Instead of reading the TPM 1.2 PCRs one at a time, opening and closing
the securityfs file each time, read all of PCRs at once.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
An IMA measurement list may not contain "ima" and other template
formats. Fail verifying the ima_measurement test.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Instead of just calculating the "boot_aggregate" based on the current
TPM PCRs, the original LTP and standalone ima_boot_aggregate test walked
the TPM 1.2 event log, calculating the PCRs.
If the TPM 1.2 event log is provided as an option on the "evmctl
ima_boot_aggregate" command, read the event log, calculate the sha1
PCRs, and calculate the "boot_aggregate" based on these PCRs.
The code for walking the IMA measurement list is based on the LTP and
standalone ima_boot_aggregate tests. Similar support for reading the
TPM 2.0 event log to calculate the PCRs requires the TPM 2.0 event log
to be exported or a TSS to read the event log. Parsing the TPM 2.0
event log is not supported here.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The original "ima" template digest included just a SHA1 file data hash
and a fixed 255 character pathname in the hash calculation. Two main
differences exist between the "ima" template and other template formats.
The other template data formats are prefixed with the template data
length and each field is prefixed with the field length,
These differences simplify verifying the other template formats against
the TPM PCRs without necessarily understanding each and every template
field.
Support for the original "ima" templat formate is based on the original
LTP and IMA standalone versions.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Validating a TPM quote of PCR-10, the default IMA PCR, requires not only
sending the quote to the verifier, but the IMA measurement list as well.
The attestation server can verify the IMA measurement list simply by
walking the measurement list and re-calculating the PCRs based on the
template data digest. In addition, the attestation server could verify
the template data digest based on the template data.
The LTP and standalone "ima_measure" test optionally verify the template
data digest. Similarly add "--verify" support to conditionally verify
the template data digest against the template data.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
File time of measure, time of use (ToMToU) violations are annotated in
the measurement list by including a template data digest of zeroes, but
extending the TPM with 0xFF's. This causes validating the measurement
against the TPM PCRs to fail. To validate the measurement list against
the PCRs requires replacing the zero template data digest with OxFF's.
The default behavior, unless specifically requested, should be to fail
the measurement list verification. Support validating the measurement
list based on a "--validate" option.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The template data digest for file measurement time of measure, time of
use (ToMToU) violations is zero. Don't calculate the template data
digest for the different banks.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
SM3 was published by State Encryption Management Bureau, China.
It has been well supported in the kernel and openssl.
This patch allows SM3 to be used smoothly by specifying the
parameter `-a sm3` or `--hashalgo sm3`.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Use enum type instead of hard-coded numbers to improve code readability.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Even if imaevm_get_hash_algo() returns an error value of -1, it is
forced to be converted to uint8_t type here, resulting in this error
not being checked by the if condition. This patch fixes this error.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
boot_aggregate test make use of a software TPM 2.0 in case it doesn't find
any /dev/tpm0 in the system or if the test is ran as a normal user. However,
when the system has a discrete TPM 1.2 and the user runs the test with a
non-root user evmctl fails to return the software TPM 2.0 boot aggregate
value because it tries to access TPM 1.2 the sysfs PCRs file and,
consequently, the test fails. Thus TPM 2.0 log test is not supported on
systems with a discrete TPM 1.2
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
as some errors are using it, e.g. in previous fix
just errno would be printed:
./src/evmctl ima_boot_aggregate
Failed to read any TPM PCRs
errno: No such file or directory (2)
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Searching for the last "boot_aggregate" record in the measurement list
could inadvertently match a filename containing the string
"boot_aggregate". Prevent this from happening.
Reviewed-by: Bruno Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
display_pcrs() should include PCRS 8 - 9 as they are non-zeros on some
systems. boot_aggregate may span PCRs 0 - 9 so check()'s info message
should be fixed accordingly.
Signed-off-by: Maurizio Drocco <maurizio.drocco@ibm.com>
Use the "functions.sh" tty color scheme, which defines SKIP as CYAN.
FAILURE: RED (31)
SUCCESS: GREEN (32)
SKIP: CYAN (36)
Should VERBOSE or informational messages be color coded?
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
For each kexec, an additional "boot_aggregate" will appear in the
measurement list, assuming the previous measurement list is carried
across kexec.
Verify that the last "boot_aggregate" record in the IMA measurement list
matches. The "boot_aggregate" is either the last field (e.g. "ima-ng")
or the second to last field (e.g. "ima-sig") in the measurement list
record.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Calculate the boot_aggregate for each TPM bank and verify that the
boot_aggregate in the IMA measurement list matches one of them.
A software TPM may be used to verify the boot_aggregate. If a
software TPM is not already running on the system, this test
starts one and initializes the TPM PCR banks by walking the sample
binary_bios_measurements event log, included in this directory, and
extending the TPM PCRs. The associated ascii_runtime_measurements
for verifying the calculated boot_aggregate is included in this
directory as well.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Instead of emitting the per TPM PCR bank "boot_aggregate" values one
at a time, store them in a buffer and emit them all at once.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Run `make check' to execute the tests.
This commit only adds ima_hash test.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The IMA measurement list boot_aggregate is the link between the preboot
event log and the IMA measurement list. Read and calculate all the
possible per TPM bank boot_aggregate digests based on PCRs 0 - 7.
