Hi David,
On Mon, 2017-04-10 at 14:19 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > From an IMA perspective, either a file hash or signature are valid,
> > but for this usage it must be a signature.
>
> Not necessarily. If IMA can guarantee that a module is
Hi David,
On Mon, 2017-04-10 at 14:19 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > From an IMA perspective, either a file hash or signature are valid,
> > but for this usage it must be a signature.
>
> Not necessarily. If IMA can guarantee that a module is the same based on its
>
Mimi Zohar wrote:
> From an IMA perspective, either a file hash or signature are valid,
> but for this usage it must be a signature.
Not necessarily. If IMA can guarantee that a module is the same based on its
hash rather than on a key, I would've thought that should
Mimi Zohar wrote:
> From an IMA perspective, either a file hash or signature are valid,
> but for this usage it must be a signature.
Not necessarily. If IMA can guarantee that a module is the same based on its
hash rather than on a key, I would've thought that should be fine.
David
On Fri, 2017-04-07 at 10:17 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA
> > > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?
> >
> > Not quite, since as Dave pointed
On Fri, 2017-04-07 at 10:17 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA
> > > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?
> >
> > Not quite, since as Dave pointed out, IMA is policy
Mimi Zohar wrote:
> > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA
> > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?
>
> Not quite, since as Dave pointed out, IMA is policy driven. As a
> policy is installed, we could
Mimi Zohar wrote:
> > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA
> > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?
>
> Not quite, since as Dave pointed out, IMA is policy driven. As a
> policy is installed, we could set a flag.
Does such a
On 04/07/17 at 04:28am, Mimi Zohar wrote:
> On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:
> > On 04/07/17 at 08:07am, David Howells wrote:
> > > Dave Young wrote:
> > >
> > > > > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > > > > we're not
On 04/07/17 at 04:28am, Mimi Zohar wrote:
> On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:
> > On 04/07/17 at 08:07am, David Howells wrote:
> > > Dave Young wrote:
> > >
> > > > > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > > > > we're not
> > > > > > > + *
On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:
> On 04/07/17 at 08:07am, David Howells wrote:
> > Dave Young wrote:
> >
> > > > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > > > we're not
> > > > > > +* going to verify the signature on
On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:
> On 04/07/17 at 08:07am, David Howells wrote:
> > Dave Young wrote:
> >
> > > > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > > > we're not
> > > > > > +* going to verify the signature on them
> > > > > > +
On 04/07/17 at 03:45am, Mimi Zohar wrote:
> On Fri, 2017-04-07 at 14:19 +0800, Dave Young wrote:
> > On 04/06/17 at 11:49pm, Mimi Zohar wrote:
> > > On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> > > > On 04/05/17 at 09:15pm, David Howells wrote:
> > > > > From: Chun-Yi Lee
On 04/07/17 at 03:45am, Mimi Zohar wrote:
> On Fri, 2017-04-07 at 14:19 +0800, Dave Young wrote:
> > On 04/06/17 at 11:49pm, Mimi Zohar wrote:
> > > On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> > > > On 04/05/17 at 09:15pm, David Howells wrote:
> > > > > From: Chun-Yi Lee
> > > > >
> >
On Fri, 2017-04-07 at 08:09 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > > > kernel_is_locked_down())
> > > > + return -EPERM;
> > > > +
> > > >
> >
> > IMA can be used to verify file
On Fri, 2017-04-07 at 08:09 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > > > kernel_is_locked_down())
> > > > + return -EPERM;
> > > > +
> > > >
> >
> > IMA can be used to verify file signatures too, based on
On Fri, 2017-04-07 at 14:19 +0800, Dave Young wrote:
> On 04/06/17 at 11:49pm, Mimi Zohar wrote:
> > On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> > > On 04/05/17 at 09:15pm, David Howells wrote:
> > > > From: Chun-Yi Lee
> > > >
> > > > When KEXEC_VERIFY_SIG is
On Fri, 2017-04-07 at 14:19 +0800, Dave Young wrote:
> On 04/06/17 at 11:49pm, Mimi Zohar wrote:
> > On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> > > On 04/05/17 at 09:15pm, David Howells wrote:
> > > > From: Chun-Yi Lee
> > > >
> > > > When KEXEC_VERIFY_SIG is not enabled, kernel
On 04/07/17 at 08:07am, David Howells wrote:
> Dave Young wrote:
>
> > > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > > we're not
> > > > > + * going to verify the signature on them
> > > > > + */
> > > > > + if
On 04/07/17 at 08:07am, David Howells wrote:
> Dave Young wrote:
>
> > > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > > we're not
> > > > > + * going to verify the signature on them
> > > > > + */
> > > > > + if
Mimi Zohar wrote:
> > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) && kernel_is_locked_down())
> > > + return -EPERM;
> > > +
> > >
>
> IMA can be used to verify file signatures too, based on the LSM hooks
> in kernel_read_file_from_fd().
