2020-06-23 21:20:57

by Bruno Meneguele

[permalink] [raw]
Subject: [PATCH v3 0/2] ima: make appraisal state runtime dependent on secure boot

To switch APPRAISE_BOOTPARAM and ARCH_POLICY dependency from compile time to
run time the secure boot checking code (specific to each arch) had to be
slightly modified to include, in the PowerPC arch, the Trusted Boot state,
which is also relevant to the arch policy choice and also required the
ima_appraise to be enforced.

With that I changed the checking order: instead of first check the
arch_policy and then the secure/trusted boot state, now we first check the
boot state, set ima_appraise to be enforced and then the existence of arch
policy. In other words, whenever secure/trusted boot is enabled,
(ima_appraise & IMA_APPRAISE_ENFORCE) == true.

I've tested these patches in a x86_64 platform with and without secure boot
enabled and in a PowerPC without secure boot enabled:

1) with secure boot enabled (x86_64) and ima_policy=appraise_tcb, the
ima_appraise= options were completly ignored and the boot always failed with
"missing-hash" for /sbin/init, which is the expected result;

2) with secure boot enabled (x86_64), but no ima_policy:

[ 1.396111] ima: Allocated hash algorithm: sha256
[ 1.424025] ima: setting IMA appraisal to enforced
[ 1.424039] audit: type=1807 audit(1592927955.557:2): action=measure func=KEXEC_KERNEL_CHECK res=1
[ 1.424040] audit: type=1807 audit(1592927955.557:3): action=measure func=MODULE_CHECK res=1

3) with secure boot disabled (PowerPC and x86_64) and
"ima_policy=appraise_tcb ima_appraise=fix", audit messages were triggered
with "op=appraisal_data cause=missing-hash" but the system worked fine due
to "fix".

Bruno Meneguele (2):
arch/ima: extend secure boot check to include trusted boot
ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime

arch/powerpc/kernel/ima_arch.c | 5 +++--
arch/s390/kernel/ima_arch.c | 2 +-
arch/x86/kernel/ima_arch.c | 4 ++--
include/linux/ima.h | 4 ++--
security/integrity/ima/Kconfig | 2 +-
security/integrity/ima/ima_main.c | 2 +-
security/integrity/ima/ima_policy.c | 20 ++++++++++++++------
7 files changed, 24 insertions(+), 15 deletions(-)

--
2.26.2


2020-06-23 21:21:12

by Bruno Meneguele

[permalink] [raw]
Subject: [PATCH v3 1/2] arch/ima: extend secure boot check to include trusted boot

ima_get_secureboot() has been used for checking platform's secure boot
state for enabling different arch specific IMA policies where available.
However, for powerpc there also is the concept of Trusted Boot, which is
also relevant to the check code.

This patch extend the code or'ing the Trusted Boot state in PowerPC arch
while leaving the other arches (x86 and s390) unchanged. The only changes
performed in the other arches is related to the function name change.

Signed-off-by: Bruno Meneguele <[email protected]>
---
arch/powerpc/kernel/ima_arch.c | 5 +++--
arch/s390/kernel/ima_arch.c | 2 +-
arch/x86/kernel/ima_arch.c | 5 +++--
include/linux/ima.h | 4 ++--
security/integrity/ima/ima_main.c | 2 +-
5 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/arch/powerpc/kernel/ima_arch.c b/arch/powerpc/kernel/ima_arch.c
index 957abd592075..32b26b491c07 100644
--- a/arch/powerpc/kernel/ima_arch.c
+++ b/arch/powerpc/kernel/ima_arch.c
@@ -7,9 +7,10 @@
#include <linux/ima.h>
#include <asm/secure_boot.h>

-bool arch_ima_get_secureboot(void)
+bool arch_ima_secure_or_trusted_boot(void)
{
- return is_ppc_secureboot_enabled();
+ return (is_ppc_secureboot_enabled() ||
+ is_ppc_trustedboot_enabled());
}

