Support linux userspace eventlog #360
Comments
|
Thanks for bringing this to our attention! This would be a useful thing to have in the library. Unfortunately, I don't think it's as simple as merging the two event logs, since the formats are different. The one at Another thing is that parsePCClientEventLog will need updates to understand the validated systemd event log's events for them to be useful (i.e., writing a parser for the events and introducing a new field to MachineState). Otherwise, the events will be placed in RawEvents and your application will need to interpret them. I don't think we have bandwidth anytime soon to pick this up, but I would be happy to review any code associated with the systemd format. The high level approach we have taken is to separate the parsing of different event logs and merge the MachineState protos. This does assume the MachineState sub-fields are orthogonal in which PCRs they map to, which they appear to be at the moment. Note we have already used the |
Systemd measures into various PCRs from userspace.
An up to date list can be found here.
Interesting entries are those marked as
Userspace.For some time, those measurements were not logged into any eventlog, making it cumbersome to use new systemd versions with go-tpm-tools since the eventlog would not match up with the actual measurements in the PCRs. However, they recently decided to log measurments to a separate eventlog with a similar but slightly different format to what is used in the UEFI boot phase (different location, json encoded).
The implementation can be found here: systemd/systemd#29004
My proposal is that go-tpm-tools could combine the uefi tpm eventlog from
/sys/kernel/security/tpm0/binary_bios_measurementswith the userspace eventlog in/var/log/systemd/tpm2-measure.logwhen reading the eventlog.This would allow
parsePCClientEventLogto succeed with newer versions of systemd.The text was updated successfully, but these errors were encountered: