I don't think IMA was designed to be deterministic. And I think
you should not rely on
the TPM PCR 10 value being in an specific state for e.g. secret sealing.
The reason is the asynchronous nature of the OS. Things happens when they are ready, and
IMA measures them as they are requested.
Sure. I agree with you.
I think the sole purpose of the IMA Measurement and the TPM PCR 10 extension is to
the hardware root of trust to the user space, and have user space remote attestation
capabilities. For this, you need the IMA Measurement Log, and check that the quoted PCR
value matches the aggregated digest calculated from IMA Measurement Log.
You could reduce the IMA Measurement policy to a very reduced set of user files, like
measuring the Kernel Modules for example, but that will imply not measuring important
parts of the Trusted Computing Base.
Could you expand on the reason to the a deterministic PCR 10?
My main goal is to attest the state of a VM. I was thinking in booting a fresh installed
Ubuntu, and add some application to run after boot. I am trying to prove this application
runs in an incorrupt VM.
At first, I would get the digest of PCR10, and would consider this hash as the unique
acceptable hash for considering my VM healthy. I would use this value for remote
attestation purposes. But, as you mentioned, the indeterminism of programs' execution
order makes this strategy unfeasible.
I'm considering only PCR10 because I know that PCRs 0-7 are hashed to a boot agregate,
which is the first line of the measurements file. Thus, somehow, PCRs 0-7 are directly
bound to PCR10.
As you said, reducing the IMA Measurement policy to measure less files reduces the
security surface. I won't follow this path.
So, I think your idea would be sending the IMA Measurement Log along with the quote. If
the quote is can be verified and matches with IMA digest, then, the second step would be
to check the hashes of each file separately. If all files have the expected hash, then I
have a healthy state...
Did I get it right?
Thanks, Nicolas, for your comments.