From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757751AbdDRUSJ (ORCPT ); Tue, 18 Apr 2017 16:18:09 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:38202 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1757587AbdDRUSE (ORCPT ); Tue, 18 Apr 2017 16:18:04 -0400 From: Thiago Jung Bauermann To: linux-security-module@vger.kernel.org Cc: linux-ima-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Mimi Zohar , Dmitry Kasatkin , David Howells , Herbert Xu , "David S. Miller" , Claudio Carvalho , Thiago Jung Bauermann Subject: [PATCH 0/6] Appended signatures support for IMA appraisal Date: Tue, 18 Apr 2017 17:17:40 -0300 X-Mailer: git-send-email 2.7.4 X-TM-AS-MML: disable x-cbid: 17041820-0024-0000-0000-0000016AF58E X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17041820-0025-0000-0000-00001632133E Message-Id: <1492546666-16615-1-git-send-email-bauerman@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-04-18_17:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1704180158 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On the OpenPOWER platform, secure boot and trusted boot are being implemented using IMA for taking measurements and verifying signatures. Since the kernel image on Power servers is an ELF binary, kernels are signed using the scripts/sign-file tool and thus use the same signature format as signed kernel modules. This patch series adds support in IMA for verifying those signatures. It adds flexibility to OpenPOWER secure boot, because it can boot kernels with the signature appended to them as well as kernels where the signature is stored in the IMA extended attribute. The first four patches are cleanups and improvements that can be taken independently from the others (and from each other as well). The last two are the ones actually focused on this feature. These patches apply on top of today's linux-security/next. Thiago Jung Bauermann (6): integrity: Small code improvements ima: Tidy up constant strings ima: Simplify policy_func_show. ima: Log the same audit cause whenever a file has no signature MODSIGN: Export module signature definitions. ima: Support appended signatures for appraisal crypto/asymmetric_keys/asymmetric_type.c | 1 + crypto/asymmetric_keys/pkcs7_parser.c | 12 +++++ crypto/asymmetric_keys/pkcs7_verify.c | 13 +++++ include/crypto/pkcs7.h | 3 ++ include/linux/module_signature.h | 45 ++++++++++++++++ include/linux/verification.h | 1 + init/Kconfig | 6 ++- kernel/Makefile | 2 +- kernel/module_signing.c | 74 +++++++++++---------------- security/integrity/Kconfig | 2 +- security/integrity/digsig_asymmetric.c | 4 +- security/integrity/iint.c | 2 +- security/integrity/ima/Kconfig | 13 +++++ security/integrity/ima/ima.h | 8 +++ security/integrity/ima/ima_appraise.c | 86 ++++++++++++++++++++++++++++++- security/integrity/ima/ima_init.c | 2 +- security/integrity/ima/ima_main.c | 30 +++++++++-- security/integrity/ima/ima_policy.c | 88 ++++++++++++-------------------- security/integrity/integrity.h | 27 ++++++---- 19 files changed, 302 insertions(+), 117 deletions(-) create mode 100644 include/linux/module_signature.h -- 2.7.4