Environment

• OS / version: 22.04.1-Ubuntu
• Processor architecture: x86_64
• TPM Manufacturer: virtual TPM 2.0 with a virtual machine under QEMU/KVM
• Keylime version: latest

Description

On a vitual machine with virtual TPM 2.0, I installed the latest version of the 2 projects keylime and rust-keylime. I checked the registration and verification processus without specific monitoring about PCR ou IMA. I can trace the REST requests between each components with wireshark. Then I read the 3 documents in order to monitoring PCRs.

• [1] User Selected PCR Monitoring
• [2] Use Measured Boot
• [3] Deploying Keylime for measured boot attestation

Expected behavior vs. actual behavior

I tried to measure boot but I have several errors.

Steps to reproduce problem

I tried the 3 following tests in order to measure boot.

• test 1 : According to [1] we could monitor a remote machine for any given PCR. I tried to monitor the PCR 0 but keylime_verifier raise an error and rust-keylime agent is revocated.

# tpm2_pcrread  sha256:0
  sha256:
    0 : 0xE21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
# keylime_tenant -c add --cert default --tpm_policy  '{"0": "E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93"}'

# keylime_verifier
...
2023-06-22 15:05:05.919 - keylime.verifier - INFO - IMA policy data not provided with request! Using default empty IMA policy.
2023-06-22 15:05:05.956 - keylime.verifier - INFO - Using default client_cert option for verifier
2023-06-22 15:05:05.957 - keylime.verifier - INFO - Using default client_key option for verifier
2023-06-22 15:05:05.957 - keylime.verifier - INFO - No value provided in client_key_password option for verifier, assuming the key is unencrypted
2023-06-22 15:05:05.970 - keylime.verifier - INFO - POST returning 200 response for adding agent id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
2023-06-22 15:05:06.107 - keylime.cloudverifier_common - WARNING - Non-fatal problem ocurred while attempting to evaluate agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 attribute "mb_refstate" (('the JSON object must be str, bytes or bytearray, not NoneType',)). Will just consider the value of this attribute as empty
2023-06-22 15:05:06.166 - keylime.elparsing - ERROR - Unable to parse measured boot event log. Check previous messages for a reason for error.
2023-06-22 15:05:06.296 - keylime.verifier - WARNING - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 failed, stopping polling

# RUST_LOG=keylime_agent=trace cargo run --bin keylime_agent
...
INFO  keylime_agent                  > GET invoked from "127.0.0.1" with uri /v2.1/quotes/integrity?nonce=geQWypNBOrSr7TLIGpgz&mask=0x1&partial=0&ima_ml_entry=0
 DEBUG keylime_agent::quotes_handler  > Calling Integrity Quote with nonce: geQWypNBOrSr7TLIGpgz, mask: 0x1
 INFO  keylime_agent::quotes_handler  > GET integrity quote returning 200 response
 INFO  keylime_agent                  > POST invoked from "127.0.0.1" with uri /v2.1/notifications/revocation
 INFO  keylime_agent::notifications_handler > Received revocation
 WARN  keylime_agent::revocation            > Revocation certificate not yet available

• test 2 According to [2], we could measure boot with parameter mb_refstaste. I tried the sample of [2] but keylime_verifier raise an error and rust-keylime agent is revocated.

# echo "{}" > measured_boot_reference_state.txt
# keylime_tenant -c add --cert default --mb_refstate ./measured_boot_reference_state.txt 

# keylime_verifier
...
2023-06-22 15:18:01.069 - keylime.verifier - INFO - IMA policy data not provided with request! Using default empty IMA policy.
2023-06-22 15:18:01.103 - keylime.verifier - INFO - Using default client_cert option for verifier
2023-06-22 15:18:01.103 - keylime.verifier - INFO - Using default client_key option for verifier
2023-06-22 15:18:01.103 - keylime.verifier - INFO - No value provided in client_key_password option for verifier, assuming the key is unencrypted
2023-06-22 15:18:01.116 - keylime.verifier - INFO - POST returning 200 response for adding agent id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
2023-06-22 15:18:01.304 - keylime.elparsing - ERROR - Unable to parse measured boot event log. Check previous messages for a reason for error.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #0 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #1 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #2 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #3 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #4 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #5 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #6 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #7 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #8 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #9 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #11 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #12 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #13 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #14 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.304 - keylime.tpm - WARNING - PCR #15 in quote (from agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000) not found in tpm_policy, skipping.
2023-06-22 15:18:01.458 - keylime.verifier - WARNING - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 failed, stopping polling

# RUST_LOG=keylime_agent=trace cargo run --bin keylime_agent
 INFO  keylime_agent                  > GET invoked from "127.0.0.1" with uri /v2.1/quotes/integrity?nonce=4nk83YxqlNbIXr4qJwad&mask=0xfbff&partial=0&ima_ml_entry=0
 DEBUG keylime_agent::quotes_handler  > Calling Integrity Quote with nonce: 4nk83YxqlNbIXr4qJwad, mask: 0xfbff
 INFO  keylime_agent::quotes_handler  > GET integrity quote returning 200 response
 INFO  keylime_agent                  > POST invoked from "127.0.0.1" with uri /v2.1/notifications/revocation
 INFO  keylime_agent::notifications_handler > Received revocation
 WARN  keylime_agent::revocation            > Revocation certificate not yet available

• test 3 According to [3], we can use the script create_mb_refstate to build the mb_refstate file in the previous test. I can’t do it because of the following error.

# ./keylime/scripts/create_mb_refstate /sys/kernel/security/tpm0/binary_bios_measurements measured_boot_reference_state.json
INFO:keylime.config:Reading configuration from ['/etc/keylime/logging.conf']
2023-06-22 15:14:20.991 - root - ERROR - Parsing of binary boot measurements failed with: ['{"context": "tpm2_eventlog exited with warnings", "data": "[b\'WARN: Event 16 is unexpectedly not extending either PCR 8, 9, or 14\\\\n\']"}']

# tpm2_eventlog --eventlog-version=2 /sys/kernel/security/tpm0/binary_bios_measurements
...
- EventNum: 16
  PCRIndex: 4
  EventType: EV_IPL
  DigestCount: 2
  Digests:
  - AlgorithmId: sha1
    Digest: "f61186d9798d10a8d8cc9f0f908e720497e5b084"
  - AlgorithmId: sha256
    Digest: "9f8fca4dba18ee53d5753c7662ab3cbd7136371bdca33aacdf0baa49c913e52c"
WARN: Event 16 is unexpectedly not extending either PCR 8, 9, or 14
  EventSize: 3
  Event:
    String: |-
      MBR
...

Relevant logs

Attach any relevant log files that can help to debug your issue.