Hello Mike,
On 8/20/21 1:19 PM, Mike Snitzer wrote:
On Fri, Aug 13 2021 at 5:37P -0400,
Tushar Sugandhi wrote:
There were several improvements suggested for the original device mapper
target measurement patch series [1].
Those improvement suggestions include:
- Prefixing hashes for the
in various DM events in ima log with the hash
algorithm used to compute those hashes.
Signed-off-by: Tushar Sugandhi
Suggested-by: Mimi Zohar
---
drivers/md/dm-ima.c | 15 ---
drivers/md/dm-ima.h | 1 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm
move the duplicate measurement of
the attribute "mode=%c". Add "root_hash_sig_key_desc=%s" attribute
for the 'verity' target. Index various attributes in 'multipath'
target. Also, add "nr_priority_groups=%u" attribute to 'multipath'
The event names for the DM events recorded in the ima log do not contain
any information to indicate the events are part of the DM devices/targets.
Prefix the event names for DM events with "dm_" to indicate that they
are part of device-mapper.
Signed-off-by: Tushar Sugandhi
Suggested
ion option is disabled.
Add a one-time warning to dmesg during dm_init if
CONFIG_IMA_DISABLE_HTABLE is set to 'n', to notify the end-users that
duplicate events will not be measured in the ima log.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm.c | 6 ++
1 file changed, 6 inserti
DM target. Fix htmldocs warnings in dm-ima.rst. Update
the documentation to be consistent with the code changes that are part of
this patch series.
Reported-by: Stephen Rothwell
Signed-off-by: Tushar Sugandhi
---
.../admin-guide/device-mapper/dm-ima.rst | 827 +-
1 file c
nux/kernel/git/device-mapper/linux-dm.git
Branch: dm-5.15
Commit: commit 5a2a33884f0b ("dm crypt: Avoid percpu_counter spinlock
contention in crypt_page_alloc()")
[1]
https://patchwork.kernel.org/project/dm-devel/cover/20210713004904.8808-1-tusha...@linux.microsoft.com/
Tushar Su
e ima log.
Add version information to the DM events present in the ima log to
help attestation servers to correctly process the attributes across
different versions.
Signed-off-by: Tushar Sugandhi
Suggested-by: Mimi Zohar
---
drivers/md/dm-ima.c
Hi Mimi,
On 7/21/21 2:17 PM, Mimi Zohar wrote:
On Wed, 2021-07-21 at 12:07 -0400, Mimi Zohar wrote:
On Wed, 2021-07-21 at 11:42 -0400, Mike Snitzer wrote:
On Tue, Jul 20 2021 at 10:12P -0400,
Mimi Zohar wrote:
Hi Tushar, Mike,
On Mon, 2021-07-12 at 17:48 -0700, Tushar Sugandhi wrote
Hi Thore,
Replying to a few questions which were not already answered by me/Alasdair.
On 7/27/21 3:18 AM, Thore Sommer wrote:
There is no way to verify if the root hash was verified against a signature. We
have "root_hash_sig_key_desc SIGNATURE_DESCRIPTION" in the dm table.
"SIGNATURE_DESCRIPT
On 7/28/21 10:14 AM, Thore Sommer wrote:
Hi Tushar,
Most likely this is because you haven't set CONFIG_IMA_DISABLE_HTABLE=y.
Yes, that was the case.
With CONFIG_IMA_DISABLE_HTABLE=y the behavior is as expected. Now a new
measurement is created if I create the same device twice.
Regards,
T
Hi Thore,
On 7/27/21 1:33 PM, Alasdair G Kergon wrote:
Creating a dm-verity device with mount then removing it and now if you create it
again no measurement is generated. Is that the expected behavior?
Each of the relevant dm ioctls should be logged separately each time. If that's
not happenin
Hi Mimi,
On 7/26/21 9:33 AM, Mimi Zohar wrote:
Hi Tushar,
On Sat, 2021-07-24 at 00:25 -0700, Tushar Sugandhi wrote:
Hi Mimi,
Missing from the document is a way of validating the template data.
