From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Ard Biesheuvel <ardb@kernel.org>, Chester Lin <clin@suse.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: [PATCH v2] ima: defer arch_ima_get_secureboot() call to IMA init time
Date: Tue, 13 Oct 2020 10:18:04 +0200 [thread overview]
Message-ID: <20201013081804.17332-1-ardb@kernel.org> (raw)
Chester reports that it is necessary to introduce a new way to pass
the EFI secure boot status between the EFI stub and the core kernel
on ARM systems. The usual way of obtaining this information is by
checking the SecureBoot and SetupMode EFI variables, but this can
only be done after the EFI variable workqueue is created, which
occurs in a subsys_initcall(), whereas arch_ima_get_secureboot()
is called much earlier by the IMA framework.
However, the IMA framework itself is started as a late_initcall,
and the only reason the call to arch_ima_get_secureboot() occurs
so early is because it happens in the context of a __setup()
callback that parses the ima_appraise= command line parameter.
So let's refactor this code a little bit, by using a core_param()
callback to capture the command line argument, and deferring any
reasoning based on its contents to the IMA init routine.
Cc: Chester Lin <clin@suse.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Link: https://lore.kernel.org/linux-arm-kernel/20200904072905.25332-2-clin@suse.com/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
v2: rebase onto series 'integrity: improve user feedback for invalid bootparams'
include/linux/ima.h | 6 ++++++
security/integrity/ima/ima_appraise.c | 16 ++++++++++------
security/integrity/ima/ima_main.c | 1 +
3 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/include/linux/ima.h b/include/linux/ima.h
index d15100de6cdd..8aefee9c36ab 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -27,6 +27,12 @@ extern void ima_post_path_mknod(struct dentry *dentry);
extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
+#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
+extern void ima_appraise_parse_cmdline(void);
+#else
+static inline void ima_appraise_parse_cmdline(void) {}
+#endif
+
#ifdef CONFIG_IMA_KEXEC
extern void ima_add_kexec_buffer(struct kimage *image);
#endif
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 3dd8c2e4314e..dfe08489faea 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -16,12 +16,19 @@
#include "ima.h"
-static int __init default_appraise_setup(char *str)
-{
#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
+static char *ima_appraise_cmdline_default __initdata;
+core_param(ima_appraise, ima_appraise_cmdline_default, charp, 0);
+
+void __init ima_appraise_parse_cmdline(void)
+{
+ const char *str = ima_appraise_cmdline_default;
bool sb_state = arch_ima_get_secureboot();
int appraisal_state = ima_appraise;
+ if (!str)
+ return;
+
if (strncmp(str, "off", 3) == 0)
appraisal_state = 0;
else if (strncmp(str, "log", 3) == 0)
@@ -42,11 +49,8 @@ static int __init default_appraise_setup(char *str)
} else {
ima_appraise = appraisal_state;
}
-#endif
- return 1;
}
-
-__setup("ima_appraise=", default_appraise_setup);
+#endif
/*
* is_ima_appraise_enabled - return appraise status
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index a5a2ae36a36d..2497412b1ad2 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -865,6 +865,7 @@ static int __init init_ima(void)
{
int error;
+ ima_appraise_parse_cmdline();
ima_init_template_list();
hash_setup(CONFIG_IMA_DEFAULT_HASH);
error = ima_init();
--
2.17.1
next reply other threads:[~2020-10-13 8:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-13 8:18 Ard Biesheuvel [this message]
2020-10-13 16:46 ` [PATCH v2] ima: defer arch_ima_get_secureboot() call to IMA init time Mimi Zohar
2020-10-13 16:46 ` Mimi Zohar
2020-10-13 16:59 ` Ard Biesheuvel
2020-10-13 16:59 ` Ard Biesheuvel
2020-10-13 19:45 ` Mimi Zohar
2020-10-13 19:45 ` Mimi Zohar
2020-10-14 9:35 ` Chester Lin
2020-10-14 9:35 ` Chester Lin
2020-10-14 11:38 ` Mimi Zohar
2020-10-14 11:38 ` Mimi Zohar
2020-10-15 12:16 ` Chester Lin
2020-10-15 12:16 ` Chester Lin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201013081804.17332-1-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=clin@suse.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.