Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

Hi Tyler, On Tue, 2021-01-12 at 09:35 -0600, Tyler Hicks wrote: > On 2020-12-14 10:42:24, Tyler Hicks wrote: > > On 2020-12-11 06:01:54, Mimi Zohar wrote: > > > On Thu, 2020-12-10 at 21:10 -0600, Tyler Hicks wrote: > > > > On 2020-11-29 08:17:38, Mimi Zohar wrote: > > > > > Hi Sasha, > > > > > >

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On 2020-12-14 10:42:24, Tyler Hicks wrote: > On 2020-12-11 06:01:54, Mimi Zohar wrote: > > On Thu, 2020-12-10 at 21:10 -0600, Tyler Hicks wrote: > > > On 2020-11-29 08:17:38, Mimi Zohar wrote: > > > > Hi Sasha, > > > > > > > > On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: > > > > > On

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Mon, 2020-12-28 at 14:28 -0500, Ken Goldman wrote: > On 12/12/2020 9:22 PM, Mimi Zohar wrote: > > Ok. Going forward, it sounds like we need to define a new > > "boot_aggregate" record. One that contains a version number and PCR > > mask. > > Just BTW, there is a TCG standard for a TPM 2.0

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On 12/12/2020 9:22 PM, Mimi Zohar wrote: Ok. Going forward, it sounds like we need to define a new "boot_aggregate" record. One that contains a version number and PCR mask. Just BTW, there is a TCG standard for a TPM 2.0 PCR mask that works well. There is also a standard for an event log

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On 2020-12-11 06:01:54, Mimi Zohar wrote: > On Thu, 2020-12-10 at 21:10 -0600, Tyler Hicks wrote: > > On 2020-11-29 08:17:38, Mimi Zohar wrote: > > > Hi Sasha, > > > > > > On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: > > > > On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote: > >

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Fri, 2020-12-11 at 09:46 -0800, James Bottomley wrote: > On Fri, 2020-12-11 at 06:01 -0500, Mimi Zohar wrote: > > On Thu, 2020-12-10 at 21:10 -0600, Tyler Hicks wrote: > > > On 2020-11-29 08:17:38, Mimi Zohar wrote: > > > > Hi Sasha, > > > > > > > > On Wed, 2020-07-08 at 21:27 -0400, Sasha

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Fri, 2020-12-11 at 06:01 -0500, Mimi Zohar wrote: > On Thu, 2020-12-10 at 21:10 -0600, Tyler Hicks wrote: > > On 2020-11-29 08:17:38, Mimi Zohar wrote: > > > Hi Sasha, > > > > > > On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: > > > > On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Thu, 2020-12-10 at 21:10 -0600, Tyler Hicks wrote: > On 2020-11-29 08:17:38, Mimi Zohar wrote: > > Hi Sasha, > > > > On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: > > > On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote: > > > >Hi Sasha, > > > > > > > >On Wed, 2020-07-08 at

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On 2020-11-29 08:17:38, Mimi Zohar wrote: > Hi Sasha, > > On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: > > On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote: > > >Hi Sasha, > > > > > >On Wed, 2020-07-08 at 11:40 -0400, Sasha Levin wrote: > > >> From: Maurizio Drocco > > >> > >

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Mon, Nov 30, 2020 at 10:13:02PM -0500, Mimi Zohar wrote: On Mon, 2020-11-30 at 19:21 -0500, Sasha Levin wrote: On Sun, Nov 29, 2020 at 08:17:38AM -0500, Mimi Zohar wrote: >Hi Sasha, > >On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: >> On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Mon, 2020-11-30 at 19:21 -0500, Sasha Levin wrote: > On Sun, Nov 29, 2020 at 08:17:38AM -0500, Mimi Zohar wrote: > >Hi Sasha, > > > >On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: > >> On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote: > >> >Hi Sasha, > >> > > >> >On Wed,

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Sun, Nov 29, 2020 at 08:17:38AM -0500, Mimi Zohar wrote: Hi Sasha, On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote: >Hi Sasha, > >On Wed, 2020-07-08 at 11:40 -0400, Sasha Levin wrote: >> From: Maurizio Drocco >> >> [ Upstream

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

Hi Sasha, On Wed, 2020-07-08 at 21:27 -0400, Sasha Levin wrote: > On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote: > >Hi Sasha, > > > >On Wed, 2020-07-08 at 11:40 -0400, Sasha Levin wrote: > >> From: Maurizio Drocco > >> > >> [ Upstream commit 20c59ce010f84300f6c655d32db2610d3433f85c

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

On Wed, Jul 08, 2020 at 12:13:13PM -0400, Mimi Zohar wrote: Hi Sasha, On Wed, 2020-07-08 at 11:40 -0400, Sasha Levin wrote: From: Maurizio Drocco [ Upstream commit 20c59ce010f84300f6c655d32db2610d3433f85c ] Registers 8-9 are used to store measurements of the kernel and its command line

Re: [PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

Hi Sasha, On Wed, 2020-07-08 at 11:40 -0400, Sasha Levin wrote: > From: Maurizio Drocco > > [ Upstream commit 20c59ce010f84300f6c655d32db2610d3433f85c ] > > Registers 8-9 are used to store measurements of the kernel and its > command line (e.g., grub2 bootloader with tpm module enabled). IMA >

[PATCH AUTOSEL 5.7 03/30] ima: extend boot_aggregate with kernel measurements

From: Maurizio Drocco [ Upstream commit 20c59ce010f84300f6c655d32db2610d3433f85c ] Registers 8-9 are used to store measurements of the kernel and its command line (e.g., grub2 bootloader with tpm module enabled). IMA should include them in the boot aggregate. Registers 8-9 should be only