IPE is a Linux Security Module that takes a complementary approach to
access control. Unlike traditional access control mechanisms that rely on
labels and paths for decision-making, IPE focuses on the immutable security
properties inherent to system components. These properties are fundamental
attributes or features of a system component that cannot be altered,
ensuring a consistent and reliable basis for security decisions.
To elaborate, in the context of IPE, system components primarily refer to
files or the devices these files reside on. However, this is just a
starting point. The concept of system components is flexible and can be
extended to include new elements as the system evolves. The immutable
properties include the origin of a file, which remains constant and
unchangeable over time. For example, IPE policies can be crafted to trust
files originating from the initramfs. Since initramfs is typically verified
by the bootloader, its files are deemed trustworthy; "file is from
initramfs" becomes an immutable property under IPE's consideration.
The immutable property concept extends to the security features enabled on
a file's origin, such as dm-verity or fs-verity, which provide a layer of
integrity and trust. For example, IPE allows the definition of policies
that trust files from a dm-verity protected device. dm-verity ensures the
integrity of an entire device by providing a verifiable and immutable state
of its contents. Similarly, fs-verity offers filesystem-level integrity
checks, allowing IPE to enforce policies that trust files protected by
fs-verity. These two features cannot be turned off once established, so
they are considered immutable properties. These examples demonstrate how
IPE leverages immutable properties, such as a file's origin and its
integrity protection mechanisms, to make access control decisions.
For the IPE policy, specifically, it grants the ability to enforce
stringent access controls by assessing security properties against
reference values defined within the policy. This assessment can be based on
the existence of a security property (e.g., verifying if a file originates
from initramfs) or evaluating the internal state of an immutable security
property. The latter includes checking the roothash of a dm-verity
protected device, determining whether dm-verity possesses a valid
signature, assessing the digest of a fs-verity protected file, or
determining whether fs-verity possesses a valid built-in signature. This
nuanced approach to policy enforcement enables a highly secure and
customizable system defense mechanism, tailored to specific security
requirements and trust models.
IPE is compiled under CONFIG_SECURITY_IPE.
Use Cases
---------
IPE works best in fixed-function devices: Devices in which their purpose
is clearly defined and not supposed to be changed (e.g. network firewall
device in a data center, an IoT device, etcetera), where all software and
configuration is built and provisioned by the system owner.
IPE is a long-way off for use in general-purpose computing: the Linux
community as a whole tends to follow a decentralized trust model,
known as the web of trust, which IPE has no support for as of yet.
There are exceptions, such as the case where a Linux distribution
vendor trusts only their own keys, where IPE can successfully be used
to enforce the trust requirement.
Additionally, while most packages are signed today, the files inside
the packages (for instance, the executables), tend to be unsigned. This
makes it difficult to utilize IPE in systems where a package manager is
expected to be functional, without major changes to the package manager
and ecosystem behind it.
The digest_cache LSM[1] is a system that when combined with IPE, could be
used to enable general purpose computing scenarios.
Policy
-------
IPE policy is a plain-text policy composed of multiple statements
over several lines. There is one required line, at the top of the
policy, indicating the policy name, and the policy version, for
instance:
policy_name=Ex_Policy policy_version=0.0.0
The policy version indicates the current version of the policy. This is
used to prevent roll-back of policy to potentially insecure previous
versions of the policy.
The next portion of IPE policy, are rules. Rules are formed by key=value
pairs, known as properties. IPE rules require two keys: "action", which
determines what IPE does when it encounters a match against the policy
and "op", which determines when that rule should be evaluated.
Thus, a minimal rule is:
op=EXECUTE action=ALLOW
This example rule will allow any execution. A rule is required to have the
"op" property as the first token of a rule, and the "action" as the last
token of the rule.
Additional properties are used to assess immutable security properties
about the files being evaluated. These properties are intended to be
deterministic attributes that are resident in the kernel.
For example:
op=EXECUTE dmverity_signature=FALSE action=DENY
This rule with property dmverity_signature will deny any file not from
a signed dmverity volume to be executed.
All available properties for IPE described in the documentation patch of
this series.
Rules are evaluated top-to-bottom. As a result, any revocation rules,
or denies should be placed early in the file to ensure that these rules
are evaluated before a rule with "action=ALLOW" is hit.
Any unknown syntax in IPE policy will result in a fatal error to parse
the policy.
Additionally, a DEFAULT operation must be set for all understood
operations within IPE. For policies to remain completely forwards
compatible, it is recommended that users add a "DEFAULT action=ALLOW"
and override the defaults on a per-operation basis.
For more information about the policy syntax, see the kernel
documentation page.
Early Usermode Protection
--------------------------
IPE can be provided with a policy at startup to load and enforce.
This is intended to be a minimal policy to get the system to a state
where userspace is setup and ready to receive commands, at which
point a policy can be deployed via securityfs. This "boot policy" can be
specified via the config, SECURITY_IPE_BOOT_POLICY, which accepts a path
to a plain-text version of the IPE policy to apply. This policy will be
compiled into the kernel. If not specified, IPE will be disabled until a
policy is deployed and activated through the method above.
Policy Examples
----------------
Allow all:
policy_name=Allow_All policy_version=0.0.0
DEFAULT action=ALLOW
Allow only initramfs:
policy_name=Allow_Initramfs policy_version=0.0.0
DEFAULT action=DENY
op=EXECUTE boot_verified=TRUE action=ALLOW
Allow any signed and validated dm-verity volume and the initramfs:
policy_name=Allow_Signed_DMV_And_Initramfs policy_version=0.0.0
DEFAULT action=DENY
op=EXECUTE boot_verified=TRUE action=ALLOW
op=EXECUTE dmverity_signature=TRUE action=ALLOW
Prohibit execution from a specific dm-verity volume, while allowing
all signed volumes and the initramfs:
policy_name=Deny_DMV_By_Roothash policy_version=0.0.0
DEFAULT action=DENY
op=EXECUTE dmverity_roothash=sha256:cd2c5bae7c6c579edaae4353049d58eb5f2e8be0244bf05345bc8e5ed257baff action=DENY
op=EXECUTE boot_verified=TRUE action=ALLOW
op=EXECUTE dmverity_signature=TRUE action=ALLOW
Allow only a specific dm-verity volume:
policy_name=Allow_DMV_By_Roothash policy_version=0.0.0
DEFAULT action=DENY
op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
Allow any fs-verity file with a valid built-in signature:
policy_name=Allow_Signed_And_Validated_FSVerity policy_version=0.0.0
DEFAULT action=DENY
op=EXECUTE fsverity_signature=TRUE action=ALLOW
Allow execution of a specific fs-verity file:
policy_name=ALLOW_FSV_By_Digest policy_version=0.0.0
DEFAULT action=DENY
op=EXECUTE fsverity_digest=sha256:fd88f2b8824e197f850bf4c5109bea5cf0ee38104f710843bb72da796ba5af9e action=ALLOW
Deploying Policies
-------------------
First sign a plain text policy, with a certificate that is present in
the SYSTEM_TRUSTED_KEYRING of your test machine. Through openssl, the
signing can be done via:
openssl smime -sign -in "$MY_POLICY" -signer "$MY_CERTIFICATE" \
-inkey "$MY_PRIVATE_KEY" -outform der -noattr -nodetach \
-out "$MY_POLICY.p7s"
Then, simply cat the file into the IPE's "new_policy" securityfs node:
cat "$MY_POLICY.p7s" > /sys/kernel/security/ipe/new_policy
The policy should now be present under the policies/ subdirectory, under
its "policy_name" attribute.
The policy is now present in the kernel and can be marked as active,
via the securityfs node:
echo 1 > "/sys/kernel/security/ipe/$MY_POLICY_NAME/active"
This will now mark the policy as active and the system will be enforcing
$MY_POLICY_NAME.
There is one requirement when marking a policy as active, the policy_version
attribute must either increase, or remain the same as the currently running
policy.
Policies can be updated via:
cat "$MY_UPDATED_POLICY.p7s" > \
"/sys/kernel/security/ipe/policies/$MY_POLICY_NAME/update"
Additionally, policies can be deleted via the "delete" securityfs
node. Simply write "1" to the corresponding node in the policy folder:
echo 1 > "/sys/kernel/security/ipe/policies/$MY_POLICY_NAME/delete"
There is only one requirement to delete policies, the policy being
deleted must not be the active policy.
NOTE: Any securityfs write to IPE's nodes will require CAP_MAC_ADMIN.
Integrations
-------------
This patch series adds support for fsverity via digest and signature
(fsverity_signature and fsverity_digest), dm-verity by digest and
signature (dmverity_signature and dmverity_roothash), and trust for
the initramfs (boot_verified).