Reading the TPM PCRs requires root permission, unless access to the
device (/dev/tpm0 or /dev/tpmrm0) has been granted.
Prior to calculating the boot_aggregate, the TPM PCRs themselves should
be validated by walking the TPM event log and re-calculating the PCRs.
(Such a test should be included as part of the TSS regression testsuites.)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This patch makes it possible to use the Intel TSS2 for getting
PCR values from the SHA1/SHA256 banks on a TPM2.
It is somewhat naive as it doesn't use the multi-PCR selection
that TSS2 is capable of, that is for a future patch.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
[zohar@linux.ibm.com: added missing "stdint.h" in pcr_tsspcrread.c]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Now that read_tpm_banks() reads the TPM 1.2 PCRs, remove the TPM 1.2
specific code for reading and verifying the SHA1 PCRs.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Extend read_tpm_banks() to support TPM 1.2, by reading TPM 1.2 SHA1 PCRs
into the first bank and mark the other banks as disabled.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
After walking the measurement list, re-calculating and extending the TPM
PCRs with the appropriate template digest for each bank, compare the
re-calculated PCR values for each TPM bank with the actual TPM values.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
tpm2_read_pcrs() reads the sha1 PCRs in order to verify the measurmeent
list. This patch adds support for reading other TPM banks.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
IMA currently extends the different TPM banks by padding/truncating the
SHA1 template digest. Although the IMA measurement list only includes
the SHA1 template digest, the template digest could be re-calculated
properly for each bank.
This patch adds support for properly calculating the template hash for
multiple TPM banks - "sha1" and "sha256".
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Opening a file for write when it is already opened for read, results in
a time of measure, time of use (ToMToU) error. Similarly, when opening
a file for read, when it is already opened for write, results in a file
measurement error. These violations are flagged by including 0x00's as
the template digest in the measurement list, but extending the TPM with
0xFF's.
In preparation of extending the TPM banks with bank specific digest
values, increase the "zero" and "fox" variable sizes.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The TPM spec differentiates between an unknown bank and an unallocated
bank. In terms of re-calculating the PCR, treat them as equivalent.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Change main() return code from -1 to 125 as -1 is not really valid exit
code. 125 is choosen because exit codes for signals start from 126.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Previously for EVM verify you should specify `--hashalgo' option while
for IMA ima_verify you didn't.
Allow EVM verify to determine hash algo from signature.
Also, this makes two previously static functions to become exportable
and renamed:
get_hash_algo_from_sig -> imaevm_hash_algo_from_sig
get_hash_algo_by_id -> imaevm_hash_algo_by_id
This is needed because EVM hash is calculated (in calc_evm_hash) outside
of library.
imaevm_hash_algo_by_id() will now return NULL if algo is not found.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If user wants to verify v1 signature and specify RSA public key in `-k'
option, this key will be attempted to be loaded as x509 certificate and
this process will output errors.
Do not load a key as a x509 cert if user pass `--rsa'.
This is not perfect solution. As now it's possible to specify `-k' and
`--rsa' and v2 signatures will not verify, because of no keys.
This improvement is not added into ima_measurement().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If any tested file results in failure produce failure exit code.
Previously exit code affected only by the last file tested.
Fixes: "Allow multiple files in ima_verify"
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
OPENSSL_init_crypto() was introduced in version 1.1. When using an
older version of openssl, don't call OPENSSL_init_crypto. Partially
revert commit 782224f33cd7 ("ima-evm-utils: Rework openssl init").
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Two chars were left in a AC_DEFINE() in configure.ac, leading to an error
message during ./configure call:
checking for tsspcrread... yes
./configure: line 9894: ],: command not found
Signed-off-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Updated both the release and library (ABI change) versions. See the
"Changelog" for a short list of the new features, bug fixes, and code
cleanup.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Make sign_hash_v1(), sign_hash_v2(), get_hash_algo_by_id, and
pkey_hash_algo[] and pkey_hash_algo_kern[] static.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Prefix `dump', `do_dump', and `params' with `imaevm_' to avoid colliding
with other global symbols.
Also, rename `libevm_' to `libimaevm_`, only used with `params'.
Additionally, rename `dump' into `hexdump'.
Finally, rename `get_hash_algo' to `imaevm_get_hash_algo' as suggested by
Mimi Zohar.
Lines that became too long are split, indent corrected. No code changes.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Falling back and permissiveness could have security implications.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The kernel does not expose the crypto agile TPM 2.0 PCR banks to
userspace like it exposes PCRs for TPM 1.2. As a result, a userspace
application is required to read PCRs.
This patch adds tsspcrread support for reading the TPM 2.0 PCRs.
tsspcrread is one application included in the ibmtss package.
Sample error messages:
Failed to read PCRs: (tsspcrread failed: No such file or directory)
Failed to read PCRs: (TSS_Dev_Open: Error opening /dev/tpmrm0)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
ERR_load_crypto_strings() is already called in other place.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Each tima a new unknown key is encountered, emit a message of the format
"key #: <keyid> (unknown keyid)". The individual files using unknown
keys are then only logged in verbose mode. Also update the message
emitted to be consistent with other "verification failed" messages.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Changlog:
- Incorporated Vitaly's fix to prevent a null dereference in `tail->next`