For example, in the original case of file measurements, the template
data contains the file hash
Hi Mimi,
On 7/20/21 7:33 PM, Mimi Zohar wrote:
Hi Tushar, Mike,
On Mon, 2021-07-12 at 17:49 -0700, Tushar Sugandhi wrote:
+Then IMA ASCII measurement log has the following format:
+PCR TEMPLATE_DIGEST TEMPLATE ALG:EVENT_DIGEST EVENT_NAME EVENT_DATA
+
+PCR := Platform Configuration Register
Hi Mike,
On 7/20/21 2:27 PM, Mike Snitzer wrote:
On Mon, Jul 12 2021 at 8:48P -0400,
Tushar Sugandhi wrote:
For a given system, various external services/infrastructure tools
(including the attestation service) interact with it - both during the
setup and during rest of the system run-time
On 7/20/21 10:51 PM, kernel test robot wrote:
tree:
https://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git
for-next
head: e820ba87f9d15399fa565ceba4a92b902c879d29
commit: fdac9de80c2e66d6df999ac810382c66b0cb2830 [9/10] dm: update target
status functions to support IMA
On 7/12/21 6:06 PM, Alasdair G Kergon wrote:
On Mon, Jul 12, 2021 at 05:49:03PM -0700, Tushar Sugandhi wrote:
The DM target data measured by IMA subsystem can alternatively
be queried from userspace by setting DM_IMA_MEASUREMENT_FLAG with
DM_TABLE_STATUS_CMD.
I was able to try this out - as
Hello Thore,
On 7/14/21 4:32 AM, Thore Sommer wrote:
Thank you for bringing IMA support to device mapper. The addition of dm-verity
to IMA is very useful for the project I'm working on where we boot
our distribution from removable USB media.
Thank you for the positive ack. Appreciate it.
One of
used by external services for managing the system.
Tushar Sugandhi (7):
dm: measure data on table load
dm: measure data on device resume
dm: measure data on device remove
dm: measure data on table clear
dm: measure data on device rename
dm: update target specific status functions to
and log the event when a table is cleared.
Measure device parameters, and table hashes when the inactive table slot
is cleared.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c | 93 +++
drivers/md/dm-ima.h | 2 +
drivers/md/dm-ioctl.c | 3
he DM target data measured by IMA subsystem can alternatively
be queried from userspace by setting DM_IMA_MEASUREMENT_FLAG with
DM_TABLE_STATUS_CMD.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-cache-target.c | 24
drivers/md/dm-clone-target.c
inactive table hash is measured when the device transitions to
different states like resume, remove, rename etc.
Signed-off-by: Tushar Sugandhi
---
drivers/md/Makefile | 2 +
drivers/md/dm-core.h | 5 +
drivers/md/dm-ima.c | 345
DM targets, on various device/table state
changes.
Signed-off-by: Tushar Sugandhi
---
.../admin-guide/device-mapper/dm-ima.rst | 306 ++
.../admin-guide/device-mapper/index.rst | 1 +
2 files changed, 307 insertions(+)
create mode 100644 Documentation/admin-guide
when the device is removed,
using either remove or remove_all.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c | 120 ++
drivers/md/dm-ima.h | 1 +
drivers/md/dm-ioctl.c | 3 ++
3 files changed, 124 insertions(+)
diff --git a/drivers/md/dm
should be sufficient to validate the
table contents.
Measure the device parameters, and hash of the active table, when the
device is resumed.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c | 118 ++
drivers/md/dm-ima.h | 2 +
drivers/md/dm
ments. Measure
both old and new device name/UUID parameters in the same IMA measurement
event, so that the old and the new values can be connected later.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c | 49 +++
drivers/md/dm-ima.h | 1 +
drivers/
and log the event when a table is cleared.
Measure device parameters, and table hashes when the inactive table slot
is cleared.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c | 50 +++
drivers/md/dm-ima.h | 2 ++
drivers/md/dm-ioctl.c | 3
should be sufficient to validate the
table contents.
Measure the device parameters, and hash of the active table, when the
device is resumed.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c | 47 +++
drivers/md/dm-ima.h | 1 +
drivers/md/dm
pdate
the device data for IMA with the new values. Measure both old device
data and the new device name/UUID parameters in the same IMA measurement
event, so that the old and new values can be connected later.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c
ima_measure_critical_data(), when a block device state is changed (e.g.
on device create, resume, rename, remove etc.) It measures the device
state and configuration and stores it in IMA logs, so that it can be
used by external services for managing the system.
Tushar Sugandhi (7):
dm: measure data on table load
dm
inactive table hash is measured when the device transitions to
different states like resume, remove, rename etc.
Signed-off-by: Tushar Sugandhi
---
drivers/md/Makefile | 2 +
drivers/md/dm-core.h | 5 +
drivers/md/dm-ima.c | 219
igned-off-by: Tushar Sugandhi
---
drivers/md/dm-cache-target.c | 30 +
drivers/md/dm-clone-target.c | 7 +++
drivers/md/dm-crypt.c | 50 ++
drivers/md/dm-delay.c | 4 ++
drivers/md/dm-d
that, a separate documentation page is needed.