Please see the documentation patch for more information about the
integrations available.
Testing
--------
KUnit Tests are available. Recommended kunitconfig:
CONFIG_KUNIT=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_PKCS7_MESSAGE_PARSER=y
CONFIG_SYSTEM_DATA_VERIFICATION=y
CONFIG_FS_VERITY=y
CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y
CONFIG_BLOCK=y
CONFIG_MD=y
CONFIG_BLK_DEV_DM=y
CONFIG_DM_VERITY=y
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
CONFIG_NET=y
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_SECURITY_IPE=y
CONFIG_IPE_PROP_DM_VERITY=y
CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y
CONFIG_IPE_PROP_FS_VERITY=y
CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y
CONFIG_SECURITY_IPE_KUNIT_TEST=y
Simply run:
make ARCH=um mrproper
./tools/testing/kunit/kunit.py run --kunitconfig <path/to/config>
And the tests will execute and report the result.
In addition, IPE has a python based integration
test suite https://github.com/microsoft/ipe/tree/test-suite that
can test both user interfaces and enforcement functionalities.
Documentation
--------------
There is both documentation available on github at
https://microsoft.github.io/ipe, and Documentation in this patch series,
to be added in-tree.
Known Gaps
-----------
IPE has two known gaps:
1. IPE cannot verify the integrity of anonymous executable memory, such as
the trampolines created by gcc closures and libffi (<3.4.2), or JIT'd code.
Unfortunately, as this is dynamically generated code, there is no way
for IPE to ensure the integrity of this code to form a trust basis. In all
cases, the return result for these operations will be whatever the admin
configures the DEFAULT action for "EXECUTE".
2. IPE cannot verify the integrity of interpreted languages' programs when
these scripts invoked via ``<interpreter> <file>``. This is because the
way interpreters execute these files, the scripts themselves are not
evaluated as executable code through one of IPE's hooks. Interpreters
can be enlightened to the usage of IPE by trying to mmap a file into
executable memory (+X), after opening the file and responding to the
error code appropriately. This also applies to included files, or high
value files, such as configuration files of critical system components.
Appendix
---------
A. IPE Github Repository: https://github.com/microsoft/ipe
B. IPE Users' Guide: Documentation/admin-guide/LSM/ipe.rst
References
-----------
1: https://lore.kernel.org/lkml/[email protected]/
FAQ:
----
Q: What is the difference between IMA and IPE?
A: See the documentation patch for more on this topic.
Previous Postings
-----------------
v1: https://lore.kernel.org/all/[email protected]/
v2: https://lore.kernel.org/all/[email protected]/
v3: https://lore.kernel.org/all/[email protected]/
v4: https://lore.kernel.org/all/[email protected]/
v5: https://lore.kernel.org/all/[email protected]/
v6: https://lore.kernel.org/all/[email protected]/
v7: https://lore.kernel.org/all/1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com/
v8: https://lore.kernel.org/all/1654714889-26728-1-git-send-email-deven.desai@linux.microsoft.com/
v9: https://lore.kernel.org/lkml/[email protected]/
v10: https://lore.kernel.org/lkml/[email protected]/
v11: https://lore.kernel.org/lkml/[email protected]/
v12: https://lore.kernel.org/lkml/[email protected]/
v13: https://lore.kernel.org/lkml/[email protected]/
v14: https://lore.kernel.org/lkml/[email protected]/
v15: https://lore.kernel.org/lkml/[email protected]/
v16: https://lore.kernel.org/lkml/[email protected]/
v17: https://lore.kernel.org/lkml/[email protected]/
Changelog
----------
v2:
Split the second patch of the previous series into two.
Minor corrections in the cover-letter and documentation
comments regarding CAP_MAC_ADMIN checks in IPE.
v3:
Address various comments by Jann Horn. Highlights:
Switch various audit allocators to GFP_KERNEL.
Utilize rcu_access_pointer() in various locations.
Strip out the caching system for properties
Strip comments from headers
Move functions around in patches
Remove kernel command line parameters
Reconcile the race condition on the delete node for policy by
expanding the policy critical section.
Address a few comments by Jonathan Corbet around the documentation
pages for IPE.
Fix an issue with the initialization of IPE policy with a "-0"
version, caused by not initializing the hlist entries before
freeing.
v4:
Address a concern around IPE's behavior with unknown syntax.
Specifically, make any unknown syntax a fatal error instead of a
warning, as suggested by Mickaël Salaün.
Introduce a new securityfs node, $securityfs/ipe/property_config,
which provides a listing of what properties are enabled by the
kernel and their versions. This allows usermode to predict what
policies should be allowed.
Strip some comments from c files that I missed.
Clarify some documentation comments around 'boot_verified'.
While this currently does not functionally change the property
itself, the distinction is important when IPE can enforce verified
reads. Additionally, 'KERNEL_READ' was omitted from the documentation.
This has been corrected.
Change SecurityFS and SHA1 to a reverse dependency.
Update the cover-letter with the updated behavior of unknown syntax.
Remove all sysctls, making an equivalent function in securityfs.
Rework the active/delete mechanism to be a node under the policy in
$securityfs/ipe/policies.
The kernel command line parameters ipe.enforce and ipe.success_audit
have returned as this functionality is no longer exposed through
sysfs.
v5:
Correct some grammatical errors reported by Randy Dunlap.
Fix some warnings reported by kernel test bot.
Change convention around security_bdev_setsecurity. -ENOSYS
is now expected if an LSM does not implement a particular @name,
as suggested by Casey Schaufler.
Minor string corrections related to the move from sysfs to securityfs
Correct a spelling of an #ifdef for the permissive argument.
Add the kernel parameters re-added to the documentation.
Fix a minor bug where the mode being audited on permissive switch
was the original mode, not the mode being swapped to.
Cleanup doc comments, fix some whitespace alignment issues.
v6:
Change if statement condition in security_bdev_setsecurity to be
more concise, as suggested by Casey Schaufler and Al Viro
Drop the 6th patch in the series, "dm-verity move signature check..."
due to numerous issues, and it ultimately providing no real value.
Fix the patch tree - the previous iteration appears to have been in a
torn state (patches 8+9 were merged). This has since been corrected.
v7:
* Reword cover letter to more accurate convey IPE's purpose
and latest updates.
* Refactor series to:
1. Support a context structure, enabling:
1. Easier Testing via KUNIT
2. A better architecture for future designs
2. Make parser code cleaner
* Move patch 01/12 to [14/16] of the series
* Split up patch 02/12 into four parts:
1. context creation [01/16]
2. audit [07/16]
3. evaluation loop [03/16]
4. access control hooks [05/16]
5. permissive mode [08/16]
* Split up patch 03/12 into two parts:
1. parser [02/16]
2. userspace interface [04/16]
* Reword and refactor patch 04/12 to [09/16]
* Squash patch 05/12, 07/12, 09/12 to [10/16]
* Squash patch 08/12, 10/12 to [11/16]
* Change audit records to MAC region (14XX) from Integrity region (18XX)
* Add FSVerity Support
* Interface changes:
1. "raw" was renamed to "pkcs7" and made read only
2. "raw"'s write functionality (update a policy) moved to "update"
3. introduced "version", "policy_name" nodes.
4. "content" renamed to "policy"
5. The boot policy can now be updated like any other policy.
* Add additional developer-level documentation
* Update admin-guide docs to reflect changes.
* Kunit tests
* Dropped CONFIG_SECURITY_IPE_PERMISSIVE_SWITCH - functionality can
easily come later with a small patch.
* Use partition0 for block_device for dm-verity patch
v8:
* Add changelog information to individual commits
* A large number of changes to the audit patch.
* split fs/ & security/ changes to two separate patches.
* split block/, security/ & drivers/md/ changes to separate patches.
* Add some historical context to what lead to the creation of IPE
in the documentation patch.
* Cover-letter changes suggested by Roberto Sassu.
v9:
* Rewrite IPE parser to use kernel match_table parser.
* Adapt existing IPE properties to the new parser.
* Remove ipe_context, quote policy syntax, kernel_read for simplicity.
* Add new function in the security file system to delete IPE policy.
* Make IPE audit builtin and change several audit formats.
