ima_tpm_chip is queried and saved only at IMA init, but never later

ima_tpm_chip is queried and saved only at IMA init, but never later

[Lakshmi Ramasubramanian]

When IMA is initialized the default TPM is queried and saved.
If at this point a TPM wasn't available, but is detected and surfaced 
later by the system, IMA doesn't update the TPM information.

security/integrity/ima/ima_init.c
int __init ima_init(void)
{
	int rc;

	ima_tpm_chip = tpm_default_chip();
	if (!ima_tpm_chip)
		pr_info("No TPM chip found, activating TPM-bypass!\n");
	...
}

TPM PCR update function in IMA is essentially a NOP if TPM wasn't 
detected during IMA init.

security/integrity/ima/ima_queue.c
static int ima_pcr_extend(const u8 *hash, int pcr)
{
	int result = 0;

	if (!ima_tpm_chip)
		return result;
	...
}

In one configuration I am testing, I see the TPM appear post IMA Init. 
Likely this is rare, but I was wondering if there was a reason why TPM 
information is only queried during IMA init, but never updated at a 
later point.

Thanks,
  -lakshmi

Re: ima_tpm_chip is queried and saved only at IMA init, but never later

[James Bottomley]

On Tue, 2019-09-24 at 15:31 -0700, Lakshmi Ramasubramanian wrote:
[...]
> In one configuration I am testing, I see the TPM appear post IMA
> Init. Likely this is rare, but I was wondering if there was a reason
> why TPM  information is only queried during IMA init, but never
> updated at a later point.

IMA involves a chain of custody attested through the TPM.  If the TPM
isn't present on IMA init then that custody chain is broken and the
measurements can't be relied upon.  For this reason to use the TPM, it
must be present when IMA is initialized ... so the drivers all need
building in to the kernel.

There has been some discussion that we could, for UEFI systems, use the
UEFI runtime drivers for the TPM until the actual driver is inserted
but no-one's looked into doing that.

James

Re: ima_tpm_chip is queried and saved only at IMA init, but never later

[Lakshmi Ramasubramanian]

On 9/24/19 3:37 PM, James Bottomley wrote:
> On Tue, 2019-09-24 at 15:31 -0700, Lakshmi Ramasubramanian wrote:
> 
> There has been some discussion that we could, for UEFI systems, use the
> UEFI runtime drivers for the TPM until the actual driver is inserted
> but no-one's looked into doing that.
> 
> James

Can IMA take a dependency on TPM and postpone IMA initialization until a 
TPM device shows up?

Has anyone looked into this?

Thanks,
  -lakshmi

Re: ima_tpm_chip is queried and saved only at IMA init, but never later

[Mimi Zohar]

On Thu, 2019-10-03 at 08:40 -0700, Lakshmi Ramasubramanian wrote:
> On 9/24/19 3:37 PM, James Bottomley wrote:
> > On Tue, 2019-09-24 at 15:31 -0700, Lakshmi Ramasubramanian wrote:
> > 
> > There has been some discussion that we could, for UEFI systems, use the
> > UEFI runtime drivers for the TPM until the actual driver is inserted
> > but no-one's looked into doing that.
> > 
> > James
> 
> Can IMA take a dependency on TPM and postpone IMA initialization until a 
> TPM device shows up?

IMA is already on the late_initcall(), waiting for the TPM
initialization to complete.  How would you define a TPM dependency?

Mimi

> 
> Has anyone looked into this?
> 
> Thanks,
>   -lakshmi
> 
> 

Re: ima_tpm_chip is queried and saved only at IMA init, but never later

[James Bottomley]

On Thu, 2019-10-03 at 08:40 -0700, Lakshmi Ramasubramanian wrote:
> On 9/24/19 3:37 PM, James Bottomley wrote:
> > On Tue, 2019-09-24 at 15:31 -0700, Lakshmi Ramasubramanian wrote:
> > 
> > There has been some discussion that we could, for UEFI systems, use
> > the
> > UEFI runtime drivers for the TPM until the actual driver is
> > inserted
> > but no-one's looked into doing that.
> > 
> > James
> 
> Can IMA take a dependency on TPM and postpone IMA initialization
> until a TPM device shows up?

I don't believe we can postpone IMA initialization because it has to
start before any user space execution so it logs everything correctly
and the measurement chain is unbroken.

There are potentially two ways of fixing the IMA before TPM is ready
problem: one is to use the TPM BIOS device ... or really the UEFI
device since getting non-UEFI to measure external things is very non-
standard. And the other is to cache all the measurements and then
replay them through the TPM when it shows up.

> Has anyone looked into this?

I don't believe anyone has, no.

James

Re: ima_tpm_chip is queried and saved only at IMA init, but never later

[Lakshmi Ramasubramanian]

On 10/3/19 8:49 AM, Mimi Zohar wrote:
>> Can IMA take a dependency on TPM and postpone IMA initialization until a
>> TPM device shows up?
> 
> IMA is already on the late_initcall(), waiting for the TPM
> initialization to complete.  

> How would you define a TPM dependency?
I meant - can IMA return a status code from it's init routine such that 
it gets called back when a TPM device shows up. And, at that point 
continue the initialization.

Similar to how a driver for Device A would indicate it's dependency on 
the availability of a Device B. I am not sure if such a thing is 
possible with IMA.

Thanks,
  -lakshmi