Linux Integrity Measurement Architecture (IMA)¶
- Table of contents
- Linux Integrity Measurement Architecture (IMA)
- Activate IMA in the Linux Kernel
- Configure the IMA Policy
- IMA-NG SHA-1 Measurement Log
- IMA-NG SHA-256 Measurment Log
- Activate the Trusted Platform Module (TPM)
- Set up a Privacy CA
- Set up the Attestation Client
- Set up the Attestation Server
- Collect File Measurement Reference Values
- Connection Setup
- IMA Measurements
Using Trusted Network Connect (TNC) via IKEv2 EAP-TTLS transport, a TNC Server can do a TPM-based remote attestation of the IMA measurement data collected on a Linux TNC Client.
Activate IMA in the Linux Kernel¶
Ubuntu 14.04 LTS is one of the few Linux distributions which have IMA capability already compiled into their Linux kernel (CONFIG_IMA=y). This has the advantage that no special kernel must be built which can become quite involved if you intend to use IMA in conjunction with Secure Boot requiring a signed kernel. With Ubuntu 14.04 LTS, activating IMA in the kernel is a piece of cake; just add the boot option ima_tcb to the /etc/default/grub configuration file
GRUB_CMDLINE_LINUX="ima_tcb"
and automatically generate an updated /boot/grub/grub.cfg file using the command
sudo update-grub
Since SHA-1 has been "shattered" we recommend to use SHA-256 for the file measurement hashes
GRUB_CMDLINE_LINUX="ima_tcb ima_hash=sha256"
although with the IMA implementation does not support SHA-256 PCR banks yet, so the SHA-256 file hashes are extended into SHA-1 PCR registers.
Configure the IMA Policy¶
The default IMA policy that is hard-coded into the kernel causes quite a lot of measurement violations which corrupt the content of the PCR10 register so that reliable remote attestation becomes impossible. The cause for the violations is the following default policy entry
measure func=FILE_CHECK mask=MAY_READ uid=0
which measures all files which are read by root. These are mainly configuration files, some of which seem to change during the actual measurement thus causing the violations. We want to overwrite the default IMA policy at the earliest possible boot stage which can be done by adding the following ima_policy script to the /etc/initramfs-tools/scripts/init-top/ directory
#!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case $1 in # get pre-requisites prereqs) prereqs exit 0 ;; esac # mount securityfs SECURITYFSDIR="/sys/kernel/security" mount -t securityfs securityfs ${SECURITYFSDIR} >/dev/null 2>&1 # set IMA policy cat << @EOF > ${SECURITYFSDIR}/ima/policy # PROC_SUPER_MAGIC dont_measure fsmagic=0x9fa0 # SYSFS_MAGIC dont_measure fsmagic=0x62656572 # DEBUGFS_MAGIC dont_measure fsmagic=0x64626720 # TMPFS_MAGIC dont_measure fsmagic=0x01021994 # RAMFS_MAGIC dont_measure fsmagic=0x858458f6 # SECURITYFS_MAGIC dont_measure fsmagic=0x73636673 # MEASUREMENTS measure func=BPRM_CHECK measure func=FILE_MMAP mask=MAY_EXEC measure func=MODULE_CHECK uid=0 @EOF
Make this script executable
sudo chmod a+x /etc/initramfs-tools/scripts/init-top/ima_policy
and include it in the initramfs of the latest kernel by executing
sudo update-initramfs -u
IMA-NG SHA-1 Measurement Log¶
With the updated /boot/grub/grub.cfg boot menu and /boot/initrd.img-3.13.0-xx-generic initramfs in place, you can reboot the Linux client and you should then be able to see the IMA-NG measurement log based on SHA-1 file measurement hashes