* Make boot_verified property builtin
v10:
* Address various code style/format issues
* Correct the rcu locking for active policy
* Fix memleak bugs in the parser, optimize the parser per upstream feedback
* Adding new audit events for IPE and update audit formats
* Make the dmverity property auto selected
* Adding more context in the commit messages
v11:
* Address various code style/format issues
* Add finalize hook to device mapper
* move the security hook for dm-verity to the new device mapper finalize hook
v12:
* Address locking issues
* Change the implementation of boot_verified to trust initramfs only
* Update audit format for IPE decision events
* Refactor code for lsm_id
* Add IPE test suite link
v13:
* Rename the new security hook in initramfs
* Make the policy grammar independent of kernel config
* Correct IPE audit format
* Refactor policy update code
v14:
* Add more code comments/docs for dmverity/fsverity
* Fix incorrect code usage and format in dmverity
* Drop one accepted commit of dmverity
v15:
* Fix grammar issues
* Add more documentation to fsverity
* Switch security hooks from *_setsecurity() to *_setintegrity()
* Cleanup unnecessary headers
v16:
* Fix format issues, refactor names
* Further improve documentation for fsverity
* Fix bugs in dmverity implementation
* Switch to use call_int_hook() for *_setintegrity()
v17:
* Fix various code/Documentation style issues
* Switch to use reverse christmas tree style
* add ipe_ prefix to all non-static functions
* Correct documentation for fsverity
* Rewrite design concept part of IPE Documentation
* Fix incorrect interface path in IPE Documentation
v18:
* Add two new kconfigs and make them auto-selected
* Fix incorrect error handling and switch to use crypto_ahash_alg_name() in dmverity
* Move the inode_setintegrity hook call into fsverity_verify_signature() in fsverity
* Fix typos and cleanup unnecessary code
* Improve policy examples inside documentation
* Remove insecure hash algorithms and adapt the documentation accordingly
* Update the documentation regarding the new Kconfig switches
Deven Bowers (13):
security: add ipe lsm
ipe: add policy parser
ipe: add evaluation loop
ipe: add LSM hooks on execution and kernel read
ipe: add userspace interface
uapi|audit|ipe: add ipe auditing support
ipe: add permissive toggle
block,lsm: add LSM blob and new LSM hooks for block device
dm verity: expose root hash digest and signature data to LSMs
ipe: add support for dm-verity as a trust provider
scripts: add boot policy generation program
ipe: kunit test for parser
Documentation: add ipe documentation
Fan Wu (8):
initramfs|security: Add a security hook to do_populate_rootfs()
ipe: introduce 'boot_verified' as a trust provider
security: add new securityfs delete function
dm: add finalize hook to target_type
security: add security_inode_setintegrity() hook
fsverity: expose verified fsverity built-in signatures to LSMs
ipe: enable support for fs-verity as a trust provider
MAINTAINERS: ipe: add ipe maintainer information
Documentation/admin-guide/LSM/index.rst | 1 +
Documentation/admin-guide/LSM/ipe.rst | 792 ++++++++++++++++++
.../admin-guide/kernel-parameters.txt | 12 +
Documentation/filesystems/fsverity.rst | 26 +-
Documentation/security/index.rst | 1 +
Documentation/security/ipe.rst | 446 ++++++++++
MAINTAINERS | 10 +
block/bdev.c | 7 +
drivers/md/dm-verity-target.c | 100 +++
drivers/md/dm-verity.h | 6 +
drivers/md/dm.c | 12 +
fs/verity/signature.c | 21 +-
include/linux/blk_types.h | 3 +
include/linux/device-mapper.h | 9 +
include/linux/lsm_hook_defs.h | 9 +
include/linux/lsm_hooks.h | 1 +
include/linux/security.h | 53 ++
include/uapi/linux/audit.h | 3 +
include/uapi/linux/lsm.h | 1 +
init/initramfs.c | 3 +
scripts/Makefile | 1 +
scripts/ipe/Makefile | 2 +
scripts/ipe/polgen/.gitignore | 2 +
scripts/ipe/polgen/Makefile | 5 +
scripts/ipe/polgen/polgen.c | 145 ++++
security/Kconfig | 11 +-
security/Makefile | 1 +
security/inode.c | 25 +
security/ipe/.gitignore | 2 +
security/ipe/Kconfig | 96 +++
security/ipe/Makefile | 31 +
security/ipe/audit.c | 279 ++++++
security/ipe/audit.h | 19 +
security/ipe/digest.c | 118 +++
security/ipe/digest.h | 26 +
security/ipe/eval.c | 394 +++++++++
security/ipe/eval.h | 70 ++
security/ipe/fs.c | 247 ++++++
security/ipe/fs.h | 16 +
security/ipe/hooks.c | 312 +++++++
security/ipe/hooks.h | 52 ++
security/ipe/ipe.c | 99 +++
security/ipe/ipe.h | 26 +
security/ipe/policy.c | 229 +++++
security/ipe/policy.h | 98 +++
security/ipe/policy_fs.c | 470 +++++++++++
security/ipe/policy_parser.c | 556 ++++++++++++
security/ipe/policy_parser.h | 11 +
security/ipe/policy_tests.c | 296 +++++++
security/security.c | 122 ++-
.../selftests/lsm/lsm_list_modules_test.c | 3 +
51 files changed, 5271 insertions(+), 9 deletions(-)
create mode 100644 Documentation/admin-guide/LSM/ipe.rst
create mode 100644 Documentation/security/ipe.rst
create mode 100644 scripts/ipe/Makefile
create mode 100644 scripts/ipe/polgen/.gitignore
create mode 100644 scripts/ipe/polgen/Makefile
create mode 100644 scripts/ipe/polgen/polgen.c
create mode 100644 security/ipe/.gitignore
create mode 100644 security/ipe/Kconfig
create mode 100644 security/ipe/Makefile
create mode 100644 security/ipe/audit.c
create mode 100644 security/ipe/audit.h
create mode 100644 security/ipe/digest.c
create mode 100644 security/ipe/digest.h
create mode 100644 security/ipe/eval.c
create mode 100644 security/ipe/eval.h
create mode 100644 security/ipe/fs.c
create mode 100644 security/ipe/fs.h
create mode 100644 security/ipe/hooks.c
create mode 100644 security/ipe/hooks.h
create mode 100644 security/ipe/ipe.c
create mode 100644 security/ipe/ipe.h
create mode 100644 security/ipe/policy.c
create mode 100644 security/ipe/policy.h
create mode 100644 security/ipe/policy_fs.c
create mode 100644 security/ipe/policy_parser.c
create mode 100644 security/ipe/policy_parser.h
create mode 100644 security/ipe/policy_tests.c
--
2.44.0
This patch introduces a new hook to notify security system that the
content of initramfs has been unpacked into the rootfs.
Upon receiving this notification, the security system can activate
a policy to allow only files that originated from the initramfs to
execute or load into kernel during the early stages of booting.
This approach is crucial for minimizing the attack surface by
ensuring that only trusted files from the initramfs are operational
in the critical boot phase.
Signed-off-by: Fan Wu <[email protected]>
---
v1-v11:
+ Not present
v12:
+ Introduced
v13:
+ Rename the hook name to initramfs_populated()
v14:
+ No changes
v15:
+ No changes
v16:
+ No changes
v17:
+ Fix ocumentation style issues
v18:
+ No changes
---
include/linux/lsm_hook_defs.h | 2 ++
include/linux/security.h | 8 ++++++++
init/initramfs.c | 3 +++
security/security.c | 10 ++++++++++
4 files changed, 23 insertions(+)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 334e00efbde4..7db99ae75651 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -450,3 +450,5 @@ LSM_HOOK(int, 0, uring_override_creds, const struct cred *new)
LSM_HOOK(int, 0, uring_sqpoll, void)
LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd)
#endif /* CONFIG_IO_URING */
+
+LSM_HOOK(void, LSM_RET_VOID, initramfs_populated, void)
diff --git a/include/linux/security.h b/include/linux/security.h
index 41a8f667bdfa..14fff542f2e3 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -2255,4 +2255,12 @@ static inline int security_uring_cmd(struct io_uring_cmd *ioucmd)
#endif /* CONFIG_SECURITY */
#endif /* CONFIG_IO_URING */
+#ifdef CONFIG_SECURITY
+extern void security_initramfs_populated(void);
+#else
+static inline void security_initramfs_populated(void)
+{
+}
+#endif /* CONFIG_SECURITY */
+
#endif /* ! __LINUX_SECURITY_H */
diff --git a/init/initramfs.c b/init/initramfs.c
index a298a3854a80..feedb47d0f55 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -17,6 +17,7 @@
#include <linux/namei.h>
#include <linux/init_syscalls.h>
#include <linux/umh.h>
+#include <linux/security.h>
#include "do_mounts.h"
@@ -719,6 +720,8 @@ static void __init do_populate_rootfs(void *unused, async_cookie_t cookie)
#endif
}
+ security_initramfs_populated();
+
done:
/*
* If the initrd region is overlapped with crashkernel reserved region,
diff --git a/security/security.c b/security/security.c
index 820e0d437452..0db5a6b32aab 100644
--- a/security/security.c
+++ b/security/security.c
@@ -5675,3 +5675,13 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd)
return call_int_hook(uring_cmd, ioucmd);
}
#endif /* CONFIG_IO_URING */
+
+/**
+ * security_initramfs_populated() - Notify LSMs that initramfs has been loaded
+ *
+ * Tells the LSMs the initramfs has been unpacked into the rootfs.
