从 ASCII 测量值重建 PCR 寄存器

问题描述 投票:0回答:1

我有简单的 Linux IMA 测量,我正在尝试重建 PCR 寄存器以进行远程验证。

10 4347bff321748edf90d2dc40edaa1b54c7eaaa16 ima-ng sha256:de2e7b1bc7a2aed4e5866d3655d1041206c27caf376ee81bfc4012e8225e0e7c /usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt
10 cfa34f58e8319181173d9b9f6345aa3a367702d3 ima-ng sha256:7aa7e87cb29fb7303d8d2402c98b3855b45859640211773c279f0c046e2071c6 /usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt
10 7dd199a752c6484ee8d3c11337dcd8b49f82fa6e ima-ng sha256:05161ad2ac04a0df956ef803e127aa877cc5131e0a727ed8e5de43f02e8868c4 /usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt
10 e9edbe721d1e0c27163c79378a6867a4d4a36ffd ima-ng sha256:2b0b73d3dc775b865bd38a4400bf5020b3c1df3ccb171db98bfcaafed8a49470 /home/verifier/code_examples/cpp-examples/.git/config
10 e5ce41ea6573d2744fb325613c2c8c4ad9b7190b ima-ng sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 /home/verifier/code_examples/cpp-examples/.git/objects/pack/tmp_pack_qM1wJZ
10 0000000000000000000000000000000000000000 ima-ng sha256:0000000000000000000000000000000000000000000000000000000000000000 /home/verifier/code_examples/cpp-examples/.git/objects/pack/tmp_pack_qM1wJZ
10 0000000000000000000000000000000000000000 ima-ng sha256:0000000000000000000000000000000000000000000000000000000000000000 /home/verifier/code_examples/cpp-examples/.git/objects/pack/tmp_pack_qM1wJZ
10 0000000000000000000000000000000000000000 ima-ng sha256:0000000000000000000000000000000000000000000000000000000000000000 /home/verifier/code_examples/cpp-examples/.git/objects/pack/tmp_pack_qM1wJZ
10 bd22836913d6df07e8467fd64c58f02473203884 ima-ng sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 /home/verifier/code_examples/cpp-examples/.git/objects/pack/tmp_idx_3tSjWT
10 65a631f51219253d424893ef413f1064bb347b05 ima-ng sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 /home/verifier/code_examples/cpp-examples/.git/objects/pack/pack-b1d33a47772de5cd9a6ba6149ded5aa281790754.keep

我知道PCR寄存器将通过以下方式扩展:PCR := SHA1(PCR || data),即“将PCR的旧值与数据连接起来,对连接的字符串进行散列并将散列存储在PCR中”。 但正如我们所看到的,这些测量日志的一些模板哈希是 

0000000000000000000000000000000000000000
。 IMA 如何处理此类测量?

我已经尝试过这些方法,但没有一个有效,并且我无法正确重建最终的 PCR 值。

  1. 0000000000000000000000000000000000000000
    扩展到 pcr 值。
  2. 跳过它们。
  3. 手动计算数据的 SHA1 模板哈希并扩展值。

使用 

0000000000000000000000000000000000000000
template-hash

重建 PCR 寄存器
linux sha1 tpm trust trusted-computing
1个回答
0
投票

日志中的所有零都会导致所有的都被扩展。

我这里有初步文档:

https://ima-doc.readthedocs.io/en/latest/event-log-format.html#pcr-extend-type-1-zero-pad

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.