Add documentation to admin-guide to help system administrators and
attestation client/server component owners interpret the measurement
data generated by various DM targets, on various device / table state
changes.
Signed-off-by: Tushar Sugandhi
when the device is removed.
Signed-off-by: Tushar Sugandhi
---
drivers/md/dm-ima.c | 56 +++
drivers/md/dm-ima.h | 1 +
drivers/md/dm-ioctl.c | 2 ++
3 files changed, 59 insertions(+)
diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c
index
Hi Petr,
On 2021-02-23 4:43 p.m., Mimi Zohar wrote:
Hi Petr,
On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote:
Hi!
I updated Tushar's patchset to speedup things.
Thank you. :)
Changes v2->v3
* rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/
* move tst_res TPAS
ty to ima_setup.sh as new
functions - check_policy_pattern() and check_ima_ascii_log_for_policy().
Signed-off-by: Tushar Sugandhi
---
.../security/integrity/ima/tests/ima_keys.sh | 62 +++
.../security/integrity/ima/tests/ima_setup.sh | 79 +++
2 files chan
On 2021-02-09 10:53 a.m., Mimi Zohar wrote:
On Tue, 2021-02-09 at 10:23 -0800, Tushar Sugandhi wrote:
On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote:
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA does not measure duplicate buffer data since TPM extend is a very
On 2021-02-08 12:24 p.m., Mimi Zohar wrote:
Hi Tushar,
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/ima_queue.c
b/security/integrity/ima/ima_queue.c
index c096ef8945c7..fbf359495fa8 100644
--- a/security/integrity/ima/ima_queue.c
+++ b
On 2021-02-08 12:45 p.m., Mimi Zohar wrote:
Hi Tushar,
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA needs to support duplicate measurements of integrity
critical data to accurately determine the current state of that data
on the system. Further, since measurement of
Thank you Mimi for reviewing this series.
On 2021-02-08 1:10 p.m., Mimi Zohar wrote:
Hi Tushar,
On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote:
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA does not measure duplicate buffer data since TPM extend is a very
expensive
buffer entry for integrity critical data should be measured.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_api.c | 9 +
security/integrity/ima/ima_init.c | 2 +-
security/integrity/ima/ima_main.c | 5 +++--
security/integrity
data.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_api.c | 6 --
security/integrity/ima/ima_appraise.c | 2 +-
security/integrity/ima/ima_main.c | 6 +++---
security/integrity/ima/ima_policy.c | 7 ++-
5 files
IMA policy condition, for the IMA func
CRITICAL_DATA to allow duplicate buffer measurement of integrity
critical data.
Limit the ability to measure duplicate buffer data when action is
"measure" and func is CRITICAL_DATA.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/tes
ting
commit b3f82afc1041 ("IMA: Measure kernel version in early boot")
Tushar Sugandhi (3):
IMA: add policy condition to measure duplicate critical data
IMA: update functions to read allow_dup policy condition
IMA: add support to measure duplicate buffer for critical data
On 2021-01-15 4:54 a.m., Mimi Zohar wrote:
On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote:
IMA measures files and buffer data such as keys, command-line arguments
passed to the kernel on kexec system call, etc. While these measurements
are necessary for monitoring and validating
On 2021-01-13 6:09 p.m., Mimi Zohar wrote:
On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote:
Integrity critical data may belong to a single subsystem or it may
arise from cross subsystem interaction. Currently there is no mechanism
to group or limit the data based on certain label
hash.
Introduce a boolean parameter to support measuring buffer data hash,
which would be much smaller, instead of the buffer itself.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h | 3 +-
security/integrity/ima/ima_appraise.c
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to remo
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Update the documentation on kernel parameters to document
the new critical data builtin policy.
Signed-off-by: Lakshmi Ramasubram
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add policy rule support for measuring integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
Reviewed-by: Mimi Zohar
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6
of the system. Currently, IMA does not provide a
generic function for measuring kernel integrity critical data.
