 it all return "correct!"
> >> > but when the index is 10 it return "wrong!"
> >> >
> >> > I have edit the tcsd.conf like
> >> > firmware_pcrs =0,1,2,3,4,5,6,7 (delete the "#")
> >> > kernel_pcrs =10 (delete the "#")
> >> > firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
> >> > (delete the "#")
> >> > kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
> >> > (delete the "#")
> >> >
> >> > And the Tspi_TPM_GetEventLog works well and can print the Events
> >> > correctly
> >> > (I use the code in TestSuite /highlevel/tpm/Tspi_TPM_GetEventLog05.c
> to
> >> > print the result)
> >> > it print like:
> >> >
> >> > index hash
> >> >
> >> > type value
> >> > .
> >> > .
> >> > .
> >> > 10 dfb2b8a216a1cc1df27c7d890990c52759cdd1e5 1
> >> >
> >> >
> 2f7573722f6c69622f676e6f6d652d73637265656e73617665722f676e6f6d652d73637265656e73617665722d676c2d68656c706572
> >> > 10 524093156abf48014a500b8098755258e4434494 1
> >> >
> >> >
> 2f7573722f6c69622f676e6f6d652d73637265656e73617665722f676e6f6d652d73637265656e73617665722f736c69646573686f77
> >> > 10 0a3a5d9fd6823e78a9ec71e65c851bf8eeeb78f7 1
> >> >
> >> >
> 2f7573722f6c69622f67746b2d322e302f322e31302e302f6c6f61646572732f6c69627069786275666c6f616465722d6a7065672e736f
> >> > 10 d85baddca2ef83df224b579a3a6ce081b3d33b1c 1
> >> > 2f7573722f62696e2f657661
> >> > 10 40ab7ea0bc0abdb13bfd48b9264e6c43107008ef 1
> >> > 2f7573722f6c69622f6c69626b68746d6c2e736f2e342e322e30
> >> > 10 3d259a849377a9f6a6369008f11dc87d5c02a89d 1
> >> > 2f7573722f6c69622f6c69626b70617274732e736f2e322e312e30
> >> > .
> >> > .
> >> > .
> >> > And I have find that IBM have give the method of cerifying the PCR 10
> at
> >> > the link below:
> >> >
> >> >
> http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html
> >> > it mentions like that:
> >> > Recalculating the PCR content can be done as follows:
> >> >
> >> > Verifying the PCR aggregate
> >> >
> >> > {
> >> > uchar PCR_tmp[20] = {0...0}
> >> >
> >> > for (i=0; i<MList.len; i++)
> >> > PCR_tmp = SHA1(PCR_tmp|MList[i])
> >> >
> >> > if (PCR == PCR_tmp)
> >> > return OK
> >> > else
> >> > return INVALID
> >> > }
> >> > So I assume that my method of re-alculateing is correct.
> >> > Does someone have a idea why such failures?
> >> > Or is there someone have ever successed in verifying the IMA EventLog?
> >> >
> >> > Thanks.
> >> > --KeJin
> >> >
> >> >
> >> >
> >> >
> >> >
> -------------------------------------------------------------------------
> >> > This SF.Net email is sponsored by the Moblin Your Move Developer's
> >> > challenge
> >> > Build the coolest Linux based applications with Moblin SDK & win great
> >> > prizes
> >> > Grand prize is a trip for two to an Open Source event anywhere in the
> >> > world
> >> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> > _______________________________________________
> >> > TrouSerS-users mailing list
> >> > Tro...@li...
> >> > https://lists.sourceforge.net/lists/listinfo/trousers-users
> >> >
> >> >
> >
> >
> |