+ */
+void security_initramfs_populated(void)
+{
+ call_void_hook(initramfs_populated);
+}
--
2.44.0
IPE is designed to provide system level trust guarantees, this usually
implies that trust starts from bootup with a hardware root of trust,
which validates the bootloader. After this, the bootloader verifies
the kernel and the initramfs.
As there's no currently supported integrity method for initramfs, and
it's typically already verified by the bootloader. This patch introduces
a new IPE property `boot_verified` which allows author of IPE policy to
indicate trust for files from initramfs.
The implementation of this feature utilizes the newly added
`initramfs_populated` hook. This hook marks the superblock of the rootfs
after the initramfs has been unpacked into it.
Before mounting the real rootfs on top of the initramfs, initramfs
script will recursively remove all files and directories on the
initramfs. This is typically implemented by using switch_root(8)
(https://man7.org/linux/man-pages/man8/switch_root.8.html).
Therefore the initramfs will be empty and not accessible after the real
rootfs takes over. It is advised to switch to a different policy
that doesn't rely on the `boot_verified` property after this point.
This ensures that the trust policies remain relevant and effective
throughout the system's operation.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+No Changes
v3:
+ Remove useless caching system
+ Move ipe_load_properties to this match
+ Minor changes from checkpatch --strict warnings
v4:
+ Remove comments from headers that was missed previously.
+ Grammatical corrections.
v5:
+ No significant changes
v6:
+ No changes
v7:
+ Reword and refactor patch 04/12 to [09/16], based on changes in
the underlying system.
+ Add common audit function for boolean values
+ Use common audit function as implementation.
v8:
+ No changes
v9:
+ No changes
v10:
+ Replace struct file with struct super_block
v11:
+ Fix code style issues
v12:
+ Switch to use unpack_initramfs hook and security blob
v13:
+ Update the hook name
+ Rename the security blob field to initramfs
+ Remove the dependency on CONFIG_BLK_DEV_INITRD
v14:
+ No changes
v15:
+ No changes
v16:
+ No changes
v17:
+ Fix code and documentation style issues
v18:
+ No changes
---
security/ipe/eval.c | 41 +++++++++++++++++++++++++++++++++---
security/ipe/eval.h | 5 +++++
security/ipe/hooks.c | 9 ++++++++
security/ipe/hooks.h | 2 ++
security/ipe/ipe.c | 8 +++++++
security/ipe/ipe.h | 1 +
security/ipe/policy.h | 2 ++
security/ipe/policy_parser.c | 39 +++++++++++++++++++++++++++++++---
8 files changed, 101 insertions(+), 6 deletions(-)
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index cc3b3f6583ad..28b3bded06c2 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -16,6 +16,18 @@
struct ipe_policy __rcu *ipe_active_policy;
+#define FILE_SUPERBLOCK(f) ((f)->f_path.mnt->mnt_sb)
+
+/**
+ * build_ipe_sb_ctx() - Build initramfs field of an ipe evaluation context.
+ * @ctx: Supplies a pointer to the context to be populated.
+ * @file: Supplies the file struct of the file triggered IPE event.
+ */
+static void build_ipe_sb_ctx(struct ipe_eval_ctx *ctx, const struct file *const file)
+{
+ ctx->initramfs = ipe_sb(FILE_SUPERBLOCK(file))->initramfs;
+}
+
/**
* ipe_build_eval_ctx() - Build an ipe evaluation context.
* @ctx: Supplies a pointer to the context to be populated.
@@ -28,6 +40,22 @@ void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
{
ctx->file = file;
ctx->op = op;
+
+ if (file)
+ build_ipe_sb_ctx(ctx, file);
+}
+
+/**
+ * evaluate_boot_verified() - Evaluate @ctx for the boot verified property.
+ * @ctx: Supplies a pointer to the context being evaluated.
+ *
+ * Return:
+ * * %true - The current @ctx match the @p
+ * * %false - The current @ctx doesn't match the @p
+ */
+static bool evaluate_boot_verified(const struct ipe_eval_ctx *const ctx)
+{
+ return ctx->initramfs;
}
/**
@@ -35,8 +63,8 @@ void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
* @ctx: Supplies a pointer to the context to be evaluated.
* @p: Supplies a pointer to the property to be evaluated.
*
- * This is a placeholder. The actual function will be introduced in the
- * latter commits.
+ * This function Determines whether the specified @ctx
+ * matches the conditions defined by a rule property @p.
*
* Return:
* * %true - The current @ctx match the @p
@@ -45,7 +73,14 @@ void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
struct ipe_prop *p)
{
- return false;
+ switch (p->type) {
+ case IPE_PROP_BOOT_VERIFIED_FALSE:
+ return !evaluate_boot_verified(ctx);
+ case IPE_PROP_BOOT_VERIFIED_TRUE:
+ return evaluate_boot_verified(ctx);
+ default:
+ return false;
+ }
}
/**
diff --git a/security/ipe/eval.h b/security/ipe/eval.h
index 00ed8ceca10e..0fa6492354dd 100644
--- a/security/ipe/eval.h
+++ b/security/ipe/eval.h
@@ -15,10 +15,15 @@
extern struct ipe_policy __rcu *ipe_active_policy;
+struct ipe_superblock {
+ bool initramfs;
+};
+
struct ipe_eval_ctx {
enum ipe_op_type op;
const struct file *file;
+ bool initramfs;
};
void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
index f2aaa749dd7b..76370919aac0 100644
--- a/security/ipe/hooks.c
+++ b/security/ipe/hooks.c
@@ -4,6 +4,7 @@
*/
#include <linux/fs.h>
+#include <linux/fs_struct.h>
#include <linux/types.h>
#include <linux/binfmts.h>
#include <linux/mman.h>
@@ -182,3 +183,11 @@ int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents)
ipe_build_eval_ctx(&ctx, NULL, op);
return ipe_evaluate_event(&ctx);
}
+
+/**
+ * ipe_unpack_initramfs() - Mark the current rootfs as initramfs.
+ */
+void ipe_unpack_initramfs(void)
+{
+ ipe_sb(current->fs->root.mnt->mnt_sb)->initramfs = true;
+}
diff --git a/security/ipe/hooks.h b/security/ipe/hooks.h
index c22c3336d27c..4de5fabebd54 100644
--- a/security/ipe/hooks.h
+++ b/security/ipe/hooks.h
@@ -22,4 +22,6 @@ int ipe_kernel_read_file(struct file *file, enum kernel_read_file_id id,
int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents);
+void ipe_unpack_initramfs(void);
+
#endif /* _IPE_HOOKS_H */
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 729334812636..28555eadb7f3 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -5,9 +5,11 @@
#include <uapi/linux/lsm.h>
#include "ipe.h"
+#include "eval.h"
#include "hooks.h"
static struct lsm_blob_sizes ipe_blobs __ro_after_init = {
+ .lbs_superblock = sizeof(struct ipe_superblock),
};
static const struct lsm_id ipe_lsmid = {
@@ -15,12 +17,18 @@ static const struct lsm_id ipe_lsmid = {
.id = LSM_ID_IPE,
};
+struct ipe_superblock *ipe_sb(const struct super_block *sb)
+{
+ return sb->s_security + ipe_blobs.lbs_superblock;
+}
+
static struct security_hook_list ipe_hooks[] __ro_after_init = {
LSM_HOOK_INIT(bprm_check_security, ipe_bprm_check_security),
LSM_HOOK_INIT(mmap_file, ipe_mmap_file),
LSM_HOOK_INIT(file_mprotect, ipe_file_mprotect),
LSM_HOOK_INIT(kernel_read_file, ipe_kernel_read_file),
LSM_HOOK_INIT(kernel_load_data, ipe_kernel_load_data),
+ LSM_HOOK_INIT(initramfs_populated, ipe_unpack_initramfs),
};
/**
diff --git a/security/ipe/ipe.h b/security/ipe/ipe.h
index adc3c45e9f53..7f1c818193a0 100644
--- a/security/ipe/ipe.h
+++ b/security/ipe/ipe.h
@@ -12,5 +12,6 @@
#define pr_fmt(fmt) "ipe: " fmt
#include <linux/lsm_hooks.h>
+struct ipe_superblock *ipe_sb(const struct super_block *sb);
#endif /* _IPE_H */
diff --git a/security/ipe/policy.h b/security/ipe/policy.h
index 8292ffaaff12..69ca8cdecd64 100644
--- a/security/ipe/policy.h
+++ b/security/ipe/policy.h
@@ -30,6 +30,8 @@ enum ipe_action_type {
#define IPE_ACTION_INVALID __IPE_ACTION_MAX
enum ipe_prop_type {
+ IPE_PROP_BOOT_VERIFIED_FALSE,
+ IPE_PROP_BOOT_VERIFIED_TRUE,
__IPE_PROP_MAX
};
diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c
index 32064262348a..84cc688be3a2 100644
--- a/security/ipe/policy_parser.c
+++ b/security/ipe/policy_parser.c
@@ -270,13 +270,19 @@ static enum ipe_action_type parse_action(char *t)
return match_token(t, action_tokens, args);
}
+static const match_table_t property_tokens = {
+ {IPE_PROP_BOOT_VERIFIED_FALSE, "boot_verified=FALSE"},
+ {IPE_PROP_BOOT_VERIFIED_TRUE, "boot_verified=TRUE"},
+ {IPE_PROP_INVALID, NULL}
+};
+
/**
* parse_property() - Parse a rule property given a token string.
