Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752154AbdHIUfa (ORCPT ); Wed, 9 Aug 2017 16:35:30 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:46230 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751958AbdHIUf1 (ORCPT ); Wed, 9 Aug 2017 16:35:27 -0400 Subject: Re: [Linux-ima-devel] [PATCH 11/12] ima: don't report measurements if digests are included in the loaded lists To: linux-ima-devel@lists.sourceforge.net Cc: linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org References: <20170725154423.24845-1-roberto.sassu@huawei.com> <20170725154423.24845-12-roberto.sassu@huawei.com> From: Ken Goldman Date: Wed, 9 Aug 2017 16:36:01 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170725154423.24845-12-roberto.sassu@huawei.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 17080920-0052-0000-0000-0000024D35AF X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007514; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000219; SDB=6.00899965; UDB=6.00450514; IPR=6.00680170; BA=6.00005520; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016615; XFM=3.00000015; UTC=2017-08-09 20:35:25 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17080920-0053-0000-0000-0000519DF0F8 Message-Id: <96860a64-2ba1-d445-dd8e-08b131fe402b@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-08-09_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1708090323 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1286 Lines: 29 On 7/25/2017 11:44 AM, Roberto Sassu wrote: > Don't report measurements if the file digest has been included in > an uploaded digest list. > > The advantage of this solution is that the boot time overhead, when > a TPM is available, is very small because a PCR is extended only > for unknown files. The disadvantage is that verifiers do not know > anymore which and when files are accessed (they must assume that > the worst case happened, i.e. all files have been accessed). Am I reading this correctly that you want to measure certain files, but not ones that have been included in a "digest list", which sounds like a white list of sorts. If so, I have two concerns: 1 - How would the client get this digest list? Shouldn't it be up to the relying party to decide what is trusted and not trusted, not the client? What of the case with two different relying parties that have a different list of trusted applications? E.g., one trusts any version of program X, while the other trusts only version 3.1 and up? 2 - What about files on the digest list that were not run? The relying party may want to know if a program wasn't run? E.g., antivirus or a firewall. If the rule is "don't measure if it's on the digest list", how does the relying party know if it was run?