ls /sys/kernel/security/ima ascii_runtime_measurements binary_runtime_measurements runtime_measurements_count violations sudo cat /sys/kernel/security/ima/runtime_measurements_count 1271 sudo less /sys/kernel/security/ima/ascii_runtime_measurements 10 ef2be9c304d9bbbd8ecb40f0d296176d2b5d3078 ima-ng sha1:4663ed64e5dbbb9755a0914b1a15fa76a1797806 boot_aggregate 10 ef411bae164fd624ea94fc9ef82f892c82d78dcd ima-ng sha1:bbe98e20b850f3907611fb96354b5e007a9179f4 /init 10 bd32e452e14f84eb22d6ac9e9e1c61eeac3cd7a4 ima-ng sha1:dc3e621c72cde19593c42a7703e143fd3dad5320 /bin/sh 10 eefd4a6bebd6b001ff587c2335a3dd03535d5a17 ima-ng sha1:d11ce2e31ab441be705df3061a3d6fb7e41a504e /lib64/ld-linux-x86-64.so.2 10 8e8844cba6dc9df17c6980122890487f818e4b28 ima-ng sha1:34efdbd6d562ac04f7e02195022c3f65f7553bd2 /etc/ld.so.cache 10 1f60da15c941fe25a18ee4e8378f0bf3b447a0ab ima-ng sha1:65228a2bbff8ca52d2040ac55499b348f648cc81 /lib/x86_64-linux-gnu/libc.so.6 10 223eb68bfb9f72922506747d3bc4dd76d813b5da ima-ng sha1:65030975e1f3887efd00fbb568f00409b7c256d0 /conf/arch.conf 10 f548183aeb29921c995b625a93c4acd3ef7faaec ima-ng sha1:feb140057713c4f1e383d79b71f6efdafbed7476 /conf/initramfs.conf 10 de528d81c1c203a597c313f54bbe45d54fd0cc18 ima-ng sha1:2231aa397f5b6327973d8fcaf540735fd1e39496 /conf/conf.d/resume 10 cf9a07066457e26219a6f345957a727b07096d8b ima-ng sha1:2199e965dcc97c6814b78528e5a5e690a29c0fd5 /scripts/functions 10 246635237cb7beaec50809203292f8623db6a83f ima-ng sha1:c7c7f8b3ae433ebe08189f143840f737d7711936 /scripts/init-top/ORDER 10 d0dc06f1a392d4505448572cd520b1ba6e53ff14 ima-ng sha1:4975101256fea3bf1e9a6a9ea5a4d97947f4097d /scripts/init-top/all_generic_ide 10 e2aab17444614530ec77595ef3f361bb00490100 ima-ng sha1:76dfee4b97d5327820a87ad4ec99a132a5f32cca /scripts/init-top/blacklist 10 a3dd75cea37a4330c6abefdeaa291feace1ee3a4 ima-ng sha1:869c43fa9e2c561d612c657ff45eb743beadc873 /scripts/init-top/ima_policy 10 465108cd35c590785a52eaecd9e997a0f570ada5 ima-ng sha1:a3f4886df912c0550f4e32cec1814e7f92e0218b /sbin/init 10 c78f4cecff4b004c9956c84628e6514a4d39881d ima-ng sha1:d11ce2e31ab441be705df3061a3d6fb7e41a504e /lib/x86_64-linux-gnu/ld-2.19.so 10 847203248af633d214e91dd1b3397e9d462771c7 ima-ng sha1:26837b475d0fb26d4256ce1744f52b264d67b58f /lib/x86_64-linux-gnu/libnih.so.1.0.0 10 367f76edbab585e2441bed7ee66fab6c7a1c0dad ima-ng sha1:d52c92a8019c259f40ae1240372dd598c2a1c54c /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0 10 b35e07f368b2d129dc9f3fd8ae325a9e3cf01a36 ima-ng sha1:d3892d8e70b27c4638ca8fbeceeed0386b7d672e /lib/x86_64-linux-gnu/libdbus-1.so.3.7.6 10 465a4a6342823c30427ca8374de54acb26bbb9fb ima-ng sha1:580764ad1cb67e7c37f49581ebf6369456795440 /lib/x86_64-linux-gnu/libselinux.so.1 10 5e8baf31a7f08a8e103f0f8174a3432e39161262 ima-ng sha1:91de58ef6be75cf952caecab0f2830c5b3527bbc /lib/x86_64-linux-gnu/libjson-c.so.2.0.0 10 d482b0fa3c1755c99380c279d73b77088c2a5d62 ima-ng sha1:011ea7ea14e6874e9da0245e4e6ed472d02814ed /lib/x86_64-linux-gnu/librt-2.19.so 10 a2733a6feac3a4d293af84f2ce47c1305cabc870 ima-ng sha1:65228a2bbff8ca52d2040ac55499b348f648cc81 /lib/x86_64-linux-gnu/libc-2.19.so 10 5da2378816b820601c8c708614784a7b5de5e8b8 ima-ng sha1:9ecd4089b74f1036c9825c2d082356e9ffb964f3 /lib/x86_64-linux-gnu/libpthread-2.19.so 10 cb8fc9859356d3802b365108d4a8baadf9251135 ima-ng sha1:9afccef2b8c4944cd78d25b87bc9198a3cb82406 /lib/x86_64-linux-gnu/libpcre.so.3.13.1 10 a3d30aa5bc7a24c3dd341d2eaa2ae4824915245a ima-ng sha1:cf26e327ee6f69694b080ae66c2572a6cb9c9c66 /lib/x86_64-linux-gnu/libdl-2.19.so 10 8b39d375a031075939a1621b2b470d0284c1f534 ima-ng sha1:c799f2ccebf69f87afc91520793631b3f0b9692b /lib/x86_64-linux-gnu/libnss_compat-2.19.so 10 ffab1636ff997c9b5040b637fe1cbfeae36988a5 ima-ng sha1:b74430744e6927384b34fd93385f8229b53e2dd7 /lib/x86_64-linux-gnu/libnsl-2.19.so 10 980f0b3422677f12d5af8850067e0b777358a013 ima-ng sha1:7fe4a578af95b0ebf1426573d088f110e5cdd8fe /lib/x86_64-linux-gnu/libnss_nis-2.19.so 10 60bd11e71fcd550996d557efaf1206832fe60cc5 ima-ng sha1:e12cc6838353f93bf43663081293d5891479f96f /lib/x86_64-linux-gnu/libnss_files-2.19.so 10 214c1d89e94ef8e89248a9b010cb7c050b6eef37 ima-ng sha1:8599d27418cf321a855d0c79091f1dfd5bec202d /bin/hostname 10 cb69d6e743aa7b96f011e7b74a37493bca7c5c26 ima-ng sha1:647437c3d7543c7c8d381903834c9ef42eb4cf69 /bin/sh 10 8327121efedbc427cf3f1c80d2d02a015fe422b0 ima-ng sha1:99085b3a04ebce2c38b2dee931a23f088e84bb16 /bin/plymouth-upstart-bridge 10 5cd0c8ff35ffe9948c379ee132ba60963875d9f1 ima-ng sha1:7b655b7d4919cbe1948e40fe04ce442217ce1fd9 /lib/x86_64-linux-gnu/libtinfo.so.5.9 10 2d8f5f5298011a4b895d1417da60c07243e0afbc ima-ng sha1:1484087bd1949292c0c01dce666e03a4bfd0de57 /sbin/ureadahead 10 73a0e5567d03f9a010c3172823ec62d4bb6d13e1 ima-ng sha1:9ff8c658248661954e6b4da063284dc18abe2aa5 /lib/x86_64-linux-gnu/libply.so.2.1.0 ... 