lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fe77c42c-7a61-49ee-b729-abc87ae6e352@intel.com>
Date: Thu, 15 Feb 2024 18:05:03 -0800
From: "Xing, Cedric" <cedric.xing@...el.com>
To: Dan Williams <dan.j.williams@...el.com>, James Bottomley
	<James.Bottomley@...senpartnership.com>, Kuppuswamy Sathyanarayanan
	<sathyanarayanan.kuppuswamy@...ux.intel.com>, Dan Middleton
	<dan.middleton@...ux.intel.com>, Samuel Ortiz <sameo@...osinc.com>
CC: Qinkun Bao <qinkun@...gle.com>, "Yao, Jiewen" <jiewen.yao@...el.com>,
	Dionna Amalie Glaze <dionnaglaze@...gle.com>, <biao.lu@...el.com>,
	<linux-coco@...ts.linux.dev>, <linux-integrity@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH v2 0/4] tsm: Runtime measurement registers ABI

On 2/14/2024 10:14 PM, Dan Williams wrote:
> Xing, Cedric wrote:
>> On 2/13/2024 8:05 AM, James Bottomley wrote:
> [..]
>>> The TCG crypto agile log format is
>>>
>>>    index (32 bit),
>>>    event tag (32 bit),
>>>    digests array,
>>>    sized event entry (up to 4GB)
>>>
>>> So an IMA log entry can definitely be transformed into this format
>>> (providing someone agrees to the tag or set of tags).  The slight
>>> problem would be that none of the current IMA tools would understand
>>> it, but that could be solved over time (the kernel could use the TCG
>>> format internally but transform to the IMA format for the current
>>> securityfs IMA log).
>>>
>> Hi James,
>>
> [..]
>> Another problem of CEL is that NOT every byte of an event is
>> hashed/extended. CEL spec has defined for each "content_type" the subset
>> of bytes to hash, so a verifier must understand ALL content types to be
>> able to verify the integrity of a log. In other words, the integrity of
>> a "systemd" log can never be verified by a CEL conformant verifier.
> 
> Wait, James said, "crypto agile log format", not CEL. Crypto agile log
> format looks more generic, no "recnum" for example.
> 
If I'm not mistaken, "crypto agile log" refers to the same format as 
"TCG2 log". It's "crypto agile" because it allows a plurality of hash 
algorithms/digests (specified in the "digests" array) to be extended to 
one PCR - each algorithm supported is called a "bank" of the PCR.

CEL is also "crypto agile". I'm not familiar with its history but it 
seems emerged after the TCG2 log format, as CEL's information model is a 
superset of TCG2's. Specifically, CEL's information model covers 3 
applications - "CEL management" (owned by TCG/CEL), "PC Client STD" 
(owned by TCG PC Client WG and equivalent to TCG2 log), and IMA. 
Supporting any new applications would require expanding CEL's 
information model - i.e., by changing the CEL spec.

> [..]
>>>> IMHO, we don't have to follow TCG2 format..
> [..]
>>> https://xkcd.com/927/
>>>
>> That is funny :-D
>>
>> I can't agree more, so "no log" I think is always an option.
> 
> So to me, "no log" means that instead of going from 14 standards going
> to 15, the kernel is saying "whee, infinite userspace log formats!", an
> abdication of its role to support a stable application ABI.
> 
If we look at how CEL is defined, it separates information model from 
encoding. Information models have to be contextualized within specific 
applications, but encodings don't. The reason for 14 standards is 
because there are 14 different applications. The 15th may be able to 
combine the existing 14 into a single one, but probably cannot 
accommodate the 16th.

So I think the only practical approach is to abandon the information 
model and focus on the encoding only. For example, JSON is just a set of 
encoding rules without an information model, hence can serialize data 
for all applications.

Coming back to the TSM log, the real question is: Can we just specify 
the encoding without an information model? The answer is yes and no. The 
kernel does need to know something, such as what to log, what to hash, 
and extend to which MR, but does NOT need to understand anything else 
about the event. So a potential ABI definition could be:
   - Take the MR index and an *encoded* log entry as parameters from 
user mode.
   - Hash the whole entry as-is using the same algorithm as used in MR 
extension, and extend the resulted digest to the specified MR.
   - Append the whole entry as-is to the log file.

The key difference between the aforementioned and CEL is that the former 
takes the *encoded* log entry as a single input to alleviate the kernel 
from the necessity of comprehending the logger's information model.

> The job here to define a kernel de-facto standard for the tags that this
> configs implementation of a cryto agile log emits, right? As James says:
> 
> "(providing someone agrees to the tag or set of tags)"

I don't think we should define any tags because that can only be done 
for existing applications but can never address the needs of future 
applications.

We don't have to maintain a log. The existing TPM module doesn't 
maintain a log either. systemd on the other hand is an example of 
keeping measurement logs in user mode.

But if we agree that a log is indeed necessary, I'd recommend the 
aforementioned approach. We can then focus discussions on the options 
for encoding log entries.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