James Morris <jmorris@private> wrote on 05/23/2005 07:59:09 PM: > On Mon, 23 May 2005, Reiner Sailer wrote: > > > > It seems to me that the mechanism is sound... it does what the docs > > > says. Another questions is "is it usefull"? > > > > > > Pavel > > > > > > > We implemented some exemplary IMA-applications. If you like, visit our > > project page and check out the references: > > http://www.research.ibm.com/secure_systems_department/projects/tcglinux/ > > There you also find a complete measurement list and a response of a measured > > system replying to an authorized remote measurement-list-request. > > How did you retrieve the TPM-aggregate? We use the general TPM interface and a TPM library that IBM open-sourced in the "early times of TPM". Today, the there is also the TrouSerS open-source (sorceforge) stack that can be used to retrieve a quote. Other libraries are certainly available as well. Any implementation offering TPM-Spec quote function can be used. > I'm still not sure why exporting just the kernel measurement values via > proc is useful. It is useful in practice because once the system is up and running, the measurement list grows very slowly. Thus, retrieving the measurements separately from the signature did not result in sync problems (measurements being added between retrieving the signature and retrieving the measurement list). We did not have a single case where we run into the problem but one can construct system loads that might trigger an async between the retrievals. In this case, one can adjust the measurement list (skip entries added after the TPM signature was created) if you first retrieve the TPM signature and then the measurement list. You'll discover the last signed measurement entries by recalculating the signed aggregate. > Wouldn't you need to retrieve the measurement list atomically with the > TPM-aggregate? You can do this atomically but then you need to implement the quote functionality in the kernel when retrieving the list or you need to develop a quote* TPM command that includes the measurement list with the signature blob (non-TPM-spec conform). We chose to go with the original Quote (TPM signature) and keep the defined TPM interface, since we preferred keeping existing interfaces until we encounter problems. > In which case, we'd need an interface which takes a nonce and returns the > kernel measurement list and the TPM-aggregate together. > Is the source of your example IMA attestation application available? This application is not available at this time. However, its major building blocks are almost all open-source (TSS stack, TPM kernel driver, IMA). The rest is mainly communication infrastructure and building SHA1-databases to compare measurements against expected and known measurements. > > - James > -- > James Morris > <jmorris@private> > > > The point you are making is a good one. We implemented a trade-off and if users of IMA suggest that the trade-off towards compatibility is leading to problems, it is worth to re-evaluate this trade-off and create an atomic function. Thanks. Reiner
This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 11:06:59 PDT