10 815ace588c5cba9c560cbd44f8a805b658b21d22 ima-ng sha1:399e44c073a182583fcb34bff9f1ef22fbe5b03d /lib/modules/3.13.0-24-generic/kernel/drivers/acpi/video.ko 10 dbae20839a6395223f903297da6319a612d6db71 ima-ng sha1:040dbd5ded576311cc48f26263375497bc8db406 /lib/modules/3.13.0-24-generic/kernel/drivers/macintosh/mac_hid.ko 10 78d4061ae87e40df0dae8e32936c021544591356 ima-ng sha1:ea65564f325a81d9e0f70ef99b9edde6ac8c9e77 /lib/modules/3.13.0-24-generic/kernel/sound/soundcore.ko 10 9e970c33401f9894c08d2fc7eeb49aedf5a53771 ima-ng sha1:37a5ab56786ca71e32ab27908284f31e70e08047 /lib/modules/3.13.0-24-generic/kernel/drivers/char/lp.ko 10 485003485053de26f333f86899c2e3fe5089ed23 ima-ng sha1:32f4cb4902bd0dd582b66d0bc1e8b9add55caf3b /usr/bin/python3 10 cdd7d2565cde332628d79244d81f72f9850354f8 ima-ng sha1:d8637c4e8344a8cb70ceb44b108b11a3bea68948 /usr/sbin/rsyslogd ...
Of the 1271 measurement entries only a few of them are shown above. At the outset, with the default IMA policy still in place, a few configuration files such as /conf/arch.conf or /conf/initramfs.conf are measured. But immediately after the installation of the new IMA policy through the execution of the /scripts/init-top/ima_policy initramfs script, only executable files, dynamic libraries and kernel modules are measured. The listing above shows that since Ubuntu 14.04 LTS comes with a Linux 3.13 kernel, the new ima-ng format is used. It can also easily be easily checked that no violations have occured
sudo cat /sys/kernel/security/ima/violations 0
IMA-NG SHA-256 Measurment Log¶
With the ima_hash=sha256 boot option SHA-256 file measurement hashes are computed before they are extended into the SHA-1 based PCR 10 TPM register
10 ef2be9c304d9bbbd8ecb40f0d296176d2b5d3078 ima-ng sha1:4663ed64e5dbbb9755a0914b1a15fa76a1797806 boot_aggregate 10 c3fa0b0d107aed63fb79c565094c620155dda457 ima-ng sha256:3119179b394d74f83738121cab4276c1d6146f87188835e8f2a171827884d70b /init 10 f8379e4ddbeca9ca68b4cfb01914b7a1773e13be ima-ng sha256:769359bc64a1ffd439f46aa475e92875c3dd630c2dea7b06f750e8c3266ea14c /bin/sh 10 ff896bd90c902ce921b212614b1a2674c82f2acc ima-ng sha256:130a98698ecefb20d4a39e6bb3d37971135197116eedd7d8bef74ee6254f2a5c /lib64/ld-linux-x86-64.so.2 10 d7a77dadf0e8b4bc13443a5551613cc900da87ab ima-ng sha256:5659f1f40a50bda0fa7ae2bba343cc7825afd8bd2ada821750432163a9f0b55c /etc/ld.so.cache 10 a4eaa00d9a70f46f9676a39ecb733a0b58f8ddcc ima-ng sha256:699db793a68e26def43095e6c63366f8104fbef3990d309056fe6ac25d7db2e1 /lib/x86_64-linux-gnu/libc.so.6 10 0f8b2256c6159adfec34fc26b0f70f62b189e9a6 ima-ng sha256:91f2413151b7b0451ce0b6cedc7e5919931acf792d9a26645c0deb3bc230d9fe /conf/arch.conf 10 8780eccc25a7b8788e13eb04f6262315b57c8dd5 ima-ng sha256:383670b244912357c2f2cb8d833521e16b6f49d2cdeee9738f507b8f0a8c87fd /conf/initramfs.conf 10 a347cffebcbd2ef1e253345bd298893a32b47e33 ima-ng sha256:529e29e0dc3e44b5cfd84913015f816614ccc06e60c15a3ce4c886adab4901db /conf/conf.d/resume 10 b39d692c43f4b3c051808fc76aec82c2d4e71e42 ima-ng sha256:5979501cbd4f9ea8e523892d9ddab4592070ebeb6363bd28c7abc9de0f8cc655 /scripts/functions 10 c9a7311a41ab0cfe901c927ea68e016a616e606a ima-ng sha256:1d777386821dcd0a4eac6ca0fb0ee55a34d8e9ab6feb7c7e236ff3f0cde36a4a /scripts/init-top/ORDER 10 2f2cff22a7037335b0a5f7c619e637c172d8121c ima-ng sha256:281e38c908dc03a01105b02c413a7678f5b672dc6b1110875b29051b13c1c59f /scripts/init-top/all_generic_ide 10 dcaaf7d10e0ee90905667424f0a4ee1a4538a3ef ima-ng sha256:7a74c1144fc3838d9ccd22318baf5f8be372f1a478bfb31606d084f771fdf36d /scripts/init-top/blacklist 10 b77eb148007c0f37ac73752c6df723090899118a ima-ng sha256:d2b6e7640229045f014a7c94e5eeb6551f62ca4e029c483a2151bea278d94c70 /scripts/init-top/ima_policy 10 1d4a4f88cc8a1ec220294a77658c44139c5d7494 ima-ng sha256:dac58f4a1852c2b285eac5d56f4944aab373e1df02d3835bdabdf749b59bc3bb /sbin/init 10 2aa2f6f9ae1195ed17ed71bbaa0afcc400de658f ima-ng sha256:130a98698ecefb20d4a39e6bb3d37971135197116eedd7d8bef74ee6254f2a5c /lib/x86_64-linux-gnu/ld-2.19.so 10 a49b885c7abaa1fa514ce133a28095f4fd2b3534 ima-ng sha256:9dad934f022f86d3c38e4e69b9bb27b19fc3616e5d225b5746e35a6bac3559b4 /lib/x86_64-linux-gnu/libnih.so.1.0.0 10 16e38707cb68ee00a77e85b1d77fd0da8f7ce2d2 ima-ng sha256:525ecda56064bab46cb2c15e712b95ed183e1bf983009c76f350526b258b7c19 /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0 10 3cd0b2acd4f9bbebfdbc19fc29a6abfba13694d7 ima-ng sha256:aa69pki --gen --type rsa --size 2048 aikCaKey80d18c94a64747b058b5a1de06386efcde5b1813408cdc3b3d5a949059fc /lib/x86_64-linux-gnu/libdbus-1.so.3.7.6 10 604ef3d7878bf2d1159e7acc12a71cdee3c6f0db ima-ng sha256:ace311632f0595269750f2ccf6d7b48677b36667ecc0f9a8a55af48e3949f7eb /lib/x86_64-linux-gnu/libselinux.so.1 10 8e57cbbd64ee7f8b35799dfc516f52bf23ef075b ima-ng sha256:42e60674bc1c5e2c93fae14b2f77df9981e4f5a4917fd98fda2b28649de9ba5e /lib/x86_64-linux-gnu/libjson-c.so.2.0.0 10 9aa7d42bf8edc26e9b5b6b4d31843f87eec081c0 ima-ng sha256:aa68f1e8997572b1b15b5f23896183797604c6f24162e8196e688811b481eb98 /lib/x86_64-linux-gnu/librt-2.19.so 10 7ea95197fa906a62ac7a6376d469a1b67b8777c7 ima-ng sha256:699db793a68e26def43095e6c63366f8104fbef3990d309056fe6ac25d7db2e1 /lib/x86_64-linux-gnu/libc-2.19.so 10 dfcf489a4edb9e7bd5f16c87de3b08e5f409a4c3 ima-ng sha256:887098b6012ca53233b2b9f8a1b197db92cf84fa22102ef0a0d0939fde5cc4e7 /lib/x86_64-linux-gnu/libpthread-2.19.so 10 1863860facf716f1375717f8af356f2681b2b2e4 ima-ng sha256:52309d8667704b4f13e9489c5e1cf456a409c3e1b0cf50599b43a0293eafa965 /lib/x86_64-linux-gnu/libpcre.so.3.13.1 10 c3d1f711f903df633a3d7b968639b28598c45088 ima-ng sha256:5db3352b2a01e6b40ff89033e11de7ff82328f7190755be58e46ff283e877254 /lib/x86_64-linux-gnu/libdl-2.19.so 10 5ad591c96158731d7df1c22b6f1ef5e8be7658b2 ima-ng sha256:5c225df00d87a912e483486f047e8d95ed4f5f77122f19c1e026a2a85df3d719 /lib/x86_64-linux-gnu/libnss_compat-2.19.so 10 57d42615d9156587c5df6ca1e705a40ad7934fd3 ima-ng sha256:005703c04fb2044918f49265c851884f3553e06d7e1038ce7568fd6a4d3718ac /lib/x86_64-linux-gnu/libnsl-2.19.so 10 6cd272b1de86ea8e2561c6c37e925dd5733c6f4d ima-ng sha256:4f80010343bcabe62f15a47f4976c1e16db0e6d216b583282e0a28af9d53742e /lib/x86_64-linux-gnu/libnss_nis-2.19.so 10 d31a090754d1ed3dd7972dbc5aa1e9b432a685f2 ima-ng sha256:1635ce50bbfd373777948d72ab8e6c7a5800d385ffcdabac0adc86f2290866fc /lib/x86_64-linux-gnu/libnss_files-2.19.so 10 3dece818ccfba88ceba3e58284620064aa464618 ima-ng sha256:455b569b7267b6adaaa3045a4320565a84fa9906537ea2444ecc78cfc0524f5d /bin/hostname 10 ed893fef90b04e422b079e0c38398b79a0a85dc6 ima-ng sha256:2934648ffdb7b77f507a6dbd3b2b3fbffdbf56c39e29e21849edd2cd5f390b76 /bin/sh 10 317ab93d5a48b7febdff9f60147a7ab82c757450 ima-ng sha256:51d0920b72d7ea12ce3afdb80f361800005c289055ded35c4a8acdb51f9565de /bin/plymouth-upstart-bridge 10 1fab4ecdb4d9fa8d95773a1fdccfda51ebf293aa ima-ng sha256:d554851f0dba84714c1caeb6c30a53577b39d4e9db84c9d03a0b9e9aeb5536e3 /lib/x86_64-linux-gnu/libtinfo.so.5.9 10 855dddedace3549fcc9d1e57f9a8c804975f4f79 ima-ng sha256:2acbebb0af6806ef6e02f8c609d71e9fbdfdd41556e117c54c8d4dcd29604ea2 /sbin/ureadahead 10 7d2b6bba7208b095c47022cf11fc77e26786422b ima-ng sha256:79d91811f0d0a59419500bfbbf7fc7014397d0a59b2679b58b01a2079e2fd999 /lib/x86_64-linux-gnu/libply.so.2.1.0 ...
