From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD36CC43441 for ; Sun, 25 Nov 2018 15:19:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 775DB20865 for ; Sun, 25 Nov 2018 15:19:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 775DB20865 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-security-module-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726923AbeKZCKc (ORCPT ); Sun, 25 Nov 2018 21:10:32 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:44922 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726916AbeKZCKb (ORCPT ); Sun, 25 Nov 2018 21:10:31 -0500 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wAPFEfJe131728 for ; Sun, 25 Nov 2018 10:19:14 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 2nyn6jx8kb-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 25 Nov 2018 10:19:14 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sun, 25 Nov 2018 15:19:12 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Sun, 25 Nov 2018 15:19:07 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wAPFJ5Qj61669574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sun, 25 Nov 2018 15:19:05 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B24984C044; Sun, 25 Nov 2018 15:19:05 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 414724C040; Sun, 25 Nov 2018 15:19:02 +0000 (GMT) Received: from swastik.ibmuc.com (unknown [9.85.72.131]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Sun, 25 Nov 2018 15:19:01 +0000 (GMT) From: Nayna Jain To: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, dhowells@redhat.com, jforbes@redhat.com, seth.forshee@canonical.com, kexec@lists.infradead.org, keyrings@vger.kernel.org, vgoyal@redhat.com, ebiederm@xmission.com, mpe@ellerman.id.au, Nayna Jain Subject: [PATCH 7/7] ima: Support platform keyring for kernel appraisal Date: Sun, 25 Nov 2018 20:45:00 +0530 X-Mailer: git-send-email 2.13.6 In-Reply-To: <20181125151500.8298-1-nayna@linux.ibm.com> References: <20181125151500.8298-1-nayna@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18112515-0008-0000-0000-000002983C20 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18112515-0009-0000-0000-0000220278E9 Message-Id: <20181125151500.8298-8-nayna@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-11-25_14:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1811250071 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: On secure boot enabled systems, the bootloader verifies the kernel image and possibly the initramfs signatures based on a set of keys. A soft reboot(kexec) of the system, with the same kernel image and initramfs, requires access to the original keys to verify the signatures. This patch allows IMA-appraisal access to those original keys, now loaded on the platform keyring, needed for verifying the kernel image and initramfs signatures. Signed-off-by: Nayna Jain Reviewed-by: Mimi Zohar --- security/integrity/ima/ima_appraise.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index deec1804a00a..9c13585e7d3e 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -294,7 +294,16 @@ int ima_appraise_measurement(enum ima_hooks func, iint->ima_hash->length); if (rc == -EOPNOTSUPP) { status = INTEGRITY_UNKNOWN; - } else if (rc) { + break; + } + if (rc && func == KEXEC_KERNEL_CHECK) + rc = integrity_digsig_verify( + INTEGRITY_KEYRING_PLATFORM, + (const char *)xattr_value, + xattr_len, + iint->ima_hash->digest, + iint->ima_hash->length); + if (rc) { cause = "invalid-signature"; status = INTEGRITY_FAIL; } else { -- 2.13.6