Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1501288ybl; Thu, 30 Jan 2020 00:42:56 -0800 (PST) X-Google-Smtp-Source: APXvYqzV6VBHaluT1iud41WpL0MKprsPnl7EYCPLLoqbsgHY1NjT4JtdCMHrfOkH39VvmBPtmCRm X-Received: by 2002:aca:33d5:: with SMTP id z204mr2055979oiz.120.1580373776546; Thu, 30 Jan 2020 00:42:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580373776; cv=none; d=google.com; s=arc-20160816; b=ID4+xIz5IXTOrfGzMJjkvq8Mq/RULRzNc6zbRQSwSW5zUNfBXNbS1ghh7l568nKPso Z3xPNxRGqywUdQ9mKeprpqrW6hpVBClxpYJ5edP8v3Li6mOvCR5UHYAF6kZhASeq0r6V FRFZ4MkVy1sRFDhprJoTivwuw8BQOwDGCemwqQsc2aDFJMlTeupm0hWSglHHrG77wU1P /nfo7aFyov2Uh87fSf7YnI8Mgvv7h6OZHgQO5v0SLs5H+1SGg78loXz3eUnR0wP1zC+p WR4x7VCXxWGnT45PFXIv/T3pnnUl5Xgoh0iPxxy11BO1HsWGn6tAs58W2GAGXNuYLnYl M9kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:reply-to:message-id:subject:cc:to:from:date; bh=ylVVr4Va7KAixi9pMOCkPqA7zebuDv/6sIRxojzkcsc=; b=JEzVLGVcs5KzeAaWCjLHTItl+NDSIlG0MbuNRMmB8ONmYPZDGvzJTOrDYN+58xFxPE QDg2LbxXe4oAIeOCAptiSNxus0GKCHzvBHCAQmTg17D5B5qi47TDrIUJMzV+NawAl/7r SZs8W2W7YhT3KL1JDP+ILdzXLXdQgQery94I3hVdqzMazuI7ZA4tIjquiIgZM97Ikorn FmWXea+WYpWCWTtkV+p9Eav0giY4gGBtiWoccv8tqJFE3IVblW8rrCEniJSCnNFXUIud 5Dr6Lrq8LeW88SDfNVQuBa11Qfp2GOIEM2blm/BOpzk0pzDmqoZZF2txkVipcJDAyCFG 9Qew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m14si2680961otr.131.2020.01.30.00.42.44; Thu, 30 Jan 2020 00:42:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726909AbgA3Ilr (ORCPT + 99 others); Thu, 30 Jan 2020 03:41:47 -0500 Received: from mx2.suse.de ([195.135.220.15]:52024 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726863AbgA3Ilr (ORCPT ); Thu, 30 Jan 2020 03:41:47 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 9A1C7AEC4; Thu, 30 Jan 2020 08:41:45 +0000 (UTC) Date: Thu, 30 Jan 2020 09:41:43 +0100 From: Petr Vorel To: Mimi Zohar Cc: Jerry Snitselaar , linux-integrity@vger.kernel.org, James Bottomley , linux-kernel@vger.kernel.org, Roberto Sassu Subject: Re: [PATCH 1/2] ima: use the IMA configured hash algo to calculate the boot aggregate Message-ID: <20200130084143.GA31906@dell5510> Reply-To: Petr Vorel References: <1580140919-6127-1-git-send-email-zohar@linux.ibm.com> <20200127204941.2ewman4y5nzvkjqe@cantor> <1580160699.5088.64.camel@linux.ibm.com> <20200129083034.GA387@dell5510> <1580338276.4790.8.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1580338276.4790.8.camel@linux.ibm.com> User-Agent: Mutt/1.12.2 (2019-09-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mimi, > > > The original LTP ima_boot_aggregate.c test needed to be updated to > > > support TPM 2.0 before this change. ?For TPM 2.0, the PCRs are not > > > exported. ?With this change, the kernel could be reading PCRs from a > > > TPM bank other than SHA1 and calculating the boot_aggregate based on a > > > different hash algorithm as well. ?I'm not sure how a remote verifier > > > would know which TPM bank was read, when calculating the boot- > > > aggregate. > > Mimi, do you plan to do update LTP test? > In order to test Roberto's patches that calculates and extends the > different TPM banks with the appropriate hashes, we'll need some test > to verify that it is working properly. ?As to whether this will be in > LTP or ima-evm-utils, I'm not sure. Sure, it's up to you where you place the test (if you plan to write it). BTW I see evmtest [1] haven't been merged yet into ima-evm-utils. What's blocking to merge them? (My objections to require bash shouldn't be the reason for not being merged.) I'd like to package them separately for developers to run them on SUT (unless they're meant to be running only during building package). Kind regards, Petr [1] https://patchwork.kernel.org/project/linux-integrity/list/?series=95303