Activate the Trusted Platform Module (TPM)¶
The strongSwan Attestation Integrity Measurement Collector (IMC) as well as various TPM tools need the TrouSerS open source implementation of the TCG Software Stack (TSS) in order to communicate with the Trusted Platform Module (TPM). Therefore make sure the following packages have been installed.
sudo apt-get install trousers tpm-tools
After installation the tcsd daemon should automatically be started in the background. You can check this by typing
tpm_version TPM 1.2 Version Info: Chip Version: 1.2.13.8 Spec Level: 2 Errata Revision: 3 TPM Vendor ID: STM Vendor Specific data: 48 TPM Version: 01010000 Manufacturer Info: 53544d20
which should return detailed information on your TPM chip. Next, if you haven't done so yet, you must take ownership of your TPM with the command
sudo tpm_takeownership --owner-well-known --srk-well-known
Currently the TPM Owner and Storage Root Key passwords must be set to 20 zero bytes using the --owner-well-known (-y) and --srk-well-known (-z) options, respectively, since a couple of TPM tools depend on these default values. If the take_ownership command returns with an error saying that the TPM has not been enabled, shut down the host, change into the BIOS menu, enable the Trusted Platform Module or "Security Chip" and reboot.
Set up a Privacy CA¶
For remote attestation we don't need anyonymity. Quite to the contrary we want to uniquely identify each hardware platform by its Attestation Identity Key (AIK). Therefore we create our own Privacy CA using the pki tool from the strongSwan project. The openssl command could be used as well. This is should be done on a safe computer which is not connected to any network so the private key of the Privacy CA cannot be compromised.
First we generate the private key for the Privacy CA. With a version 1.2 TPM this must be a 2048 bit RSA key.
pki --gen --type rsa --size 2048 > aikCaKey.der
With the current version of the strongSwan aikgen tool it is sufficient to extract the public key of the Privacy CA from the private key file.
pki --pub --in aikCaKey.der > aikCaPub.der
But if you prefer you can nicely embed the public key in a self-signed Privacy CA certificate that is generated with the command
pki --self --in aikCaKey.der --dn "C=CH, O=strongSwan Project, CN=strongSwan Privacy CA" --lifetime 3650 --ca --digest sha256 > aikCaCert.der
Set up the Attestation Client¶
Required Ubuntu Packages¶
The build of the strongSwan client software requires the following Ubuntu packages
sudo apt-get install build-essential libcurl4-openssl-dev libtspi-dev
Install the strongSwan VPN/TNC Client¶
IMA-NG support and the aikgen tool were introduced with strongSwan 5.2.0 which is currently available as a developers release. Download and unpack the latest tarball with the following commands:
wget http://download.strongswan.org/strongswan-5.2.0dr6.tar.bz2 tar xjvf strongswan-5.2.0dr6.tar.bz2 cd strongswan-5.2.0dr6
Configure the strongSwan software with the following options
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --disable-aes --disable-md5 --disable-sha1 --disable-sha2 \ --disable-fips-prf --enable-curl --enable-openssl --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 \ --enable-eap-tnc --enable-eap-ttls --enable-eap-dynamic --enable-tnccs-20 --enable-tnc-imc --enable-imc-os \ --enable-imc-attestation --enable-aikgen --with-tss=trousers
and then compile and install the combined VPN/TNC client with
make sudo make install
Generate an Attestation Identity Key (AIK)¶
Now we generate an Attestation Identity Key bound to the client platform's TPM. The SHA-1 fingerprint or keyid of the AIK will be used as the hardware identity for our client device. We recommend to store the AIK in the /etc/pts/ directory of the Attestation client
sudo mkdir /etc/pts
but you can use any other location of your choice. First copy either the public key aikCaPub.der or the self-signed certificate aikCaCert.der of your Privacy CA to the Attestation Client. The AIK is then generated with the new aikgen tool introduced with the strongSwan 5.2.0 release
sudo aikgen --capubkey /etc/pts/aikCaPub.der --aikblob /etc/pts/aikBlob.bin --aikpubkey /etc/pts/aikPub.der Generating identity key... AIK private key blob written to '/etc/pts/aikBlob.bin' (559 bytes) AIK public key written to '/etc/pts/aikPub.der' (294 bytes) AIK keyid: 36:18:cb:85:d8:32:43:5a:44:d0:bf:4e:a2:e9:23:f2:c7:9e:3c:e2
or alternatively
sudo aikgen --cacert /etc/pts/aikCaCert.der --aikblob /etc/pts/aikBlob.bin --aikpubkey /etc/pts/aikPub.der
Note down the AIK keyid which will be used as the device identity of the Attestation Client. You will need the keyid in order to register the client as a trusted device with the Attestation Server. Don't worry, the keyid can retrieved from the AIK public key at any time with the strongSwan pki tool
pki --print --type pub --in aikPub.der pubkey: RSA 2048 bits keyid: 36:18:cb:85:d8:32:43:5a:44:d0:bf:4e:a2:e9:23:f2:c7:9e:3c:e2
Configure the Integrity Measurement Collectors (IMCs)¶
For IMA-based remote attestation to work, the Operating System (OS) and the Attestation Integrity Measurment Collectors are needed. The path to the two IMC dynamic libraries must be defined in /etc/tnc_config:
IMC "OS" /usr/lib/ipsec/imcvs/imc-os.so IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so
The IMC properties are defined in the libimcv section of /etc/strongswan.conf
libimcv { plugins { imc-os { device_pubkey = /etc/pts/aikPub.der } imc-attestation { aik_blob = /etc/pts/aikBlob.bin aik_pubkey = /etc/pts/aikPub.der } } }
The AIK public key is used as a device identity by the OS IMC and together with the AIK private key blob for a TPM-based Quote signature by the Attestation IMC. The pcr_info = no option helps to save network bandwidth because the PCR states before and after a measurement is extended into the PCR are not transmitted with the measurement hash.