/*
diff --git a/arch/s390/kernel/ima_arch.c b/arch/s390/kernel/ima_arch.c
index f3c3e6e1c5d3..9cf823cf2b79 100644
--- a/arch/s390/kernel/ima_arch.c
+++ b/arch/s390/kernel/ima_arch.c
@@ -3,7 +3,7 @@
#include <linux/ima.h>
#include <asm/boot_data.h>

-bool arch_ima_get_secureboot(void)
+bool arch_ima_secure_or_trusted_boot(void)
{
return ipl_secure_flag;
}
diff --git a/arch/x86/kernel/ima_arch.c b/arch/x86/kernel/ima_arch.c
index 7dfb1e808928..168393d399ba 100644
--- a/arch/x86/kernel/ima_arch.c
+++ b/arch/x86/kernel/ima_arch.c
@@ -51,7 +51,7 @@ static enum efi_secureboot_mode get_sb_mode(void)
return efi_secureboot_mode_enabled;
}

-bool arch_ima_get_secureboot(void)
+bool arch_ima_secure_or_trusted_boot(void)
{
static enum efi_secureboot_mode sb_mode;
static bool initialized;
@@ -85,7 +85,8 @@ static const char * const sb_arch_rules[] = {

const char * const *arch_get_ima_policy(void)
{
- if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) {
+ if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) &&
+ arch_ima_secure_or_tusted_boot()) {
if (IS_ENABLED(CONFIG_MODULE_SIG))
set_module_sig_enforced();
return sb_arch_rules;
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 9164e1534ec9..839b5c376ed6 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -32,10 +32,10 @@ extern void ima_add_kexec_buffer(struct kimage *image);
#endif

#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
-extern bool arch_ima_get_secureboot(void);
+extern bool arch_ima_secure_or_trusted_boot(void);
extern const char * const *arch_get_ima_policy(void);
#else
-static inline bool arch_ima_get_secureboot(void)
+static inline bool arch_ima_secure_or_trusted_boot(void)
{
return false;
}
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index c1583d98c5e5..a760094e8f8d 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -694,7 +694,7 @@ int ima_load_data(enum kernel_load_data_id id)
switch (id) {
case LOADING_KEXEC_IMAGE:
if (IS_ENABLED(CONFIG_KEXEC_SIG)
- && arch_ima_get_secureboot()) {
+ && arch_ima_secure_or_trusted_boot()) {
pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n");
return -EACCES;
}
--
2.26.2

2020-06-26 16:28:09

by Bruno Meneguele

[permalink] [raw]
Subject: Re: [PATCH v3 0/2] ima: make appraisal state runtime dependent on secure boot

Gentle ping for review.

I also forgot to add the changelog for the patch, please see below.

On Tue, Jun 23, 2020 at 05:26:38PM -0300, Bruno Meneguele wrote:
> To switch APPRAISE_BOOTPARAM and ARCH_POLICY dependency from compile time to
> run time the secure boot checking code (specific to each arch) had to be
> slightly modified to include, in the PowerPC arch, the Trusted Boot state,
> which is also relevant to the arch policy choice and also required the
> ima_appraise to be enforced.
>
> With that I changed the checking order: instead of first check the
> arch_policy and then the secure/trusted boot state, now we first check the
> boot state, set ima_appraise to be enforced and then the existence of arch
> policy. In other words, whenever secure/trusted boot is enabled,
> (ima_appraise & IMA_APPRAISE_ENFORCE) == true.
>
> I've tested these patches in a x86_64 platform with and without secure boot
> enabled and in a PowerPC without secure boot enabled:
>
> 1) with secure boot enabled (x86_64) and ima_policy=appraise_tcb, the
> ima_appraise= options were completly ignored and the boot always failed with
> "missing-hash" for /sbin/init, which is the expected result;
>
> 2) with secure boot enabled (x86_64), but no ima_policy:
>
> [ 1.396111] ima: Allocated hash algorithm: sha256
> [ 1.424025] ima: setting IMA appraisal to enforced
> [ 1.424039] audit: type=1807 audit(1592927955.557:2): action=measure func=KEXEC_KERNEL_CHECK res=1
> [ 1.424040] audit: type=1807 audit(1592927955.557:3): action=measure func=MODULE_CHECK res=1
>
> 3) with secure boot disabled (PowerPC and x86_64) and
> "ima_policy=appraise_tcb ima_appraise=fix", audit messages were triggered
> with "op=appraisal_data cause=missing-hash" but the system worked fine due
> to "fix".