Mimi Zohar wrote:
> > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) && kernel_is_locked_down())
> > > + return -EPERM;
> > > +
> > >
>
> IMA can be used to verify file signatures too, based on the LSM hooks
> in kernel_read_file_from_fd(). CONFIG_KEXEC_VERIFY_SIG should not be
>
Dave Young wrote:
> > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > we're not
> > > > +* going to verify the signature on them
> > > > +*/
> > > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > > >
Dave Young wrote:
> > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > we're not
> > > > +* going to verify the signature on them
> > > > +*/
> > > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > > > kernel_is_locked_down())
> > > > +
On 04/06/17 at 11:49pm, Mimi Zohar wrote:
> On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> > On 04/05/17 at 09:15pm, David Howells wrote:
> > > From: Chun-Yi Lee
> > >
> > > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> > > through
On 04/06/17 at 11:49pm, Mimi Zohar wrote:
> On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> > On 04/05/17 at 09:15pm, David Howells wrote:
> > > From: Chun-Yi Lee
> > >
> > > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> > > through kexec_file systemcall if
On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> On 04/05/17 at 09:15pm, David Howells wrote:
> > From: Chun-Yi Lee
> >
> > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> > through kexec_file systemcall if securelevel has been set.
> >
> >
On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> On 04/05/17 at 09:15pm, David Howells wrote:
> > From: Chun-Yi Lee
> >
> > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> > through kexec_file systemcall if securelevel has been set.
> >
> > This code was showed in
On 04/05/17 at 09:15pm, David Howells wrote:
> From: Chun-Yi Lee
>
> When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> through kexec_file systemcall if securelevel has been set.
>
> This code was showed in Matthew's patch but not in git:
>
On 04/05/17 at 09:15pm, David Howells wrote:
> From: Chun-Yi Lee
>
> When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> through kexec_file systemcall if securelevel has been set.
>
> This code was showed in Matthew's patch but not in git:
> https://lkml.org/lkml/2015/3/13/778
From: Chun-Yi Lee
When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
through kexec_file systemcall if securelevel has been set.
This code was showed in Matthew's patch but not in git:
https://lkml.org/lkml/2015/3/13/778
Cc: Matthew Garrett
From: Chun-Yi Lee
When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
through kexec_file systemcall if securelevel has been set.
This code was showed in Matthew's patch but not in git:
https://lkml.org/lkml/2015/3/13/778
Cc: Matthew Garrett
Signed-off-by: Chun-Yi Lee
From: Chun-Yi Lee
When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
through kexec_file systemcall if securelevel has been set.
This code was showed in Matthew's patch but not in git:
https://lkml.org/lkml/2015/3/13/778
Cc: Matthew Garrett
From: Chun-Yi Lee
When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
through kexec_file systemcall if securelevel has been set.
This code was showed in Matthew's patch but not in git:
https://lkml.org/lkml/2015/3/13/778
Cc: Matthew Garrett
Signed-off-by: Chun-Yi Lee
34 matches
Mail list logo