Configure the strongSwan TNC Client¶
The options defining the behaviour of the combined VPN/TNC strongSwan client go into the charon section of /etc/strongswan.conf
charon { plugins { eap-ttls { max_message_count = 0 } eap-tnc { max_message_count = 0 } tnccs-20 { max_batch_size = 32754 max_message_size = 32722 } } }
Because we are going to send quite a large number of EAP-TNC messages transported through an IKEv2 EAP-TTLS tunnel, the default restrictions on the maximum message count must be disabled. And in order to prevent IKEv2 message retransmissions due to large TNC server-side processing delays, we restrict the IF-TNCCS 2.0 (PB-TNC) maximum batch size to 32 kB so that the overall performance is optimized.
Since the OpenSSL crypto library that strongSwan is using with the enabled openssl plugin automatically detects the presence of the Intel AES-NI instruction set and thus accelerates the AES-GCM authenticated encryption algorithm in an astounding way, we want the VPN client in its IKEv2 EAP-TTLS handshake to proposes the TLS 1.2 AEAD cipher suites, only . This is achieved by the following libtls section in /etc/strongswan.conf
libtls { suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 }
Configure the VPN connection¶
The VPN connection definition goes into /etc/ipsec.conf
config setup charondebug="tnc 2, imc 2, pts 2" conn %default ike=aes128-sha256-ecp256,aes256-sha384-ecp384! esp=aes128gcm128-ecp256,aes256gcm128-ecp384! keyexchange=ikev2 conn home left=%any leftid=carol@strongswan.org leftauth=eap leftfirewall=yes right=192.168.0.1 rightid=moon.strongswan.org rightauth=any rightsendcert=never rightsubnet=10.1.0.0/16 auto=start
The VPN server moon is authenticating itself with a server certificate. Therefore the Root CA certificate strongswanCert.pem must be stored in /etc/ipsec.d/cacerts/.
pki --print --type x509 --in /etc/ipsec.d/cacerts/strongswanCert.pem cert: X509 subject: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" issuer: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" validity: not before Sep 10 12:01:18 2004, ok not after Sep 07 12:01:18 2019, ok (expires in 1951 days) serial: 00 flags: CA CRLSign self-signed pathlen: 1 authkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef subjkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef pubkey: RSA 2048 bits keyid: ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc subjkey: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
The authentication of the client carol is based on an EAP-MD5 password which is stored in /etc/ipsec.secrets
carol@strongswan.org : EAP "Ar3etTnp"
Set up the Attestation Server¶
Required Ubuntu Packages¶
The build of the strongSwan server software requires the following Ubuntu packages
sudo apt-get install build-essential libcurl4-openssl-dev libtspi-dev libsqlite3-dev
Install the strongSwan VPN/TNC Server¶
IMA-NG support was introduced with strongSwan 5.2.0 which is currently available as a developers release. Download and unpack the latest tarball with the following commands:
wget http://download.strongswan.org/strongswan-5.2.0dr6.tar.bz2 tar xjvf strongswan-5.2.0dr6.tar.bz2 cd strongswan-5.2.0dr6
Configure the strongSwan software with the following options
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --disable-aes --disable-md5 --disable-sha1 --disable-sha2 \ --disable-fips-prf --enable-curl --enable-openssl --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 \ --enable-eap-tnc --enable-eap-ttls --enable-eap-dynamic --enable-tnccs-20 --enable-tnc-imv --enable-imv-attestation \ --with-tss=trousers --enable-sqlite
and then compile and install the combined VPN/TNC server with
make sudo make install
Configure the Integrity Measurement Verifiers (IMVs)¶
For IMA-based remote attestation to work, only the Attestation Integrity Measurment Verifier is needed since the OS functionality is included. The path to the Attestation IMV dynamic library must be defined in /etc/tnc_config:
IMV "Attestation" /usr/lib/ipsec/imcvs/imv-attestation.so
The IMV properties are defined in the libimcv section of /etc/strongswan.conf
libimcv { database = sqlite:///etc/pts/config.db policy_script = ipsec imv_policy_manager plugins { imv-attestation { hash_algorithm = sha1 } } }
The Attestation IMV must have access to the /etc/pts/config.db database shared with the strongTNC Policy Manager. With a version 1.2 TPM the hash algorithm must be set to SHA-1.
Configure the strongSwan TNC Server¶
The options defining the behaviour of the combined VPN/TNC strongSwan client go into the charon section of /etc/strongswan.conf
charon { half_open_timeout = 300 plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes max_message_count = 0 } eap-tnc { max_message_count = 0 } } }
We set the timeout for half open IKEv2 connections to 300 seconds so that even in the presence of serious network congestion we have enough time to transmit all attestation data before the IKE SA times out.
