[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fe77c42c-7a61-49ee-b729-abc87ae6e352@intel.com>
Date: Thu, 15 Feb 2024 18:05:03 -0800
From: "Xing, Cedric" <cedric.xing@...el.com>
To: Dan Williams <dan.j.williams@...el.com>, James Bottomley
<James.Bottomley@...senpartnership.com>, Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>, Dan Middleton
<dan.middleton@...ux.intel.com>, Samuel Ortiz <sameo@...osinc.com>
CC: Qinkun Bao <qinkun@...gle.com>, "Yao, Jiewen" <jiewen.yao@...el.com>,
Dionna Amalie Glaze <dionnaglaze@...gle.com>, <biao.lu@...el.com>,
<linux-coco@...ts.linux.dev>, <linux-integrity@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH v2 0/4] tsm: Runtime measurement registers ABI
On 2/14/2024 10:14 PM, Dan Williams wrote:
> Xing, Cedric wrote:
>> On 2/13/2024 8:05 AM, James Bottomley wrote:
> [..]
>>> The TCG crypto agile log format is
>>>
>>> index (32 bit),
>>> event tag (32 bit),
>>> digests array,
>>> sized event entry (up to 4GB)
>>>
>>> So an IMA log entry can definitely be transformed into this format
>>> (providing someone agrees to the tag or set of tags). The slight
>>> problem would be that none of the current IMA tools would understand
>>> it, but that could be solved over time (the kernel could use the TCG
>>> format internally but transform to the IMA format for the current
>>> securityfs IMA log).
>>>
>> Hi James,
>>
> [..]
>> Another problem of CEL is that NOT every byte of an event is
>> hashed/extended. CEL spec has defined for each "content_type" the subset
>> of bytes to hash, so a verifier must understand ALL content types to be
>> able to verify the integrity of a log. In other words, the integrity of
>> a "systemd" log can never be verified by a CEL conformant verifier.
>
> Wait, James said, "crypto agile log format", not CEL. Crypto agile log
> format looks more generic, no "recnum" for example.
>
If I'm not mistaken, "crypto agile log" refers to the same format as
"TCG2 log". It's "crypto agile" because it allows a plurality of hash
algorithms/digests (specified in the "digests" array) to be extended to
one PCR - each algorithm supported is called a "bank" of the PCR.
CEL is also "crypto agile". I'm not familiar with its history but it
seems emerged after the TCG2 log format, as CEL's information model is a
superset of TCG2's. Specifically, CEL's information model covers 3
applications - "CEL management" (owned by TCG/CEL), "PC Client STD"
(owned by TCG PC Client WG and equivalent to TCG2 log), and IMA.
Supporting any new applications would require expanding CEL's
information model - i.e., by changing the CEL spec.
> [..]
>>>> IMHO, we don't have to follow TCG2 format..
> [..]
>>> https://xkcd.com/927/
>>>
>> That is funny :-D
>>
>> I can't agree more, so "no log" I think is always an option.
>
> So to me, "no log" means that instead of going from 14 standards going
> to 15, the kernel is saying "whee, infinite userspace log formats!", an
> abdication of its role to support a stable application ABI.
>
If we look at how CEL is defined, it separates information model from
encoding. Information models have to be contextualized within specific
applications, but encodings don't. The reason for 14 standards is
because there are 14 different applications. The 15th may be able to
combine the existing 14 into a single one, but probably cannot
accommodate the 16th.
So I think the only practical approach is to abandon the information
model and focus on the encoding only. For example, JSON is just a set of
encoding rules without an information model, hence can serialize data
for all applications.
Coming back to the TSM log, the real question is: Can we just specify
the encoding without an information model? The answer is yes and no. The
kernel does need to know something, such as what to log, what to hash,
and extend to which MR, but does NOT need to understand anything else
about the event. So a potential ABI definition could be:
- Take the MR index and an *encoded* log entry as parameters from
user mode.
- Hash the whole entry as-is using the same algorithm as used in MR
extension, and extend the resulted digest to the specified MR.
- Append the whole entry as-is to the log file.
The key difference between the aforementioned and CEL is that the former
takes the *encoded* log entry as a single input to alleviate the kernel
from the necessity of comprehending the logger's information model.
> The job here to define a kernel de-facto standard for the tags that this
> configs implementation of a cryto agile log emits, right? As James says:
>
> "(providing someone agrees to the tag or set of tags)"
I don't think we should define any tags because that can only be done
for existing applications but can never address the needs of future
applications.
We don't have to maintain a log. The existing TPM module doesn't
maintain a log either. systemd on the other hand is an example of
keeping measurement logs in user mode.
But if we agree that a log is indeed necessary, I'd recommend the
aforementioned approach. We can then focus discussions on the options
for encoding log entries.
Powered by blists - more mailing lists