From: Thiago Jung Bauermann <bauerman@linux.ibm.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jessica Yu <jeyu@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Jonathan Corbet <corbet@lwn.net>, "AKASHI\,
Takahiro" <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v10 11/12] ima: Define ima-modsig template
Date: Tue, 28 May 2019 16:09:55 -0300 [thread overview]
Message-ID: <874l5e75vg.fsf@morokweng.localdomain> (raw)
In-Reply-To: <1557442889.10635.88.camel@linux.ibm.com>
Mimi Zohar <zohar@linux.ibm.com> writes:
> On Thu, 2019-04-18 at 00:51 -0300, Thiago Jung Bauermann wrote:
>> Define new "d-modsig" template field which holds the digest that is
>> expected to match the one contained in the modsig, and also new "modsig"
>> template field which holds the appended file signature.
>>
>> Add a new "ima-modsig" defined template descriptor with the new fields as
>> well as the ones from the "ima-sig" descriptor.
>>
>> Change ima_store_measurement() to accept a struct modsig * argument so that
>> it can be passed along to the templates via struct ima_event_data.
>>
>> Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
>> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
>
> Thanks, Roberto. Just some thoughts inline below.
>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Thanks!
>> +/*
>> + * Validating the appended signature included in the measurement list requires
>> + * the file hash calculated without the appended signature (i.e., the 'd-modsig'
>> + * field). Therefore, notify the user if they have the 'modsig' field but not
>> + * the 'd-modsig' field in the template.
>> + */
>> +static void check_current_template_modsig(void)
>> +{
>> +#define MSG "template with 'modsig' field also needs 'd-modsig' field\n"
>> + struct ima_template_desc *template;
>> + bool has_modsig, has_dmodsig;
>> + static bool checked;
>> + int i;
>> +
>> + /* We only need to notify the user once. */
>> + if (checked)
>> + return;
>> +
>> + has_modsig = has_dmodsig = false;
>> + template = ima_template_desc_current();
>> + for (i = 0; i < template->num_fields; i++) {
>> + if (!strcmp(template->fields[i]->field_id, "modsig"))
>> + has_modsig = true;
>> + else if (!strcmp(template->fields[i]->field_id, "d-modsig"))
>> + has_dmodsig = true;
>> + }
>> +
>> + if (has_modsig && !has_dmodsig)
>> + pr_notice(MSG);
>> +
>> + checked = true;
>> +#undef MSG
>> +}
>> +
>
> There was some recent discussion about supporting per IMA policy rule
> template formats. This feature will allow just the kexec kernel image
> to require ima-modsig. When per policy rule template formats support
> is upstreamed, this function will need to be updated.
Indeed. Thanks for the clarification. For the next iteration I rebased
on top of Matthew Garret's "IMA: Allow profiles to define the desired
IMA template" patch. I'm currently adapting this check accordingly.
>> @@ -389,3 +425,25 @@ int ima_eventsig_init(struct ima_event_data *event_data,
>> return ima_write_template_field_data(xattr_value, event_data->xattr_len,
>> DATA_FMT_HEX, field_data);
>> }
>> +
>> +int ima_eventmodsig_init(struct ima_event_data *event_data,
>> + struct ima_field_data *field_data)
>> +{
>> + const void *data;
>> + u32 data_len;
>> + int rc;
>> +
>> + if (!event_data->modsig)
>> + return 0;
>> +
>> + /*
>> + * The xattr_value for IMA_MODSIG is a runtime structure containing
>> + * pointers. Get its raw data instead.
>> + */
>
> "xattr_value"? The comment needs some clarification.
Oops, forgot to update this comment. This is the new version:
/*
* modsig is a runtime structure containing pointers. Get its raw data
* instead.
*/
--
Thiago Jung Bauermann
IBM Linux Technology Center
WARNING: multiple messages have this Message-ID (diff)
From: Thiago Jung Bauermann <bauerman@linux.ibm.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jessica Yu <jeyu@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Jonathan Corbet <corbet@lwn.net>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v10 11/12] ima: Define ima-modsig template
Date: Tue, 28 May 2019 19:09:55 +0000 [thread overview]
Message-ID: <874l5e75vg.fsf@morokweng.localdomain> (raw)
In-Reply-To: <1557442889.10635.88.camel@linux.ibm.com>
Mimi Zohar <zohar@linux.ibm.com> writes:
> On Thu, 2019-04-18 at 00:51 -0300, Thiago Jung Bauermann wrote:
>> Define new "d-modsig" template field which holds the digest that is
>> expected to match the one contained in the modsig, and also new "modsig"
>> template field which holds the appended file signature.
>>
>> Add a new "ima-modsig" defined template descriptor with the new fields as
>> well as the ones from the "ima-sig" descriptor.
>>
>> Change ima_store_measurement() to accept a struct modsig * argument so that
>> it can be passed along to the templates via struct ima_event_data.