Configure the VPN connection¶
The VPN connection definition goes into /etc/ipsec.conf
config setup charondebug="tnc 2, imv 2, pts 2" conn %default ike=aes128-sha256-ecp256,aes256-sha384-ecp384! esp=aes128gcm128-ecp256,aes256gcm128-ecp384! keyexchange=ikev2 conn rw-allow rightgroups=allow leftsubnet=10.1.0.0/28 also=rw-eap auto=add conn rw-isolate rightgroups=isolate leftsubnet=10.1.0.16/28 also=rw-eap auto=add conn rw-eap left=192.168.0.1 leftcert=moonCert.pem leftid=moon.strongswan.org leftauth=pubkey leftfirewall=yes right=%any rightauth=eap-ttls
The VPN server moon is authenticating itself with the server certificate moonCert.pem which is stored in /etc/ipsec.d/certs/.
pki --print --type x509 --in /etc/ipsec.d/certs/moonCert.pem cert: X509 subject: "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" issuer: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" validity: not before Aug 27 12:03:32 2009, ok not after Aug 26 12:03:32 2014, ok (expires in 113 days) serial: 17 altNames: moon.strongswan.org flags: serverAuth CRL URIs: http://crl.strongswan.org/strongswan.crl authkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef subjkeyId: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1:fa:c3:64:9d:29:2e pubkey: RSA 2048 bits keyid: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1:43:51:e4:fa:10:94 subjkey: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1:fa:c3:64:9d:29:2e
The server moon authenticates itself using a digital signature generated with the private key stored in /etc/ipsec.d/private/moonKey.pem.
pki --print --type rsa-priv --in /etc/ipsec.d/private/moonKey.pem private key with: pubkey: RSA 2048 bits keyid: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1:43:51:e4:fa:10:94 subjkey: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1:fa:c3:64:9d:29:2e
The authentication of the client carol and other clients is based on EAP-MD5 passwords stored in /etc/ipsec.secrets
: RSA moonKey.pem carol@strongswan.org : EAP "Ar3etTnp" dave@strongswan.org : EAP "W7R0g3do"
The Root CA certificate strongswanCert.pem is stored in /etc/ipsec.d/cacerts/.
pki --print --type x509 --in /etc/ipsec.d/certs/moonCert.pem cert: X509 subject: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" issuer: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" validity: not before Sep 10 12:01:18 2004, ok not after Sep 07 12:01:18 2019, ok (expires in 1951 days) serial: 00 flags: CA CRLSign self-signed pathlen: 1 authkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef subjkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef pubkey: RSA 2048 bits keyid: ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc subjkey: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
Collect File Measurement Reference Values¶
- Set up a clean Ubuntu 14.04 distribution on a host not connected to any network so that it cannot get corrupted.
- Install strongSwan on it with a configuration similar to the strongSwan TNC server installation. Required is the sqlite plugin as well as the attest tool and the build-database.sh script found in the src/libpts/plugins/imv_attestation/ directory.
- Copy the /etc/pts/config.db database of the strongTNC Policy Manager to the /etc/pts/ directory of the reference platform.
- In the attest section of /etc/strongswan.conf specify the path to the database.
attest { database = sqlite:///etc/pts/config.db }
- Execute the build-database-sh script
#!/bin/sh p="Ubuntu 14.04 x86_64" a="x86_64-linux-gnu" k="3.13.0-24-generic" for hash in sha1 sha256 do ipsec attest --add --product "$p" --$hash --dir /sbin ipsec attest --add --product "$p" --$hash --dir /usr/sbin ipsec attest --add --product "$p" --$hash --dir /bin ipsec attest --add --product "$p" --$hash --dir /usr/bin ipsec attest --add --product "$p" --$hash --file /etc/init.d/rc ipsec attest --add --product "$p" --$hash --file /etc/init.d/rcS ipsec attest --add --product "$p" --$hash --dir /etc/network/if-pre-up.d ipsec attest --add --product "$p" --$hash --dir /etc/network/if-up.d ipsec attest --add --product "$p" --$hash --dir /etc/ppp/ip-down.d ipsec attest --add --product "$p" --$hash --dir /etc/rcS.d ipsec attest --add --product "$p" --$hash --dir /etc/rc2.d ipsec attest --add --product "$p" --$hash --file /etc/rc.local ipsec attest --add --product "$p" --$hash --dir /etc/resolvconf/update.d ipsec attest --add --product "$p" --$hash --file /etc/resolvconf/update-libc.d/avahi-daemon ipsec attest --add --product "$p" --$hash --dir /etc/update-motd.d ipsec attest --add --product "$p" --$hash --dir /lib ipsec attest --add --product "$p" --$hash --file /lib/crda/setregdomain ipsec attest --add --product "$p" --$hash --dir /lib/ebtables ipsec attest --add --product "$p" --$hash --file /lib/init/apparmor-profile-load ipsec attest --add --product "$p" --$hash --file /lib/resolvconf/list-records ipsec attest --add --product "$p" --$hash --dir /lib/ufw ipsec attest --add --product "$p" --$hash --dir /lib/udev ipsec attest --add --product "$p" --$hash --dir /lib/systemd ipsec attest --add --product "$p" --$hash --dir /lib/xtables ipsec attest --add --product "$p" --$hash --dir /lib/$a ipsec attest --add --product "$p" --$hash --dir /lib/$a/plymouth ipsec attest --add --product "$p" --$hash --dir /lib/$a/plymouth/renderers ipsec attest --add --product "$p" --$hash --dir /lib/$a/security ipsec attest --add --product "$p" --$hash --file /lib64/ld-linux-x86-64.so.2 for file in `find /usr/lib -name *.so` do ipsec attest --add --product "$p" --$hash --file $file done ipsec attest --add --product "$p" --$hash --dir /usr/lib ipsec attest --add --product "$p" --$hash --dir /usr/lib/accountsservice ipsec attest --add --product "$p" --$hash --dir /usr/lib/at-spi2-core ipsec attest --add --product "$p" --$hash --file /usr/lib/avahi/avahi-daemon-check-dns.sh ipsec attest --add --product "$p" --$hash --file /usr/lib/dbus-1.0/dbus-daemon-launch-helper ipsec attest --add --product "$p" --$hash --dir /usr/lib/gvfs ipsec attest --add --product "$p" --$hash --dir /usr/lib/NetworkManager ipsec attest --add --product "$p" --$hash --dir /usr/lib/pm-utils/power.d ipsec attest --add --product "$p" --$hash --file /usr/lib/policykit-1/polkitd ipsec attest --add --product "$p" --$hash --dir /usr/lib/ubuntu-release-upgrader ipsec attest --add --product "$p" --$hash --dir /usr/lib/update-notifier ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a ipsec attest --add --product "$p" --$hash --file /usr/lib/$a/mesa/libGL.so.1.2.0 ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a/samba ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a/sasl2 ipsec attest --add --product "$p" --$hash --dir /usr/share/language-tools ipsec attest --add --product "$p" --$hash --file /init \ --measdir /usr/share/initramfs-tools ipsec attest --add --product "$p" --$hash --file /scripts/functions \ --measdir /usr/share/initramfs-tools/scripts for file in `find /lib/modules/$k -name *.ko` do ipsec attest --add --product "$p" --$hash --file $file done done
with the commandsudo ./build-database.sh
- The collected SHA-1 and SHA-256 hashes can be viewed with the command
ipsec attest --hashes --sha1 --product "Ubuntu 14.04 x86_64" 839: / 11624: init 29527: bb:e9:8e:20:b8:50:f3:90:76:11:fb:96:35:4b:5e:00:7a:91:79:f4 1: /bin 98: bash 7119: 96:66:72:a5:3b:ec:6b:0e:43:13:7e:18:7d:9b:c5:dc:e0:5d:84:43 151: bunzip2 7175: da:e8:d8:c3:67:14:9f:4b:71:f5:ea:22:61:73:34:31:f9:d9:ab:0a ... 11678: set-language-helper 29594: dd:60:1f:44:fe:d0:f8:30:00:33:c2:c3:37:59:79:20:35:8a:a4:3f 11684: update-langlist 29600: 65:db:ba:c4:d7:ff:68:1d:fb:ca:a5:8d:66:29:4c:31:ef:aa:03:b0 12110 SHA1 values found for product 'Ubuntu 14.04 x86_64'
andipsec attest --hashes --sha256 --product "Ubuntu 14.04 x86_64" 839: / 11624: init 29529: 31:19:17:9b:39:4d:74:f8:37:38:12:1c:ab:42:76:c1:d6:14:6f:87:18:88:35:e8:f2:a1:71:82:78:84:d7:0b 1: /bin 98: bash 13821: b2:6d:a5:4d:b8:48:6c:b9:2a:e5:c1:2c:d8:21:91:0d:eb:e7:6b:e6:c6:f3:57:f0:d1:fa:87:b6:02:a1:59:dc 151: bunzip2 13877: 42:b6:50:67:a8:b8:4f:24:13:ed:da:da:c7:80:e4:53:c3:8e:31:0e:e8:b9:dc:b7:c5:d6:8c:85:31:bf:8e:ec ... 11678: set-language-helper 29653: 0f:fe:cd:a9:06:49:2f:07:64:92:4e:ff:d8:9d:42:7b:0b:31:65:69:1d:8c:49:f5:e0:24:f5:8a:e5:2a:7c:8f 11684: update-langlist 29659: 29:1c:e0:6b:cf:f6:5b:f5:74:0f:f8:77:a2:33:c8:1e:ea:03:82:16:5b:28:85:e7:34:a8:fd:81:3d:d1:de:5f 12110 SHA256 values found for product 'Ubuntu 14.04 x86_64'
respectively
- Copy back the augmented config.db database to the strongSwan Policy Manager.
Connection Setup¶
Start the TNC Server¶
The combined strongSwan VPN/TNC server on moon is started with
moon> sudo ipsec start
Start the TNC Client¶
The combined strongSwan VPN/TNC client is started with
carol> sudo ipsec start
and a connection is automatically set up.
Register the Device with the strongTNC Policy Manager¶
- Log in as read/write admin user into your strongTNC Policy Manager and select the Devices menu.
- You will see a new device with the ID 3618cb85d832435a44d0bf4ea2e923f2c79e3ce2 which is the fingerprint of the AIK we generated earlier for the client.
- Select the device, enter a short description and after verifying the AIK keyid set the Trusted flag to yes.
- Then assign the TPM BIOS/IMA group to the device and save the changes.
The client is now ready for IMA measurements.
strongTNC devices view after enabling trust and saving changes
IMA Measurements¶
TNC Client and Server Logs¶
The following links show the complete and annotated logs of the TNC Client and Server doing IMA remote attestation measurements
Session result on strongTNC policy server¶
The attestation result is summarized by the strongTNC policy server.