All of lore.kernel.org
 help / color / mirror / Atom feed
From: Thore Sommer <public@thson.de>
To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com,
	nramas@linux.microsoft.com
Cc: linux-integrity@vger.kernel.org, Thore Sommer <public@thson.de>
Subject: [PATCH 0/3] dm ima: allow targets to remeasure their state
Date: Fri, 20 May 2022 16:26:02 +0200	[thread overview]
Message-ID: <20220520142605.270625-1-public@thson.de> (raw)

The existing device mapper IMA measurements only measure the table content
on target creation. This is fine for targets that do not change their table
during runtime, but some targets like verity use the table to display state
changes. Those changes are not visible through the existing device mapper
integration.

A new DM event "dm_target_update" is introduced for targets to remeasure
their table entry. This event is intended to be used by targets that change
their table entries to indicate potential security relevant information.
This allows for a more complete Remote Attestation of device mapper
targets.

One example use case is to verify the with verity protected root filesystem
using Remote Attestation via IMA. This was not possible before because the
corruption is only detected during runtime and not when the table is
loaded.

Keylime [1] has experimental support for validating this event, but it has
to be enabled manually.

Changes since RFC patch set [2]:
 - Added suggested changes from Lakshmi
 - rewrote target index calculation and removed unnecessary NULL check
 - rewrote verity integration to be more readable
 - Added more detailed description to the single commit messages


[1] https://keylime.dev/
[2] https://lore.kernel.org/linux-integrity/20220106203436.281629-1-public@thson.de/T/


Thore Sommer (3):
  dm ima: allow targets to remeasure their table entry
  dm verity: add support for IMA target update event
  dm ima: add documentation target update event

 .../admin-guide/device-mapper/dm-ima.rst      | 33 +++++++++
 drivers/md/dm-ima.c                           | 70 +++++++++++++++++++
 drivers/md/dm-ima.h                           |  2 +
 drivers/md/dm-verity-target.c                 | 10 ++-
 4 files changed, 113 insertions(+), 2 deletions(-)

-- 
2.36.0


WARNING: multiple messages have this Message-ID (diff)
From: Thore Sommer <public@thson.de>
To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com,
	nramas@linux.microsoft.com
Cc: linux-integrity@vger.kernel.org, Thore Sommer <public@thson.de>
Subject: [dm-devel] [PATCH 0/3] dm ima: allow targets to remeasure their state
Date: Fri, 20 May 2022 16:26:02 +0200	[thread overview]
Message-ID: <20220520142605.270625-1-public@thson.de> (raw)

The existing device mapper IMA measurements only measure the table content
on target creation. This is fine for targets that do not change their table
during runtime, but some targets like verity use the table to display state
changes. Those changes are not visible through the existing device mapper
integration.

A new DM event "dm_target_update" is introduced for targets to remeasure
their table entry. This event is intended to be used by targets that change
their table entries to indicate potential security relevant information.
This allows for a more complete Remote Attestation of device mapper
targets.

One example use case is to verify the with verity protected root filesystem
using Remote Attestation via IMA. This was not possible before because the
corruption is only detected during runtime and not when the table is
loaded.

Keylime [1] has experimental support for validating this event, but it has
to be enabled manually.

Changes since RFC patch set [2]:
 - Added suggested changes from Lakshmi
 - rewrote target index calculation and removed unnecessary NULL check
 - rewrote verity integration to be more readable
 - Added more detailed description to the single commit messages


[1] https://keylime.dev/
[2] https://lore.kernel.org/linux-integrity/20220106203436.281629-1-public@thson.de/T/


Thore Sommer (3):
  dm ima: allow targets to remeasure their table entry
  dm verity: add support for IMA target update event
  dm ima: add documentation target update event

 .../admin-guide/device-mapper/dm-ima.rst      | 33 +++++++++
 drivers/md/dm-ima.c                           | 70 +++++++++++++++++++
 drivers/md/dm-ima.h                           |  2 +
 drivers/md/dm-verity-target.c                 | 10 ++-
 4 files changed, 113 insertions(+), 2 deletions(-)

-- 
2.36.0

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel


             reply	other threads:[~2022-05-20 14:26 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-20 14:26 Thore Sommer [this message]
2022-05-20 14:26 ` [dm-devel] [PATCH 0/3] dm ima: allow targets to remeasure their state Thore Sommer
2022-05-20 14:26 ` [PATCH 1/3] dm ima: allow targets to remeasure their table entry Thore Sommer
2022-05-20 14:26   ` [dm-devel] " Thore Sommer
2022-05-20 14:26 ` [PATCH 2/3] dm verity: add support for IMA target update event Thore Sommer
2022-05-20 14:26   ` [dm-devel] " Thore Sommer
2022-05-20 14:26 ` [PATCH 3/3] dm ima: add documentation " Thore Sommer
2022-05-20 14:26   ` [dm-devel] " Thore Sommer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220520142605.270625-1-public@thson.de \
    --to=public@thson.de \
    --cc=agk@redhat.com \
    --cc=dm-devel@redhat.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=nramas@linux.microsoft.com \
    --cc=snitzer@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.