>>
>> Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
>> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
>
> Thanks, Roberto. Just some thoughts inline below.
>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Thanks!
>> +/*
>> + * Validating the appended signature included in the measurement list requires
>> + * the file hash calculated without the appended signature (i.e., the 'd-modsig'
>> + * field). Therefore, notify the user if they have the 'modsig' field but not
>> + * the 'd-modsig' field in the template.
>> + */
>> +static void check_current_template_modsig(void)
>> +{
>> +#define MSG "template with 'modsig' field also needs 'd-modsig' field\n"
>> + struct ima_template_desc *template;
>> + bool has_modsig, has_dmodsig;
>> + static bool checked;
>> + int i;
>> +
>> + /* We only need to notify the user once. */
>> + if (checked)
>> + return;
>> +
>> + has_modsig = has_dmodsig = false;
>> + template = ima_template_desc_current();
>> + for (i = 0; i < template->num_fields; i++) {
>> + if (!strcmp(template->fields[i]->field_id, "modsig"))
>> + has_modsig = true;
>> + else if (!strcmp(template->fields[i]->field_id, "d-modsig"))
>> + has_dmodsig = true;
>> + }
>> +
>> + if (has_modsig && !has_dmodsig)
>> + pr_notice(MSG);
>> +
>> + checked = true;
>> +#undef MSG
>> +}
>> +
>
> There was some recent discussion about supporting per IMA policy rule
> template formats. This feature will allow just the kexec kernel image
> to require ima-modsig. When per policy rule template formats support
> is upstreamed, this function will need to be updated.
Indeed. Thanks for the clarification. For the next iteration I rebased
on top of Matthew Garret's "IMA: Allow profiles to define the desired
IMA template" patch. I'm currently adapting this check accordingly.
>> @@ -389,3 +425,25 @@ int ima_eventsig_init(struct ima_event_data *event_data,
>> return ima_write_template_field_data(xattr_value, event_data->xattr_len,
>> DATA_FMT_HEX, field_data);
>> }
>> +
>> +int ima_eventmodsig_init(struct ima_event_data *event_data,
>> + struct ima_field_data *field_data)
>> +{
>> + const void *data;
>> + u32 data_len;
>> + int rc;
>> +
>> + if (!event_data->modsig)
>> + return 0;
>> +
>> + /*
>> + * The xattr_value for IMA_MODSIG is a runtime structure containing
>> + * pointers. Get its raw data instead.
>> + */
>
> "xattr_value"? The comment needs some clarification.
Oops, forgot to update this comment. This is the new version:
/*
* modsig is a runtime structure containing pointers. Get its raw data
* instead.
*/
--
Thiago Jung Bauermann
IBM Linux Technology Center
WARNING: multiple messages have this Message-ID (diff)
From: Thiago Jung Bauermann <bauerman@linux.ibm.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-doc@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Jonathan Corbet <corbet@lwn.net>,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
David Howells <dhowells@redhat.com>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, Jessica Yu <jeyu@kernel.org>,
linux-integrity@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
David Woodhouse <dwmw2@infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH v10 11/12] ima: Define ima-modsig template
Date: Tue, 28 May 2019 16:09:55 -0300 [thread overview]
Message-ID: <874l5e75vg.fsf@morokweng.localdomain> (raw)
In-Reply-To: <1557442889.10635.88.camel@linux.ibm.com>
Mimi Zohar <zohar@linux.ibm.com> writes:
> On Thu, 2019-04-18 at 00:51 -0300, Thiago Jung Bauermann wrote:
>> Define new "d-modsig" template field which holds the digest that is
>> expected to match the one contained in the modsig, and also new "modsig"
>> template field which holds the appended file signature.
>>
>> Add a new "ima-modsig" defined template descriptor with the new fields as
>> well as the ones from the "ima-sig" descriptor.
>>
>> Change ima_store_measurement() to accept a struct modsig * argument so that
>> it can be passed along to the templates via struct ima_event_data.
>>
>> Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
>> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
>
> Thanks, Roberto. Just some thoughts inline below.
>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Thanks!
>> +/*
>> + * Validating the appended signature included in the measurement list requires
>> + * the file hash calculated without the appended signature (i.e., the 'd-modsig'
>> + * field). Therefore, notify the user if they have the 'modsig' field but not
>> + * the 'd-modsig' field in the template.
