From: "Lev R. Oshvang ." <levonshe@gmail.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Stephen Smalley <stephen.smalley@gmail.com>,
Tushar Sugandhi <tusharsu@linux.microsoft.com>,
linux-integrity@vger.kernel.org,
LSM List <linux-security-module@vger.kernel.org>,
SELinux <selinux@vger.kernel.org>,
dm-devel@redhat.com, James Morris <jmorris@namei.org>,
chpebeni@linux.microsoft.com, nramas@linux.microsoft.com,
balajib@microsoft.com, sashal@kernel.org, suredd@microsoft.com
Subject: Re: [RFC] IMA: New IMA measurements for dm-crypt and selinux
Date: Tue, 14 Apr 2020 13:06:34 +0300 [thread overview]
Message-ID: <CAP22eLGBxy7_Q8dMoJTjBsrhveqhfh7nibzBCqrtWKhXzY74fQ@mail.gmail.com> (raw)
In-Reply-To: <1586826679.7311.174.camel@linux.ibm.com>
On Tue, Apr 14, 2020 at 4:11 AM Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> On Sun, 2020-04-12 at 11:15 +0300, Lev R. Oshvang . wrote:
> > On Sat, Apr 11, 2020 at 10:07 PM Stephen Smalley
> > It sees to me that LKRG (kernel run time guard) takes the role of
> > measuring kernel structures. Perhaps you need to consult with LKRG
> > guys.
>
> There definitely sounds like there is some overlap. LKRG seems to be
> measuring kernel structures for enforcing local integrity. In the
> context of IMA, measurements are included in the IMA measurement list
> and used to extend a TPM PCR so that it can be quoted.
>
> A generic method for measuring structures and including them in the
> IMA measurement list sounds interesting.
>
> Mimi
>
I frankly do not understand the threat model.
Secure boot or TPM provides trust in encryption/decryption keys
dm-crypt/dm-verify use.
When dm-verify discovers that the disk image is modified it will just
do not allow the system to work ( mount roots, etc).
So imagine that adversary took control of TPM and changed the keys
dm-verify work with in order to sign malicious content on disk. In
this case, remote attestation should alert of compromised TPM, no
matter whether dmvery keys or other keys were forged.
SELinux is another story and I think a run-time check of SElinux
structures fits well into LKRG. IMA only provide guarantees that
SELinux (or any other LSM) control files and attributes were intact.
next prev parent reply other threads:[~2020-04-14 10:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 10:19 [RFC] IMA: New IMA measurements for dm-crypt and selinux Tushar Sugandhi
2020-04-08 16:28 ` Milan Broz
2020-04-17 0:46 ` Tushar Sugandhi
2020-04-08 16:34 ` Casey Schaufler
2020-04-17 0:49 ` Tushar Sugandhi
2020-04-11 19:05 ` Stephen Smalley
2020-04-12 8:15 ` Lev R. Oshvang .
2020-04-14 1:11 ` Mimi Zohar
2020-04-14 10:06 ` Lev R. Oshvang . [this message]
2020-04-17 0:53 ` Tushar Sugandhi
2020-04-17 0:52 ` Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAP22eLGBxy7_Q8dMoJTjBsrhveqhfh7nibzBCqrtWKhXzY74fQ@mail.gmail.com \
--to=levonshe@gmail.com \
--cc=balajib@microsoft.com \
--cc=chpebeni@linux.microsoft.com \
--cc=dm-devel@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley@gmail.com \
--cc=suredd@microsoft.com \
--cc=tusharsu@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).