* @t: Supplies the token string to be parsed.
* @r: Supplies the ipe_rule the parsed property will be associated with.
*
- * This is a placeholder. The actual function will be introduced in the
- * latter commits.
+ * This function parses and associates a property with an IPE rule based
+ * on a token string.
*
* Return:
* * %0 - Success
@@ -285,7 +291,34 @@ static enum ipe_action_type parse_action(char *t)
*/
static int parse_property(char *t, struct ipe_rule *r)
{
- return -EBADMSG;
+ substring_t args[MAX_OPT_ARGS];
+ struct ipe_prop *p = NULL;
+ int rc = 0;
+ int token;
+
+ p = kzalloc(sizeof(*p), GFP_KERNEL);
+ if (!p)
+ return -ENOMEM;
+
+ token = match_token(t, property_tokens, args);
+
+ switch (token) {
+ case IPE_PROP_BOOT_VERIFIED_FALSE:
+ case IPE_PROP_BOOT_VERIFIED_TRUE:
+ p->type = token;
+ break;
+ default:
+ rc = -EBADMSG;
+ break;
+ }
+ if (rc)
+ goto err;
+ list_add_tail(&p->next, &r->props);
+
+ return rc;
+err:
+ kfree(p);
+ return rc;
}
/**
--
2.44.0
When deleting a directory in the security file system, the existing
securityfs_remove requires the directory to be empty, otherwise
it will do nothing. This leads to a potential risk that the security
file system might be in an unclean state when the intended deletion
did not happen.
This commit introduces a new function securityfs_recursive_remove
to recursively delete a directory without leaving an unclean state.
Co-developed-by: Christian Brauner (Microsoft) <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v1-v8:
+ Not present
v9:
+ Introduced
v10:
+ No changes
v11:
+ Fix code style issues
v12:
+ No changes
v13:
+ No changes
v14:
+ No changes
v15:
+ No changes
v16:
+ No changes
v17:
+ No changes
v18:
+ No changes
---
include/linux/security.h | 1 +
security/inode.c | 25 +++++++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 14fff542f2e3..f35af7b6cfba 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -2089,6 +2089,7 @@ struct dentry *securityfs_create_symlink(const char *name,
const char *target,
const struct inode_operations *iops);
extern void securityfs_remove(struct dentry *dentry);
+extern void securityfs_recursive_remove(struct dentry *dentry);
#else /* CONFIG_SECURITYFS */
diff --git a/security/inode.c b/security/inode.c
index 9e7cde913667..f21847badb7d 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -313,6 +313,31 @@ void securityfs_remove(struct dentry *dentry)
}
EXPORT_SYMBOL_GPL(securityfs_remove);
+static void remove_one(struct dentry *victim)
+{
+ simple_release_fs(&mount, &mount_count);
+}
+
+/**
+ * securityfs_recursive_remove - recursively removes a file or directory
+ *
+ * @dentry: a pointer to a the dentry of the file or directory to be removed.
+ *
+ * This function recursively removes a file or directory in securityfs that was
+ * previously created with a call to another securityfs function (like
+ * securityfs_create_file() or variants thereof.)
+ */
+void securityfs_recursive_remove(struct dentry *dentry)
+{
+ if (IS_ERR_OR_NULL(dentry))
+ return;
+
+ simple_pin_fs(&fs_type, &mount, &mount_count);
+ simple_recursive_removal(dentry, remove_one);
+ simple_release_fs(&mount, &mount_count);
+}
+EXPORT_SYMBOL_GPL(securityfs_recursive_remove);
+
#ifdef CONFIG_SECURITY
static struct dentry *lsm_dentry;
static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
--
2.44.0
From: Deven Bowers <[email protected]>
IPE, like SELinux, supports a permissive mode. This mode allows policy
authors to test and evaluate IPE policy without it effecting their
programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS
be reported.
This patch adds the following audit records:
audit: MAC_STATUS enforcing=0 old_enforcing=1 auid=4294967295
ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
audit: MAC_STATUS enforcing=1 old_enforcing=0 auid=4294967295
ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
The audit record only emit when the value from the user input is
different from the current enforce value.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ Split evaluation loop, access control hooks,
and evaluation loop from policy parser and userspace
interface to pass mailing list character limit
v3:
+ Move ipe_load_properties to patch 04.
+ Remove useless 0-initializations
+ Prefix extern variables with ipe_
+ Remove kernel module parameters, as these are
exposed through sysctls.
+ Add more prose to the IPE base config option
help text.
+ Use GFP_KERNEL for audit_log_start.
+ Remove unnecessary caching system.
+ Remove comments from headers
+ Use rcu_access_pointer for rcu-pointer null check
+ Remove usage of reqprot; use prot only.
+ Move policy load and activation audit event to 03/12
v4:
+ Remove sysctls in favor of securityfs nodes
+ Re-add kernel module parameters, as these are now
exposed through securityfs.
+ Refactor property audit loop to a separate function.
v5:
+ fix minor grammatical errors
+ do not group rule by curly-brace in audit record,
reconstruct the exact rule.
v6:
+ No changes
v7:
+ Further split lsm creation into a separate commit from the
evaluation loop and audit system, for easier review.
+ Propagating changes to support the new ipe_context structure in the
evaluation loop.
+ Split out permissive functionality into a separate patch for easier
review.
+ Remove permissive switch compile-time configuration option - this
is trivial to add later.
v8:
+ Remove "IPE" prefix from permissive audit record
+ align fields to the linux-audit field dictionary. This causes the
following fields to change:
enforce -> permissive
+ Remove duplicated information correlated with syscall record, that
will always be present in the audit event.
+ Change audit types:
+ AUDIT_TRUST_STATUS -> AUDIT_MAC_STATUS
+ There is no significant difference in meaning between
these types.
v9:
+ Clean up ipe_context related code
v10:
+ Change audit format to comform with the existing format selinux is
using
+ Remove the audit record emission during init to align with selinux,
which does not perform this action.
v11:
+ Remove redundant code
v12:
+ Remove redundant code
v13:
+ Remove audit format macro
v14:
+ No changes
v15:
+ No changes
v16:
+ No changes
v17:
+ Fix code and documentation style issues
v18:
+ No changes
---
security/ipe/audit.c | 27 ++++++++++++++++--
security/ipe/audit.h | 1 +
security/ipe/eval.c | 11 ++++++--
security/ipe/eval.h | 1 +
security/ipe/fs.c | 66 ++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 102 insertions(+), 4 deletions(-)
diff --git a/security/ipe/audit.c b/security/ipe/audit.c
index 6a3f24665655..a416291ba477 100644
--- a/security/ipe/audit.c
+++ b/security/ipe/audit.c
@@ -93,8 +93,8 @@ void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
if (!ab)
return;
- audit_log_format(ab, "ipe_op=%s ipe_hook=%s pid=%d comm=",
- op, audit_hook_names[ctx->hook],
+ audit_log_format(ab, "ipe_op=%s ipe_hook=%s enforcing=%d pid=%d comm=",
+ op, audit_hook_names[ctx->hook], READ_ONCE(enforce),
task_tgid_nr(current));
audit_log_untrustedstring(ab, get_task_comm(comm, current));
@@ -212,3 +212,26 @@ void ipe_audit_policy_load(const struct ipe_policy *const p)
audit_log_end(ab);
}
+
+/**
+ * ipe_audit_enforce() - Audit a change in IPE's enforcement state.
+ * @new_enforce: The new value enforce to be set.
+ * @old_enforce: The old value currently in enforce.
+ */
+void ipe_audit_enforce(bool new_enforce, bool old_enforce)
+{
+ struct audit_buffer *ab;
+
+ ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS);
+ if (!ab)
+ return;
+
+ audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
+ "enforcing=%d old_enforcing=%d auid=%u ses=%u"
+ " enabled=1 old-enabled=1 lsm=ipe res=1",
+ new_enforce, old_enforce,
+ from_kuid(&init_user_ns, audit_get_loginuid(current)),
+ audit_get_sessionid(current));
+
+ audit_log_end(ab);
+}
diff --git a/security/ipe/audit.h b/security/ipe/audit.h
index 3ba8b8a91541..ed2620846a79 100644
--- a/security/ipe/audit.h
+++ b/security/ipe/audit.h
@@ -14,5 +14,6 @@ void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
void ipe_audit_policy_load(const struct ipe_policy *const p);
void ipe_audit_policy_activation(const struct ipe_policy *const op,
const struct ipe_policy *const np);
+void ipe_audit_enforce(bool new_enforce, bool old_enforce);
#endif /* _IPE_AUDIT_H */
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index 18fd5d8fa03e..dd9064974be6 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -18,6 +18,7 @@
struct ipe_policy __rcu *ipe_active_policy;
bool success_audit;
+bool enforce = true;
#define FILE_SUPERBLOCK(f) ((f)->f_path.mnt->mnt_sb)
@@ -108,6 +109,7 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
enum ipe_action_type action;
enum ipe_match match_type;
bool match = false;
+ int rc = 0;
rcu_read_lock();
@@ -160,9 +162,12 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
ipe_audit_match(ctx, match_type, action, rule);
if (action == IPE_ACTION_DENY)
- return -EACCES;
+ rc = -EACCES;
- return 0;
+ if (!READ_ONCE(enforce))
+ rc = 0;
+
+ return rc;
}
/* Set the right module name */
@@ -173,3 +178,5 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
module_param(success_audit, bool, 0400);
MODULE_PARM_DESC(success_audit, "Start IPE with success auditing enabled");
+module_param(enforce, bool, 0400);
+MODULE_PARM_DESC(enforce, "Start IPE in enforce or permissive mode");
diff --git a/security/ipe/eval.h b/security/ipe/eval.h
index 42b74a7a7c2b..80b74f55fa69 100644
--- a/security/ipe/eval.h
+++ b/security/ipe/eval.h
@@ -16,6 +16,7 @@
extern struct ipe_policy __rcu *ipe_active_policy;
extern bool success_audit;
+extern bool enforce;
struct ipe_superblock {
bool initramfs;
diff --git a/security/ipe/fs.c b/security/ipe/fs.c
index 9e410982b759..b52fb6023904 100644
--- a/security/ipe/fs.c
+++ b/security/ipe/fs.c
@@ -16,6 +16,7 @@ static struct dentry *np __ro_after_init;
static struct dentry *root __ro_after_init;
struct dentry *policy_root __ro_after_init;
static struct dentry *audit_node __ro_after_init;
+static struct dentry *enforce_node __ro_after_init;
/**
* setaudit() - Write handler for the securityfs node, "ipe/success_audit"
@@ -65,6 +66,58 @@ static ssize_t getaudit(struct file *f, char __user *data,
return simple_read_from_buffer(data, len, offset, result, 1);
}
+/**
+ * setenforce() - Write handler for the securityfs node, "ipe/enforce"
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-EPERM - Insufficient permission
+ */
+static ssize_t setenforce(struct file *f, const char __user *data,
+ size_t len, loff_t *offset)
+{
+ int rc = 0;
+ bool new_value, old_value;
+
+ if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
+ return -EPERM;
+
+ old_value = READ_ONCE(enforce);
+ rc = kstrtobool_from_user(data, len, &new_value);
+ if (rc)
+ return rc;
+
+ if (new_value != old_value) {
+ ipe_audit_enforce(new_value, old_value);
+ WRITE_ONCE(enforce, new_value);
+ }
+
+ return len;
+}
+
+/**
+ * getenforce() - Read handler for the securityfs node, "ipe/enforce"
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the read syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * Return: Length of buffer written
+ */
+static ssize_t getenforce(struct file *f, char __user *data,
+ size_t len, loff_t *offset)
+{
+ const char *result;
+
+ result = ((READ_ONCE(enforce)) ? "1" : "0");
+
+ return simple_read_from_buffer(data, len, offset, result, 1);
+}
+
/**
* new_policy() - Write handler for the securityfs node, "ipe/new_policy".
* @f: Supplies a file structure representing the securityfs node.
@@ -123,6 +176,11 @@ static const struct file_operations audit_fops = {
.read = getaudit,
};
+static const struct file_operations enforce_fops = {
+ .write = setenforce,
+ .read = getenforce,
+};
+
/**
* ipe_init_securityfs() - Initialize IPE's securityfs tree at fsinit.
*
@@ -149,6 +207,13 @@ static int __init ipe_init_securityfs(void)
goto err;
}
+ enforce_node = securityfs_create_file("enforce", 0600, root, NULL,
+ &enforce_fops);
+ if (IS_ERR(enforce_node)) {
+ rc = PTR_ERR(enforce_node);
+ goto err;
+ }
+
policy_root = securityfs_create_dir("policies", root);
if (IS_ERR(policy_root)) {
rc = PTR_ERR(policy_root);
@@ -165,6 +230,7 @@ static int __init ipe_init_securityfs(void)
err:
securityfs_remove(np);
securityfs_remove(policy_root);
+ securityfs_remove(enforce_node);
securityfs_remove(audit_node);
securityfs_remove(root);
return rc;
--
2.44.0
From: Deven Bowers <[email protected]>
Some block devices have valuable security properties that is only
accessible during the creation time.
For example, when creating a dm-verity block device, the dm-verity's
roothash and roothash signature, which are extreme important security
metadata, are passed to the kernel. However, the roothash will be saved
privately in dm-verity, which prevents the security subsystem to easily
access that information. Worse, in the current implementation the
roothash signature will be discarded after the verification, making it
impossible to utilize the roothash signature by the security subsystem.
With this patch, an LSM blob is added to the block_device structure.
This enables the security subsystem to store security-sensitive data
related to block devices within the security blob. For example, LSM can
use the new LSM blob to save the roothash signature of a dm-verity,
and LSM can make access decision based on the data inside the signature,
like the signer certificate.
The implementation follows the same approach used for security blobs in
other structures like struct file, struct inode, and struct superblock.
The initialization of the security blob occurs after the creation of the
struct block_device, performed by the security subsystem. Similarly, the
security blob is freed by the security subsystem before the struct
block_device is deallocated or freed.
This patch also introduces a new hook to save block device's integrity
data. For example, for dm-verity, LSMs can use this hook to save
the roothash signature of a dm-verity into the security blob,
and LSMs can make access decisions based on the data inside
the signature, like the signer certificate.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ No Changes
v3:
+ Minor style changes from checkpatch --strict
v4:
+ No Changes
v5:
+ Allow multiple callers to call security_bdev_setsecurity
v6:
+ Simplify security_bdev_setsecurity break condition
v7:
+ Squash all dm-verity related patches to two patches,
the additions to dm-verity/fs, and the consumption of
the additions.
v8:
+ Split dm-verity related patches squashed in v7 to 3 commits based on
topic:
+ New LSM hook
+ Consumption of hook outside LSM
+ Consumption of hook inside LSM.
+ change return of security_bdev_alloc / security_bdev_setsecurity
to LSM_RET_DEFAULT instead of 0.
+ Change return code to -EOPNOTSUPP, bring inline with other
setsecurity hooks.
v9:
+ Add Reviewed-by: Casey Schaufler <[email protected]>
+ Remove unlikely when calling LSM hook
+ Make the security field dependent on CONFIG_SECURITY
v10:
+ No changes
v11:
+ No changes
v12:
+ No changes
v13:
+ No changes
v14:
+ No changes
v15:
+ Drop security_bdev_setsecurity() for new hook
security_bdev_setintegrity() in the next commit
+ Update call_int_hook() for 260017f
v16:
+ Drop Reviewed-by tag for the new changes
+ Squash the security_bdev_setintegrity() into this commit
+ Rename enum from lsm_intgr_type to lsm_integrity_type
+ Switch to use call_int_hook() for bdev_setintegrity()
+ Correct comment
+ Fix return in security_bdev_alloc()
v17:
+ Fix a typo
+ Improve the commit subject line
v18:
+ No changes
---
block/bdev.c | 7 +++
include/linux/blk_types.h | 3 ++
include/linux/lsm_hook_defs.h | 5 ++
include/linux/lsm_hooks.h | 1 +
include/linux/security.h | 26 ++++++++++
security/security.c | 89 +++++++++++++++++++++++++++++++++++
6 files changed, 131 insertions(+)
diff --git a/block/bdev.c b/block/bdev.c
index da2a167a4d08..38f9b0e54a49 100644
--- a/block/bdev.c
+++ b/block/bdev.c
@@ -24,6 +24,7 @@
#include <linux/pseudo_fs.h>
#include <linux/uio.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <linux/part_stat.h>
#include <linux/uaccess.h>
#include <linux/stat.h>
@@ -313,6 +314,11 @@ static struct inode *bdev_alloc_inode(struct super_block *sb)
if (!ei)
return NULL;
memset(&ei->bdev, 0, sizeof(ei->bdev));
+
+ if (security_bdev_alloc(&ei->bdev)) {
+ kmem_cache_free(bdev_cachep, ei);
+ return NULL;
+ }
return &ei->vfs_inode;
}
@@ -322,6 +328,7 @@ static void bdev_free_inode(struct inode *inode)
free_percpu(bdev->bd_stats);
kfree(bdev->bd_meta_info);
+ security_bdev_free(bdev);
if (!bdev_is_partition(bdev)) {
if (bdev->bd_disk && bdev->bd_disk->bdi)
diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h
index cb1526ec44b5..effe3c4e6b35 100644
--- a/include/linux/blk_types.h
+++ b/include/linux/blk_types.h
@@ -70,6 +70,9 @@ struct block_device {
#endif
bool bd_ro_warned;
int bd_writers;
+#ifdef CONFIG_SECURITY
+ void *security;
+#endif
/*
* keep this out-of-line as it's both big and not needed in the fast
* path
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 7db99ae75651..b391a7f13053 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -452,3 +452,8 @@ LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd)
#endif /* CONFIG_IO_URING */
LSM_HOOK(void, LSM_RET_VOID, initramfs_populated, void)
+
+LSM_HOOK(int, 0, bdev_alloc_security, struct block_device *bdev)
+LSM_HOOK(void, LSM_RET_VOID, bdev_free_security, struct block_device *bdev)
+LSM_HOOK(int, 0, bdev_setintegrity, struct block_device *bdev,
+ enum lsm_integrity_type type, const void *value, size_t size)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index a2ade0ffe9e7..f1692179aa56 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -78,6 +78,7 @@ struct lsm_blob_sizes {
int lbs_msg_msg;
int lbs_task;
int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
+ int lbs_bdev;
};
/**
diff --git a/include/linux/security.h b/include/linux/security.h
index f35af7b6cfba..ac0985641611 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -83,6 +83,10 @@ enum lsm_event {
LSM_POLICY_CHANGE,
};
+enum lsm_integrity_type {
+ __LSM_INT_MAX
+};
+
/*
* These are reasons that can be passed to the security_locked_down()
* LSM hook. Lockdown reasons that protect kernel integrity (ie, the
@@ -509,6 +513,11 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
int security_locked_down(enum lockdown_reason what);
int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
void *val, size_t val_len, u64 id, u64 flags);
+int security_bdev_alloc(struct block_device *bdev);
+void security_bdev_free(struct block_device *bdev);
+int security_bdev_setintegrity(struct block_device *bdev,
+ enum lsm_integrity_type type, const void *value,
+ size_t size);
#else /* CONFIG_SECURITY */
static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
@@ -1483,6 +1492,23 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
{
return -EOPNOTSUPP;
}
+
+static inline int security_bdev_alloc(struct block_device *bdev)
+{
+ return 0;
+}
+
+static inline void security_bdev_free(struct block_device *bdev)
+{
+}
+
+static inline int security_bdev_setintegrity(struct block_device *bdev,
+ enum lsm_integrity_type type,
+ const void *value, size_t size)
+{
+ return 0;
+}
+
#endif /* CONFIG_SECURITY */
#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
diff --git a/security/security.c b/security/security.c
index 0db5a6b32aab..3a7724c3dd76 100644
--- a/security/security.c
+++ b/security/security.c
@@ -29,6 +29,7 @@
#include <linux/msg.h>
#include <linux/overflow.h>
#include <net/flow.h>
+#include <linux/fs.h>
/* How many LSMs were built into the kernel? */
#define LSM_COUNT (__end_lsm_info - __start_lsm_info)
@@ -232,6 +233,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
lsm_set_blob_size(&needed->lbs_xattr_count,
&blob_sizes.lbs_xattr_count);
+ lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev);
}
/* Prepare LSM for initialization. */
@@ -405,6 +407,7 @@ static void __init ordered_lsm_init(void)
init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
init_debug("task blob size = %d\n", blob_sizes.lbs_task);
init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
+ init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev);
/*
* Create any kmem_caches needed for blobs
@@ -737,6 +740,28 @@ static int lsm_msg_msg_alloc(struct msg_msg *mp)
return 0;
}
+/**
+ * lsm_bdev_alloc - allocate a composite block_device blob
+ * @bdev: the block_device that needs a blob
+ *
+ * Allocate the block_device blob for all the modules
+ *
+ * Returns 0, or -ENOMEM if memory can't be allocated.
+ */
+static int lsm_bdev_alloc(struct block_device *bdev)
+{
+ if (blob_sizes.lbs_bdev == 0) {
+ bdev->security = NULL;
+ return 0;
+ }
+
+ bdev->security = kzalloc(blob_sizes.lbs_bdev, GFP_KERNEL);
+ if (!bdev->security)
+ return -ENOMEM;
+
+ return 0;
+}
+
/**
* lsm_early_task - during initialization allocate a composite task blob
* @task: the task that needs a blob
@@ -5568,6 +5593,70 @@ int security_locked_down(enum lockdown_reason what)
}
EXPORT_SYMBOL(security_locked_down);
+/**
+ * security_bdev_alloc() - Allocate a block device LSM blob
+ * @bdev: block device
+ *
+ * Allocate and attach a security structure to @bdev->security. The
+ * security field is initialized to NULL when the bdev structure is
+ * allocated.
+ *
+ * Return: Return 0 if operation was successful.
+ */
+int security_bdev_alloc(struct block_device *bdev)
+{
+ int rc = 0;
+
+ rc = lsm_bdev_alloc(bdev);
+ if (unlikely(rc))
+ return rc;
+
+ rc = call_int_hook(bdev_alloc_security, bdev);
+ if (unlikely(rc))
+ security_bdev_free(bdev);
+
+ return rc;
+}
+EXPORT_SYMBOL(security_bdev_alloc);
+
+/**
+ * security_bdev_free() - Free a block device's LSM blob
+ * @bdev: block device
+ *
+ * Deallocate the bdev security structure and set @bdev->security to NULL.
+ */
+void security_bdev_free(struct block_device *bdev)
+{
+ if (!bdev->security)
+ return;
+
+ call_void_hook(bdev_free_security, bdev);
+
+ kfree(bdev->security);
+ bdev->security = NULL;
+}
+EXPORT_SYMBOL(security_bdev_free);
+
+/**
+ * security_bdev_setintegrity() - Set the device's integrity data
+ * @bdev: block device
+ * @type: type of integrity, e.g. hash digest, signature, etc
+ * @value: the integrity value
+ * @size: size of the integrity value
+ *
+ * Register a verified integrity measurement of a bdev with LSMs.
+ * LSMs should free the previously saved data if @value is NULL.
+ *
+ * Return: Returns 0 on success, negative values on failure.
+ */
+int security_bdev_setintegrity(struct block_device *bdev,
+ enum lsm_integrity_type type, const void *value,
+ size_t size)
+{
+ return call_int_hook(bdev_setintegrity, bdev, type, value, size);
+}
+EXPORT_SYMBOL(security_bdev_setintegrity);
+
#ifdef CONFIG_PERF_EVENTS
/**
* security_perf_event_open() - Check if a perf event open is allowed
--
2.44.0
From: Deven Bowers <[email protected]>
As is typical with LSMs, IPE uses securityfs as its interface with
userspace. for a complete list of the interfaces and the respective
inputs/outputs, please see the documentation under
admin-guide/LSM/ipe.rst
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ Split evaluation loop, access control hooks,
and evaluation loop from policy parser and userspace
interface to pass mailing list character limit
v3:
+ Move policy load and activation audit event to 03/12
+ Fix a potential panic when a policy failed to load.
