1 of 9

Linux ABI for RTMR

2 of 9

Background

RTMR Linux patchset v2

Digest based RTMR extension ABI

TODO: “Event log support”

3 of 9

RTMR Event Log

Replacement for the digest based ABI

Provide an RTMR events log to verifiers

Opens:

  • Input ABI - Userspace input to extend an event into an RTMR
  • Output ABI - The kernel formatted event log

4 of 9

Option #1

Simplified TCG_PCR_EVENT2 (a.k.a. crypto agile)

write() to config/tsm/rtmrs/rtmrN/event:

RTMR Index

Event Type

Event Data

Single Digest

Event Size

RTMR Index

Event Type

Event Data

Single Digest

Event Size

RTMR Index

Event Type

Event Data

Single Digest

Event Size

TCG Event

TCG Compatible Event Log

TCG Event Type

Event Data pointer

Event Size

Input

hash

read() from config/tsm/rtmrs/event_log

RTMR

RTMR

RTMR

RTMR

extend

Kernel

Output

5 of 9

Option #1

  • Well known format, existing tooling
  • Kernel to handle all TCG event types
    • Restricted set of event type? (EVENT_TAG, NO_ACTION)
  • Only the digest is trusted

6 of 9

Option #2 - TCG Canonical Event Log

  • Latest TCG Event Log format specification
    • Kind of a formalization of EV_EVENT_TAG
  • Designed for supporting multiple attesters (BIOS, IMA, CEL, etc).
  • CONTENT_TYPE describes the semantics of the Event Content (TCG_PC, IMA, CEL, etc).
  • CONTENT_TYPE defines which parts of the Event Content gets hashed.
  • The CEL spec defines which CONTENT_TYPE values are valid

7 of 9

Option #2

Raw Event - Native, application specific format

write() to config/tsm/rtmrs/rtmrN/event:

TCG CEL Record

(CELR)

TCG Canonical Event Log

(CEL)

Event Data pointer

Event Size

hash

read() from config/tsm/rtmrs/event_log

RTMR

RTMR

RTMR

RTMR

extend

Kernel

Record Number

RTMR Index

Single Digest

LinuxTSM

L

Event

Record Number

RTMR Index

Single Digest

LinuxTSM

Event

Record Number

RTMR Index

Single Digest

LinuxTSM

Event

Input

Output

Same content type for all CELRs

8 of 9

Option #2

  • Native Event Log (NEL) centric
  • The entire event is trusted
  • Add “LinuxTSM” to the TCG CEL spec
  • Event data becomes Linux TSM specific
    • Distinction between measured and non measured events
    • Prefixed with attester type (e.g. CC)

9 of 9

Glossary

Event: Executable, data or action that may affect the system’s trust state.

Measurement: A deterministic representation of an Event, typically a hash/digest.

Attester: The entity that generates measurements and eventually sends an attestation evidence, together with the Event log. Typically an application

TPM PCR: Platform Configuration Register, an integrity protected register on the TPM. Measurements are extended into PCRs.

RTMR: Runtime Measurement Register, similar to a PCR.

CEL: Canonical Event Log. A TCG specification.