Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Lakshmi <nramas@linux.microsoft.com>,
	Linux Integrity <linux-integrity@vger.kernel.org>,
	David Howells <dhowells@redhat.com>,
	James Morris <jamorris@linux.microsoft.com>,
	Linux Kernel <linux-kernel@vger.kernel.org>
Cc: Balaji Balasubramanyan <balajib@linux.microsoft.com>,
	Prakhar Srivastava <prsriva@linux.microsoft.com>
Subject: Re: [PATCH 0/2] public key: IMA signer logging: Log public key of IMA Signature signer in IMA log
Date: Tue, 14 May 2019 13:29:52 -0400
Message-ID: <1557854992.4139.69.camel@linux.ibm.com> (raw)
In-Reply-To: <6b69f115-96cf-890a-c92b-0b2b05798357@linux.microsoft.com>

On Tue, 2019-05-14 at 10:14 -0700, Lakshmi wrote:
> The motive behind this patch series is to measure the public key
> of the IMA signature signer in the IMA log.
> 
> The IMA signature of the file, logged using ima-sig template, contains
> the key identifier of the key that was used to generate the signature.
> But outside the client machine this key id is not sufficient to
> uniquely determine which key the signature corresponds to.
> Providing the public key of the signer in the IMA log would
> allow, for example, an attestation service to securely verify
> if the key used to generate the IMA signature is a valid and
> trusted one, and that the key has not been revoked or expired.
> 
> An attestation service would just need to maintain a list of
> valid public keys and using the data from the IMA log can attest
> the system files loaded on the client machine.
> 
> To achieve the above the patch series does the following:
>    - Adds a new method in asymmetric_key_subtype to query
>      the public key of the given key
>    - Adds a new IMA template namely "ima-sigkey" to store\read
>      the public key of the IMA signature signer. This template
>      extends the existing template "ima-sig"

Why duplicate the certificate info on each record in the measurement
list?  Why not add the certificate info once, as the key is loaded
onto the .ima and .platform keyrings?

Mimi


> 
> Lakshmi (2):
>    add support for querying public key from a given key
>    add a new template ima-sigkey to store/read the public, key of ima
>      signature signer
> 
>   .../admin-guide/kernel-parameters.txt         |  2 +-
>   Documentation/crypto/asymmetric-keys.txt      |  1 +
>   Documentation/security/IMA-templates.rst      |  5 +-
>   crypto/asymmetric_keys/public_key.c           |  7 +++
>   crypto/asymmetric_keys/signature.c            | 24 +++++++++
>   include/crypto/public_key.h                   |  1 +
>   include/keys/asymmetric-subtype.h             |  3 ++
>   security/integrity/digsig.c                   | 54 +++++++++++++++++--
>   security/integrity/digsig_asymmetric.c        | 44 +++++++++++++++
>   security/integrity/ima/Kconfig                |  3 ++
>   security/integrity/ima/ima_template.c         |  3 ++
>   security/integrity/ima/ima_template_lib.c     | 43 +++++++++++++++
>   security/integrity/ima/ima_template_lib.h     |  4 ++
>   security/integrity/integrity.h                | 29 +++++++++-
>   14 files changed, 216 insertions(+), 7 deletions(-)
> 


  reply index

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-14 17:14 Lakshmi
2019-05-14 17:29 ` Mimi Zohar [this message]
2019-05-15 18:17   ` Lakshmi
2019-05-16 22:45     ` Mimi Zohar
2019-05-16 14:34 ` Ken Goldman
2019-05-17  1:29   ` Lakshmi
2019-05-17 14:41     ` Ken Goldman
2019-05-20 23:15       ` Lakshmi
2019-05-22 18:57         ` Ken Goldman
2019-05-22 19:37           ` Lakshmi

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1557854992.4139.69.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=balajib@linux.microsoft.com \
    --cc=dhowells@redhat.com \
    --cc=jamorris@linux.microsoft.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nramas@linux.microsoft.com \
    --cc=prsriva@linux.microsoft.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox