From: Roberto Sassu <roberto.sassu@huawei.com>
To: <zohar@linux.ibm.com>, <mjg59@google.com>
Cc: <linux-integrity@vger.kernel.org>,
<linux-security-module@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <silviu.vlasceanu@huawei.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
<stable@vger.kernel.org>
Subject: [PATCH v2 06/12] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded
Date: Fri, 4 Sep 2020 11:26:37 +0200 [thread overview]
Message-ID: <20200904092643.20013-2-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20200904092339.19598-1-roberto.sassu@huawei.com>
EVM_ALLOW_METADATA_WRITES is an EVM initialization flag that can be set to
temporarily disable metadata verification until all xattrs/attrs necessary
to verify an EVM portable signature are copied to the file. This flag is
cleared when EVM is initialized with an HMAC key, to avoid that the HMAC is
calculated on unverified xattrs/attrs.
Currently EVM unnecessarily denies setting this flag if EVM is initialized
with public key, which is not a concern as it cannot be used to trust
xattrs/attrs updates. This patch removes this limitation.
Cc: stable@vger.kernel.org # 4.16.x
Fixes: ae1ba1676b88e ("EVM: Allow userland to permit modification of EVM-protected metadata")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
Documentation/ABI/testing/evm | 6 ++++--
security/integrity/evm/evm_secfs.c | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/Documentation/ABI/testing/evm b/Documentation/ABI/testing/evm
index 201d10319fa1..cbb50ab09c78 100644
--- a/Documentation/ABI/testing/evm
+++ b/Documentation/ABI/testing/evm
@@ -42,8 +42,10 @@ Description:
modification of EVM-protected metadata and
disable all further modification of policy
- Note that once a key has been loaded, it will no longer be
- possible to enable metadata modification.
+ Note that once HMAC validation and creation is enabled,
+ it will no longer be possible to enable metadata modification
+ and if metadata modification is already enabled, it will be
+ disabled.
Until key loading has been signaled EVM can not create
or validate the 'security.evm' xattr, but returns
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index cfc3075769bb..92fe26ace797 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -84,7 +84,7 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
* keys are loaded.
*/
if ((i & EVM_ALLOW_METADATA_WRITES) &&
- ((evm_initialized & EVM_KEY_MASK) != 0) &&
+ ((evm_initialized & EVM_INIT_HMAC) != 0) &&
!(evm_initialized & EVM_ALLOW_METADATA_WRITES))
return -EPERM;
--
2.27.GIT
next prev parent reply other threads:[~2020-09-04 9:30 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 9:23 [PATCH v2 00/12] IMA/EVM fixes Roberto Sassu
2020-09-04 9:23 ` [PATCH v2 01/12] ima: Don't ignore errors from crypto_shash_update() Roberto Sassu
2020-09-07 15:03 ` Sasha Levin
2020-09-04 9:23 ` [PATCH v2 02/12] ima: Remove semicolon at the end of ima_get_binary_runtime_size() Roberto Sassu
2020-09-04 9:23 ` [PATCH v2 03/12] evm: Check size of security.evm before using it Roberto Sassu
2020-09-04 9:23 ` [PATCH v2 04/12] evm: Execute evm_inode_init_security() only when the HMAC key is loaded Roberto Sassu
2020-09-07 15:03 ` Sasha Levin
2020-09-16 16:15 ` Mimi Zohar
2020-09-04 9:26 ` [PATCH v2 05/12] evm: Load EVM key in ima_load_x509() to avoid appraisal Roberto Sassu
2020-09-04 9:26 ` Roberto Sassu [this message]
2020-09-04 9:26 ` [PATCH v2 07/12] evm: Introduce EVM_RESET_STATUS atomic flag Roberto Sassu
2020-09-17 12:01 ` Mimi Zohar
2020-09-17 17:36 ` Roberto Sassu
2020-09-17 17:47 ` Mimi Zohar
2020-09-04 9:26 ` [PATCH v2 08/12] evm: Allow xattr/attr operations for portable signatures if check fails Roberto Sassu
2020-09-17 12:32 ` Mimi Zohar
2020-09-04 9:26 ` [PATCH v2 09/12] evm: Allow setxattr() and setattr() if metadata digest won't change Roberto Sassu
2020-09-17 13:15 ` Mimi Zohar
2020-09-04 9:26 ` [PATCH v2 10/12] ima: Allow imasig requirement to be satisfied by EVM portable signatures Roberto Sassu
2020-09-04 9:26 ` [PATCH v2 11/12] ima: Introduce template field evmsig and write to field sig as fallback Roberto Sassu
2020-09-17 14:25 ` Mimi Zohar
2020-09-17 15:05 ` Roberto Sassu
2020-09-17 15:55 ` Mimi Zohar
2020-09-04 9:26 ` [PATCH v2 12/12] ima: Don't remove security.ima if file must not be appraised Roberto Sassu
2020-09-16 16:14 ` [PATCH v2 00/12] IMA/EVM fixes Mimi Zohar
2020-09-17 14:33 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200904092643.20013-2-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@google.com \
--cc=silviu.vlasceanu@huawei.com \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.