From bf1feb042fb6c4e3f456068c04996a0509108b45 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 4 Jul 2023 16:41:01 +0200 Subject: [PATCH] docs: explain the role of PCR[10] and why it is not reproducible (#2011) --- docs/docs/architecture/attestation.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md index 883607de1..5715b9060 100644 --- a/docs/docs/architecture/attestation.md +++ b/docs/docs/architecture/attestation.md @@ -144,7 +144,7 @@ The latter means that the value can be generated offline and compared to the one | 7 | Secure Boot State | Azure, Constellation Bootloader | No | | 8 | - | - | - | | 9 | initramfs | Linux Kernel | Yes | -| 10 | Reserved | - | No | +| 10 | Userspace[^1] | Linux IMA[^1] | No[^1] | | 11 | Reserved for Unified Kernel Image components | (Constellation Bootloader) | Yes | | 12 | Kernel command line | Constellation Bootloader | Yes | | 13 | Reserved | (Constellation Bootloader) | Yes | @@ -177,7 +177,7 @@ The latter means that the value can be generated offline and compared to the one | 7 | GCP Secure Boot Policy | GCP, Constellation Bootloader | No | | 8 | - | - | - | | 9 | initramfs | Linux Kernel | Yes | -| 10 | Reserved | - | No | +| 10 | Userspace[^1] | Linux IMA[^1] | No[^1] | | 11 | Reserved for Unified Kernel Image components | (Constellation Bootloader) | Yes | | 12 | Kernel command line | Constellation Bootloader | Yes | | 13 | Reserved | (Constellation Bootloader) | Yes | @@ -209,7 +209,7 @@ The latter means that the value can be generated offline and compared to the one | 7 | Secure Boot Policy | AWS, Constellation Bootloader | No | | 8 | - | - | - | | 9 | initramfs | Linux Kernel | Yes | -| 10 | Reserved | - | No | +| 10 | User space | Linux IMA | No[^1] | | 11 | Reserved for Unified Kernel Image components | (Constellation Bootloader) | Yes | | 12 | Kernel command line | Constellation Bootloader | Yes | | 13 | Reserved | (Constellation Bootloader) | Yes | @@ -308,3 +308,9 @@ flowchart LR D["Public key"]-- "verifies" -->E["Runtime measurements"] E["Runtime measurements"]-- "verify" -->F["Constellation cluster"] ``` + +## References + +[^1]: Linux IMA produces runtime measurements of user space binaries. +However, these measurements aren't deterministic and thus, PCR\[10] can't be compared to a constant value. +Instead, a policy engine must be used to verify the TPM event log against a policy.