Changelog:

v2:
- pr_info() message prefix correction
v3:
- extend secure boot arch checker to also consider trusted boot
- enforce IMA appraisal when secure boot is effectively enabled (Nayna)
- fix ima_appraise flag assignment by or'ing it (Mimi)

>
> Bruno Meneguele (2):
> arch/ima: extend secure boot check to include trusted boot
> ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime
>
> arch/powerpc/kernel/ima_arch.c | 5 +++--
> arch/s390/kernel/ima_arch.c | 2 +-
> arch/x86/kernel/ima_arch.c | 4 ++--
> include/linux/ima.h | 4 ++--
> security/integrity/ima/Kconfig | 2 +-
> security/integrity/ima/ima_main.c | 2 +-
> security/integrity/ima/ima_policy.c | 20 ++++++++++++++------
> 7 files changed, 24 insertions(+), 15 deletions(-)
>
> --
> 2.26.2
>

--
bmeneg
PGP Key: http://bmeneg.com/pubkey.txt


Attachments:
(No filename) (2.70 kB)
signature.asc (499.00 B)
Download all attachments

2020-06-26 20:24:14

by Mimi Zohar

[permalink] [raw]
Subject: Re: [PATCH v3 1/2] arch/ima: extend secure boot check to include trusted boot

On Tue, 2020-06-23 at 17:26 -0300, Bruno Meneguele wrote:
<snip>

> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index c1583d98c5e5..a760094e8f8d 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -694,7 +694,7 @@ int ima_load_data(enum kernel_load_data_id id)
> switch (id) {
> case LOADING_KEXEC_IMAGE:
> if (IS_ENABLED(CONFIG_KEXEC_SIG)
> - && arch_ima_get_secureboot()) {
> + && arch_ima_secure_or_trusted_boot()) {
> pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n");
> return -EACCES;
> }

Only IMA-appraisal enforces file integrity based on policy.

Mimi

2020-06-29 23:52:48

by Bruno Meneguele

[permalink] [raw]
Subject: Re: [PATCH v3 1/2] arch/ima: extend secure boot check to include trusted boot

On Fri, Jun 26, 2020 at 04:23:12PM -0400, Mimi Zohar wrote:
> On Tue, 2020-06-23 at 17:26 -0300, Bruno Meneguele wrote:
> <snip>
>
> > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> > index c1583d98c5e5..a760094e8f8d 100644
> > --- a/security/integrity/ima/ima_main.c
> > +++ b/security/integrity/ima/ima_main.c
> > @@ -694,7 +694,7 @@ int ima_load_data(enum kernel_load_data_id id)
> > switch (id) {
> > case LOADING_KEXEC_IMAGE:
> > if (IS_ENABLED(CONFIG_KEXEC_SIG)
> > - && arch_ima_get_secureboot()) {
> > + && arch_ima_secure_or_trusted_boot()) {
> > pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n");
> > return -EACCES;
> > }
>
> Only IMA-appraisal enforces file integrity based on policy.
>

Right, but I didn't get the relation to the code above: I basically
renamed the function:

"arch_ima_get_secureboot" -> "arch_ima_secure_or_trusted_boot".

Which doesn't change the ima_load_data logic.

--
bmeneg
PGP Key: http://bmeneg.com/pubkey.txt


Attachments:
(No filename) (1.09 kB)
signature.asc (499.00 B)
Download all attachments