From: 柯晋 <ars...@gm...> - 2008-08-03 02:03:50
|
Hi Seiji, Yes,They are all the same.In addition,Do I need to install grub-ima before install IMA?Now I am using Trusted Grub as the BootLoader.In my opinion ,it seems that grub-ima and IMA are two independent modules. My OS is ubuntu 8.04,but the grub-ima INSTALL just give the mothod of installing in RedHat Enterprise Linux 5.I have tried to download the grub-0.97 source code then apply the grub-ima patch myself,but it failed in two places when patching. I wonder if the grub-ima only support RedHat EL or other LInux Editons which are compatible with RedHat(using .rpm ,Like Suse)?In this Page : http://sourceforge.jp/projects/openpts/wiki/HowToBuildForUbuntuHardy the method to install grub-ima in ubuntu is still (TBD)To be Determined,So I want to know that if there is somebody success Using grub-ima in ubuntu? -- KeJin 2008/8/3 Seiji Munetoh <sei...@gm...> > Hi, > > Is The IML you get from GetEventLog call same with > /sys/kernel/security/ima/ascii_runtime_measurements ? > And is the PCR value same with > /sys/class/misc/tpm0/device/pcrs ? > > -- > Seiji > > 2008/8/2 柯晋 <ars...@gm...>: > > Hi Seiji, > > Yes,I have tried to do so,but the result is still wrong.And I have > > tried to Get EventLog both before and after ReadPCR,but it makes no > > differences. > > > > > > 2008/8/2 Seiji Munetoh <sei...@gm...> > >> > >> Hi, > >> > >> Have you try to run the code twice? > >> The new build code is measured by IMA again and the PCR also updated. > >> But, the IML and the PCR will be different due to the some time-lag. > >> > >> -- > >> Seiji > >> > >> 2008/8/1 柯晋 <ars...@gm...>: > >> > Hi , > >> > I am trying to validate the Measurement list but have some problem > with > >> > it. > >> > I have got a list of measurements ( a array of TSS_PCR_EVENT)by > using > >> > Tspi_TPM_GetEventLog ();then I re-calculate the PCR value according to > >> > the > >> > ulPcrIndex and rgbPcrValue of TSS_PCR_EVENT.Here are parts of my code: > >> > > >> > > >> > > /////////////////////////////////////////////////////////////////////////////////////////////////////////// > >> > TSS_PCR_EVENT* PCREvents; > >> > unsigned char SHA1buf[20]; > >> > unsigned char tmpbuf[40]; > >> > > >> > BYTE *rgbPcrValue; > >> > UINT32 ulPcrValueLength; > >> > int index =10; //which PCR to validate > >> > > >> > Tspi_TPM_GetEventLog(hTPM, &ulEventNumber,&PCREvents); > >> > memset(SHA1buf,0,20); > >> > for(j=0;j<ulEventNumber;j++) > >> > { > >> > if(PCREvents[j].ulPcrIndex==index) > >> > { > >> > //re-alculate PCR > >> > memcpy(tmpbuf,SHA1buf,20); > >> > memcpy(tmpbuf+20,PCREvents[j].rgbPcrValue,20); > >> > SHA1(tmpbuf,40,SHA1buf); > >> > } > >> > } > >> > //Read PCR > >> > Tspi_TPM_PcrRead( hTPM, 10, &ulPcrValueLength, &rgbPcrValue ); > >> > > >> > ret=memcmp(SHA1buf,rgbPcrValue,20); //validate the > re-alculate > >> > PCR > >> > by comparing with the value read from Tspi_TPM_PcrRead > >> > if(ret==0) > >> > printf( "correct!!\n" ); > >> > else > >> > printf( "wrong!!\n" ); > >> > > >> > > ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > >> > > >> > When the Index is 0,1,2,3,4,5,6,7 it all return "correct!" > >> > but when the index is 10 it return "wrong!" > >> > > >> > I have edit the tcsd.conf like > >> > firmware_pcrs =0,1,2,3,4,5,6,7 (delete the "#") > >> > kernel_pcrs =10 (delete the "#") > >> > firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements > >> > (delete the "#") > >> > kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements > >> > (delete the "#") > >> > > >> > And the Tspi_TPM_GetEventLog works well and can print the Events > >> > correctly > >> > (I use the code in TestSuite /highlevel/tpm/Tspi_TPM_GetEventLog05.c > to > >> > print the result) > >> > it print like: > >> > > >> > index hash > >> > > >> > type value > >> > . > >> > . > >> > . > >> > 10 dfb2b8a216a1cc1df27c7d890990c52759cdd1e5 1 > >> > > >> > > 2f7573722f6c69622f676e6f6d652d73637265656e73617665722f676e6f6d652d73637265656e73617665722d676c2d68656c706572 > >> > 10 524093156abf48014a500b8098755258e4434494 1 > >> > > >> > > 2f7573722f6c69622f676e6f6d652d73637265656e73617665722f676e6f6d652d73637265656e73617665722f736c69646573686f77 > >> > 10 0a3a5d9fd6823e78a9ec71e65c851bf8eeeb78f7 1 > >> > > >> > > 2f7573722f6c69622f67746b2d322e302f322e31302e302f6c6f61646572732f6c69627069786275666c6f616465722d6a7065672e736f > >> > 10 d85baddca2ef83df224b579a3a6ce081b3d33b1c 1 > >> > 2f7573722f62696e2f657661 > >> > 10 40ab7ea0bc0abdb13bfd48b9264e6c43107008ef 1 > >> > 2f7573722f6c69622f6c69626b68746d6c2e736f2e342e322e30 > >> > 10 3d259a849377a9f6a6369008f11dc87d5c02a89d 1 > >> > 2f7573722f6c69622f6c69626b70617274732e736f2e322e312e30 > >> > . > >> > . > >> > . > >> > And I have find that IBM have give the method of cerifying the PCR 10 > at > >> > the link below: > >> > > >> > > http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html > >> > it mentions like that: > >> > Recalculating the PCR content can be done as follows: > >> > > >> > Verifying the PCR aggregate > >> > > >> > { > >> > uchar PCR_tmp[20] = {0...0} > >> > > >> > for (i=0; i<MList.len; i++) > >> > PCR_tmp = SHA1(PCR_tmp|MList[i]) > >> > > >> > if (PCR == PCR_tmp) > >> > return OK > >> > else > >> > return INVALID > >> > } > >> > So I assume that my method of re-alculateing is correct. > >> > Does someone have a idea why such failures? > >> > Or is there someone have ever successed in verifying the IMA EventLog? > >> > > >> > Thanks. > >> > --KeJin > >> > > >> > > >> > > >> > > >> > > ------------------------------------------------------------------------- > >> > This SF.Net email is sponsored by the Moblin Your Move Developer's > >> > challenge > >> > Build the coolest Linux based applications with Moblin SDK & win great > >> > prizes > >> > Grand prize is a trip for two to an Open Source event anywhere in the > >> > world > >> > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > >> > _______________________________________________ > >> > TrouSerS-users mailing list > >> > Tro...@li... > >> > https://lists.sourceforge.net/lists/listinfo/trousers-users > >> > > >> > > > > > > |