[dm-devel] [PATCH 7/7] dm: add documentation for IMA measurement support

Tushar Sugandhi tusharsu at linux.microsoft.com
Sat Jul 24 07:25:54 UTC 2021 

Hi Mimi,

On 7/20/21 7:33 PM, Mimi Zohar wrote:
> Hi Tushar, Mike,
> 
> On Mon, 2021-07-12 at 17:49 -0700, Tushar Sugandhi wrote:
>> +Then IMA ASCII measurement log has the following format:
>> +PCR TEMPLATE_DIGEST TEMPLATE ALG:EVENT_DIGEST EVENT_NAME EVENT_DATA
>> +
>> +PCR := Platform Configuration Register, in which the values are registered.
>> +       This is applicable if TPM chip is in use.
>> +TEMPLATE_DIGEST := Template digest of the IMA record.
> 
> ^TEMPLATE_DATA_DIGEST
> 
Will do.

>> +TEMPLATE := Template that registered the integrity value (e.g. ima-buf).
> 
> ^TEMPLATE_NAME
>
Will do.

> The template data format consists of:
>> +ALG:EVENT_DIGEST = Algorithm to compute event digest, followed by digest of event data
>> +EVENT_NAME := Description of the event (e.g. 'table_load').
>> +EVENT_DATA := The event data to be measured.
> 
Thanks. I will add this to the dm-ima documentation.

> Missing from the document is a way of validating the template data.
> For example, in the original case of file measurements, the template
> data contains the file hash, which can be recalculated or verified
> against an allow list.
> 
> Other than re-calculating the template data digest based on the
> template data, and verifying it against the template data digest in the
> measurement list, would an attestation server be able to verify the
> template data itself?
>
Yes.
In the context of device-mapper, EVENT_DATA for 'table_load' would
contain the key-value pairs for various targets in the table
(crypt, verity, integrity etc.) which the attestation servers
should be able to verify against the allowed/expected
key-value pairs specified in the attestation policy.

To avoid bloating the IMA log with same data from table_load again,
we only measure hash of the loaded table in the EVENT_DATA -
when there is a state change for DM device.
e.g. when EVENT_NAME is 'device_resume', 'table_clear',
'device_remove' etc.

Since the table clear-text is already present in the EVENT_DATA
buffer for 'table_load', and is available to attestation servers,
verifying the corresponding hash values in the
EVENT_DATA in the subsequent DM events should be possible for
the attestation servers.

Please let us know if you need further info.

Thanks,
Tushar

> thanks,
> 
> Mimi
>

More information about the dm-devel mailing list