Define ima_measure_critical_data, a new IMA hook, to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 7 +--
security/integrity/ima/ima_main.c | 8 +---
2 files changed, 10
is not provided with
the func CRITICAL_DATA, measure all the input integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
Documentation/ABI/testing/ima_policy | 2 ++
security/integrity/ima/ima_policy.c | 37 +---
2 files changed, 36 insertions(+)
ot a mandatory policy option for
func=CRITICAL_DATA anymore. If not present, all the data sources
specified in __ima_supported_kernel_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: define a builtin critical data measurement policy
selinux: include a consumer of the new IMA critical d
void process_buffer_measurement(struct inode *inode, const void
*buf, int size,
const char *eventname, enum ima_hooks func,
- int pcr, const char *func_data);
+ int pcr, const char *func_data,
+ bool measure_buf_hash);
Please a
On 2020-12-24 6:41 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to
On 2020-12-24 6:29 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel
On 2021-01-05 12:16 p.m., Mimi Zohar wrote:
On Tue, 2021-01-05 at 12:01 -0800, Tushar Sugandhi wrote:
data. However, various data structures, policies, and states
Here and everywhere else, there are two blanks after a period.
I checked this patch file in multiple text editors, but
On 2020-12-24 5:48 a.m., Mimi Zohar wrote:
Hi Tushar,
Please update the Subject line as, "Add policy rule support for
measuring critical data".
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data
On 2020-12-24 5:04 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
IMA provides capabilities to measure file data, and in-memory buffer
No need for the comma here.
Up to this patch set, all the patches refer to "buffer data", not "in-
mem
On 2020-12-23 4:03 p.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
The original IMA buffer data measurement sizes were small (e.g. boot
command line), but the new buffer data measurement use cases have data
sizes that are a lot larger. Just as IMA measures
Hello Mimi,
Sorry for the late response. I was on vacation last week.
On 2020-12-24 5:06 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/ima_main.c
b/security/integrity/ima/ima_main.c
index 68956e884403..e76ef4bfd0f4
On 2020-12-12 11:20 a.m., Tyler Hicks wrote:
On 2020-12-12 10:02:48, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel subsystems is needed
On 2020-12-12 11:20 a.m., Tyler Hicks wrote:
On 2020-12-12 10:02:47, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security
a mandatory policy option for
func=CRITICAL_DATA anymore. If not present, all the data sources
specified in __ima_supported_kernel_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: define a builtin critical data measurement policy
selinux: include a consumer of the new IMA
ments are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to remot
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity/ima/ima_policy.c
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
+ case CRITICAL_DATA:
+ if (!rule->data_source)
+ return true;
+
+ opt_list = rule->data_source;
+ break;
I guess this case should unconditionally return true in this patch and
then the include this additional logic in the
On 2020-12-11 4:25 p.m., Tyler Hicks wrote:
On 2020-12-11 15:58:03, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to remot
ritical data measurement policy
selinux: include a consumer of the new IMA critical data hook
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measure buffer data hash
IMA: define a hook to measure kernel integrity critical data
IMA: add pol
:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
ments are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
---
security/inte
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity/ima/ima_policy.c
+ */
+void ima_measure_critical_data(const char *event_name,
+ const void *buf, int buf_len,
+ bool measure_buf_hash)
+{
+ if (!event_name || !buf || !buf_len) {
+ pr_err("Invalid arguments passed to %s().\n", __func_
On 2020-12-10 3:15 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:09, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel subsystems is needed
On 2020-12-10 3:10 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:08, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
On 2020-12-10 3:02 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:07, Tushar Sugandhi wrote:
IMA provides capabilities to measure file data, and in-memory buffer
data. However, various data structures, policies, and states
stored in kernel memory also impact the integrity of the system
On 2020-12-10 3:22 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:11, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in
On 2020-12-10 3:19 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:10, Tushar Sugandhi wrote:
The IMA hook ima_measure_critical_data() does not support a way to
specify the source of the critical data provider. Thus, the data
measurement cannot be constrained based on the data source label
in
On 2020-12-10 2:38 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:06, Tushar Sugandhi wrote:
The original IMA buffer data measurement sizes were small (e.g. boot
command line), but the new buffer data measurement use cases have data
sizes that are a lot larger. Just as IMA measures the file
On 2020-12-10 2:14 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:05, Tushar Sugandhi wrote:
IMA functions such as ima_match_keyring(), process_buffer_measurement(),
ima_match_policy() etc. handle data specific to keyrings. Currently,
these constructs are not generic to handle any func
al data measurement policy
selinux: include a consumer of the new IMA critical data hook
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measure buffer data hash
IMA: define a hook to measure kernel integrity critical data
IMA: add policy
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security/integrity/ima/ima_policy.c
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_policy.c | 35 +
1 file
From: Lakshmi Ramasubramanian
IMA measures files and buffer data such as keys, command line arguments
passed to the kernel on kexec system call, etc. While these measurements
enable monitoring and validating the integrity of the system, it is not
sufficient. Various data structures, policies and
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12 insertions(+), 5 deletions
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
1 - 100 of 190 matches
Mail list logo
