From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 902ACC433DF for ; Fri, 5 Jun 2020 23:19:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 76D38207DF for ; Fri, 5 Jun 2020 23:19:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728486AbgFEXTw (ORCPT ); Fri, 5 Jun 2020 19:19:52 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:23836 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728290AbgFEXTv (ORCPT ); Fri, 5 Jun 2020 19:19:51 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 055N3J5A157074; Fri, 5 Jun 2020 19:19:35 -0400 Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 31fgkmkmgs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 05 Jun 2020 19:19:34 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 055NBBuw014932; Fri, 5 Jun 2020 23:19:32 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma03ams.nl.ibm.com with ESMTP id 31bf4852fc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 05 Jun 2020 23:19:32 +0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 055NJUeN51970228 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 5 Jun 2020 23:19:30 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1E6E44C046; Fri, 5 Jun 2020 23:19:30 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 52A8A4C050; Fri, 5 Jun 2020 23:19:27 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.234.64]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 5 Jun 2020 23:19:27 +0000 (GMT) Message-ID: <1591399166.4615.37.camel@linux.ibm.com> Subject: Re: [PATCH v6 8/8] ima: add FIRMWARE_PARTIAL_READ support From: Mimi Zohar To: Scott Branden , Luis Chamberlain , Greg Kroah-Hartman , David Brown , Alexander Viro , Shuah Khan , bjorn.andersson@linaro.org, Shuah Khan , Arnd Bergmann Cc: "Rafael J . Wysocki" , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-fsdevel@vger.kernel.org, BCM Kernel Feedback , Olof Johansson , Andrew Morton , Dan Carpenter , Colin Ian King , Kees Cook , Takashi Iwai , linux-kselftest@vger.kernel.org, Andy Gross , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Date: Fri, 05 Jun 2020 19:19:26 -0400 In-Reply-To: <20200605225959.12424-9-scott.branden@broadcom.com> References: <20200605225959.12424-1-scott.branden@broadcom.com> <20200605225959.12424-9-scott.branden@broadcom.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216,18.0.687 definitions=2020-06-05_07:2020-06-04,2020-06-05 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 clxscore=1011 mlxlogscore=999 priorityscore=1501 bulkscore=0 cotscore=-2147483648 malwarescore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 suspectscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006050170 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Hi Scott, On Fri, 2020-06-05 at 15:59 -0700, Scott Branden wrote: > > @@ -648,6 +667,9 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, > enum ima_hooks func; > u32 secid; > > + if (!file && read_id == READING_FIRMWARE_PARTIAL_READ) > + return 0; The file should be measured on the pre security hook, not here on the post security hook.  Here, whether "file" is defined or not, is irrelevant.  The test should just check "read_id". Have you tested measuring the firmware by booting a system with "ima_policy=tcb" specified on the boot command line and compared the measurement entry in the IMA measurement list with the file hash (eg. sha1sum, sha256sum)? Mimi > + > if (!file && read_id == READING_FIRMWARE) { > if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && > (ima_appraise & IMA_APPRAISE_ENFORCE)) {