>> + */
>> +static void check_current_template_modsig(void)
>> +{
>> +#define MSG "template with 'modsig' field also needs 'd-modsig' field\n"
>> + struct ima_template_desc *template;
>> + bool has_modsig, has_dmodsig;
>> + static bool checked;
>> + int i;
>> +
>> + /* We only need to notify the user once. */
>> + if (checked)
>> + return;
>> +
>> + has_modsig = has_dmodsig = false;
>> + template = ima_template_desc_current();
>> + for (i = 0; i < template->num_fields; i++) {
>> + if (!strcmp(template->fields[i]->field_id, "modsig"))
>> + has_modsig = true;
>> + else if (!strcmp(template->fields[i]->field_id, "d-modsig"))
>> + has_dmodsig = true;
>> + }
>> +
>> + if (has_modsig && !has_dmodsig)
>> + pr_notice(MSG);
>> +
>> + checked = true;
>> +#undef MSG
>> +}
>> +
>
> There was some recent discussion about supporting per IMA policy rule
> template formats. This feature will allow just the kexec kernel image
> to require ima-modsig. When per policy rule template formats support
> is upstreamed, this function will need to be updated.
Indeed. Thanks for the clarification. For the next iteration I rebased
on top of Matthew Garret's "IMA: Allow profiles to define the desired
IMA template" patch. I'm currently adapting this check accordingly.
>> @@ -389,3 +425,25 @@ int ima_eventsig_init(struct ima_event_data *event_data,
>> return ima_write_template_field_data(xattr_value, event_data->xattr_len,
>> DATA_FMT_HEX, field_data);
>> }
>> +
>> +int ima_eventmodsig_init(struct ima_event_data *event_data,
>> + struct ima_field_data *field_data)
>> +{
>> + const void *data;
>> + u32 data_len;
>> + int rc;
>> +
>> + if (!event_data->modsig)
>> + return 0;
>> +
>> + /*
>> + * The xattr_value for IMA_MODSIG is a runtime structure containing
>> + * pointers. Get its raw data instead.
>> + */
>
> "xattr_value"? The comment needs some clarification.
Oops, forgot to update this comment. This is the new version:
/*
* modsig is a runtime structure containing pointers. Get its raw data
* instead.
*/
--
Thiago Jung Bauermann
IBM Linux Technology Center
next prev parent reply other threads:[~2019-05-28 19:10 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 3:51 [PATCH v10 00/12] Appended signatures support for IMA appraisal Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 01/12] MODSIGN: Export module signature definitions Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-28 19:03 ` Thiago Jung Bauermann
2019-05-28 19:03 ` Thiago Jung Bauermann
2019-05-28 19:03 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 02/12] PKCS#7: Refactor verify_pkcs7_signature() Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 03/12] PKCS#7: Introduce pkcs7_get_digest() Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-05-09 15:42 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 04/12] integrity: Introduce struct evm_xattr Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 05/12] integrity: Select CONFIG_KEYS instead of depending on it Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 06/12] ima: Use designated initializers for struct ima_event_data Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:46 ` Mimi Zohar
2019-05-09 15:46 ` Mimi Zohar
2019-05-09 15:46 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 07/12] ima: Add modsig appraise_type option for module-style appended signatures Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 08/12] ima: Factor xattr_verify() out of ima_appraise_measurement() Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 15:53 ` Mimi Zohar
2019-05-09 15:53 ` Mimi Zohar
2019-05-09 15:53 ` Mimi Zohar
2019-04-18 3:51 ` [PATCH v10 09/12] ima: Implement support for module-style appended signatures Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-28 19:23 ` Thiago Jung Bauermann
2019-05-28 19:23 ` Thiago Jung Bauermann
2019-05-28 19:23 ` Thiago Jung Bauermann
2019-05-28 20:06 ` Mimi Zohar
2019-05-28 20:06 ` Mimi Zohar
2019-05-28 20:06 ` Mimi Zohar
2019-05-14 12:09 ` Mimi Zohar
2019-05-14 12:09 ` Mimi Zohar
2019-05-14 12:09 ` Mimi Zohar
2019-05-28 19:27 ` Thiago Jung Bauermann
2019-05-28 19:27 ` Thiago Jung Bauermann
2019-05-28 19:27 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 10/12] ima: Collect modsig Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 11/12] ima: Define ima-modsig template Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-09 23:01 ` Mimi Zohar
2019-05-28 19:09 ` Thiago Jung Bauermann [this message]
2019-05-28 19:09 ` Thiago Jung Bauermann
2019-05-28 19:09 ` Thiago Jung Bauermann
2019-04-18 3:51 ` [PATCH v10 12/12] ima: Store the measurement again when appraising a modsig Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-04-18 3:51 ` Thiago Jung Bauermann
2019-05-28 14:09 ` Mimi Zohar
2019-05-28 14:09 ` Mimi Zohar
2019-05-28 14:09 ` Mimi Zohar
2019-05-28 19:14 ` Thiago Jung Bauermann
2019-05-28 19:14 ` Thiago Jung Bauermann
2019-05-28 19:14 ` Thiago Jung Bauermann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874l5e75vg.fsf@morokweng.localdomain \
--to=bauerman@linux.ibm.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=jeyu@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=serge@hallyn.com \
--cc=takahiro.akashi@linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.