violations and invalidated PCR value

All of lore.kernel.org
 help / color / mirror / Atom feed

* violations and invalidated PCR value
@ 2018-06-05 21:22 Magalhaes, Guilherme (Brazil R&D-CL)
  2018-06-06 14:28 ` Mimi Zohar
  0 siblings, 1 reply; 2+ messages in thread
From: Magalhaes, Guilherme (Brazil R&D-CL) @ 2018-06-05 21:22 UTC (permalink / raw)
  To: linux-integrity@vger.kernel.org

Hi Mimi,
I am trying to understand why violations (tomtou, open writers) cause 
the aggregated PCR value to be invalidated. 

Invalidating the PCR makes clear the file measurement errors, but once 
violations are common (when using the (TCB) default policy) it seems 
difficult to perform a full attestation process if violations are not 
handled.

Is it safe to just report the violations and still perform a full attestation 
of the log by replacing zeroed digest with ff..ff? I believe we can safely 
detect a violation entry in the log by checking the hash values are zeroes. 
Please confirm.

Thank you.
--
Guilherme

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: violations and invalidated PCR value
  2018-06-05 21:22 violations and invalidated PCR value Magalhaes, Guilherme (Brazil R&D-CL)
@ 2018-06-06 14:28 ` Mimi Zohar
  0 siblings, 0 replies; 2+ messages in thread
From: Mimi Zohar @ 2018-06-06 14:28 UTC (permalink / raw)
  To: Magalhaes, Guilherme (Brazil R&D-CL),
	linux-integrity@vger.kernel.org

Hi Guilherme,

On Tue, 2018-06-05 at 21:22 +0000, Magalhaes, Guilherme (Brazil R&D-
CL) wrote:
> Hi Mimi,
> I am trying to understand why violations (tomtou, open writers) cause 
> the aggregated PCR value to be invalidated. 
> 
> Invalidating the PCR makes clear the file measurement errors, but once 
> violations are common (when using the (TCB) default policy) it seems 
> difficult to perform a full attestation process if violations are not 
> handled.
> 
> Is it safe to just report the violations and still perform a full attestation 
> of the log by replacing zeroed digest with ff..ff? I believe we can safely 
> detect a violation entry in the log by checking the hash values are zeroes. 
> Please confirm.

It's not clear if you're asking what your attestation server should
being do or suggesting that the kernel should not invalidate the PCR.

The builtin policies are loaded before the LSM policies. As a result,
they can not be defined in terms of LSM labels.  The builtin policies
can be replaced at run time with a policy based on LSM labels (eg. log
files), which should limit a number of these violations.

Someone should go through the remaining violations to determine if
they're benign, expected or not.  Some applications unnecessarily open
files rw.  Fix those applications.  Identify those violations which
are acceptable.  Only then can the attestation server safely know how
to handle violations, whether it is safe to replace the 0x00's with
0xff's.

Mimi

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-06-06 14:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-06-05 21:22 violations and invalidated PCR value Magalhaes, Guilherme (Brazil R&D-CL)
2018-06-06 14:28 ` Mimi Zohar

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.