+ use pr_warn for a failure to parse instead of an
audit record
+ Remove comments from headers
+ Add lockdep assertions to ipe_update_active_policy and
ipe_activate_policy
+ Fix up warnings with checkpatch --strict
+ Use file_ns_capable for CAP_MAC_ADMIN for securityfs
nodes.
+ Use memdup_user instead of kzalloc+simple_write_to_buffer.
+ Remove strict_parse command line parameter, as it is added
by the sysctl command line.
+ Prefix extern variables with ipe_
v4:
+ Remove securityfs to reverse-dependency
+ Add SHA1 reverse dependency.
+ Add versioning scheme for IPE properties, and associated
interface to query the versioning scheme.
+ Cause a parser to always return an error on unknown syntax.
+ Remove strict_parse option
+ Change active_policy interface from sysctl, to securityfs,
and change scheme.
v5:
+ Cause an error if a default action is not defined for each
operation.
+ Minor function renames
v6:
+ No changes
v7:
+ Propagating changes to support the new ipe_context structure in the
evaluation loop.
+ Further split the parser and userspace interface changes into
separate commits.
+ "raw" was renamed to "pkcs7" and made read only
+ "raw"'s write functionality (update a policy) moved to "update"
+ introduced "version", "policy_name" nodes.
+ "content" renamed to "policy"
+ changes to allow the compiled-in policy to be treated
identical to deployed-after-the-fact policies.
v8:
+ Prevent securityfs initialization if the LSM is disabled
v9:
+ Switch to securityfs_recursive_remove for policy folder deletion
v10:
+ Simplify and correct concurrency
+ Fix typos
v11:
+ Correct code comments
v12:
+ Correct locking and remove redundant code
v13:
+ Move the free of old policy into the ipe_update_policy function
v14:
+ No changes
v15:
+ No changes
v16:
+ No changes
v17:
+ Add years to license header
+ Fix code and documentation style issues
v18:
+ No changes
---
security/ipe/Makefile | 2 +
security/ipe/fs.c | 105 +++++++++
security/ipe/fs.h | 16 ++
security/ipe/ipe.c | 3 +
security/ipe/ipe.h | 2 +
security/ipe/policy.c | 121 ++++++++++
security/ipe/policy.h | 7 +
security/ipe/policy_fs.c | 470 +++++++++++++++++++++++++++++++++++++++
8 files changed, 726 insertions(+)
create mode 100644 security/ipe/fs.c
create mode 100644 security/ipe/fs.h
create mode 100644 security/ipe/policy_fs.c
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index e1c27e974c5c..b97f8c10fe01 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -8,6 +8,8 @@
obj-$(CONFIG_SECURITY_IPE) += \
eval.o \
hooks.o \
+ fs.o \
ipe.o \
policy.o \
+ policy_fs.o \
policy_parser.o \
diff --git a/security/ipe/fs.c b/security/ipe/fs.c
new file mode 100644
index 000000000000..49484c8feead
--- /dev/null
+++ b/security/ipe/fs.c
@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#include <linux/dcache.h>
+#include <linux/security.h>
+
+#include "ipe.h"
+#include "fs.h"
+#include "policy.h"
+
+static struct dentry *np __ro_after_init;
+static struct dentry *root __ro_after_init;
+struct dentry *policy_root __ro_after_init;
+
+/**
+ * new_policy() - Write handler for the securityfs node, "ipe/new_policy".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-EPERM - Insufficient permission
+ * * %-ENOMEM - Out of memory (OOM)
+ * * %-EBADMSG - Policy is invalid
+ * * %-ERANGE - Policy version number overflow
+ * * %-EINVAL - Policy version parsing error
+ * * %-EEXIST - Same name policy already deployed
+ */
+static ssize_t new_policy(struct file *f, const char __user *data,
+ size_t len, loff_t *offset)
+{
+ struct ipe_policy *p = NULL;
+ char *copy = NULL;
+ int rc = 0;
+
+ if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
+ return -EPERM;
+
+ copy = memdup_user_nul(data, len);
+ if (IS_ERR(copy))
+ return PTR_ERR(copy);
+
+ p = ipe_new_policy(NULL, 0, copy, len);
+ if (IS_ERR(p)) {
+ rc = PTR_ERR(p);
+ goto out;
+ }
+
+ rc = ipe_new_policyfs_node(p);
+
+out:
+ if (rc < 0)
+ ipe_free_policy(p);
+ kfree(copy);
+ return (rc < 0) ? rc : len;
+}
+
+static const struct file_operations np_fops = {
+ .write = new_policy,
+};
+
+/**
+ * ipe_init_securityfs() - Initialize IPE's securityfs tree at fsinit.
+ *
+ * Return: %0 on success. If an error occurs, the function will return
+ * the -errno.
+ */
+static int __init ipe_init_securityfs(void)
+{
+ int rc = 0;
+
+ if (!ipe_enabled)
+ return -EOPNOTSUPP;
+
+ root = securityfs_create_dir("ipe", NULL);
+ if (IS_ERR(root)) {
+ rc = PTR_ERR(root);
+ goto err;
+ }
+
+ policy_root = securityfs_create_dir("policies", root);
+ if (IS_ERR(policy_root)) {
+ rc = PTR_ERR(policy_root);
+ goto err;
+ }
+
+ np = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops);
+ if (IS_ERR(np)) {
+ rc = PTR_ERR(np);
+ goto err;
+ }
+
+ return 0;
+err:
+ securityfs_remove(np);
+ securityfs_remove(policy_root);
+ securityfs_remove(root);
+ return rc;
+}
+
+fs_initcall(ipe_init_securityfs);
diff --git a/security/ipe/fs.h b/security/ipe/fs.h
new file mode 100644
index 000000000000..0141ae8e86ec
--- /dev/null
+++ b/security/ipe/fs.h
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#ifndef _IPE_FS_H
+#define _IPE_FS_H
+
+#include "policy.h"
+
+extern struct dentry *policy_root __ro_after_init;
+
+int ipe_new_policyfs_node(struct ipe_policy *p);
+void ipe_del_policyfs_node(struct ipe_policy *p);
+
+#endif /* _IPE_FS_H */
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 28555eadb7f3..53f2196b9bcc 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -8,6 +8,8 @@
#include "eval.h"
#include "hooks.h"
+bool ipe_enabled;
+
static struct lsm_blob_sizes ipe_blobs __ro_after_init = {
.lbs_superblock = sizeof(struct ipe_superblock),
};
@@ -45,6 +47,7 @@ static struct security_hook_list ipe_hooks[] __ro_after_init = {
static int __init ipe_init(void)
{
security_add_hooks(ipe_hooks, ARRAY_SIZE(ipe_hooks), &ipe_lsmid);
+ ipe_enabled = true;
return 0;
}
diff --git a/security/ipe/ipe.h b/security/ipe/ipe.h
index 7f1c818193a0..4aa18d1d0525 100644
--- a/security/ipe/ipe.h
+++ b/security/ipe/ipe.h
@@ -14,4 +14,6 @@
#include <linux/lsm_hooks.h>
struct ipe_superblock *ipe_sb(const struct super_block *sb);
+extern bool ipe_enabled;
+
#endif /* _IPE_H */
diff --git a/security/ipe/policy.c b/security/ipe/policy.c
index dd7b5b79903a..112913f83c6d 100644
--- a/security/ipe/policy.c
+++ b/security/ipe/policy.c
@@ -7,9 +7,36 @@
#include <linux/verification.h>
#include "ipe.h"
+#include "eval.h"
+#include "fs.h"
#include "policy.h"
#include "policy_parser.h"
+/* lock for synchronizing writers across ipe policy */
+DEFINE_MUTEX(ipe_policy_lock);
+
+/**
+ * ver_to_u64() - Convert an internal ipe_policy_version to a u64.
+ * @p: Policy to extract the version from.
+ *
+ * Bits (LSB is index 0):
+ * [48,32] -> Major
+ * [32,16] -> Minor
+ * [16, 0] -> Revision
+ *
+ * Return: u64 version of the embedded version structure.
+ */
+static inline u64 ver_to_u64(const struct ipe_policy *const p)
+{
+ u64 r;
+
+ r = (((u64)p->parsed->version.major) << 32)
+ | (((u64)p->parsed->version.minor) << 16)
+ | ((u64)(p->parsed->version.rev));
+
+ return r;
+}
+
/**
* ipe_free_policy() - Deallocate a given IPE policy.
* @p: Supplies the policy to free.
@@ -21,6 +48,7 @@ void ipe_free_policy(struct ipe_policy *p)
if (IS_ERR_OR_NULL(p))
return;
+ ipe_del_policyfs_node(p);
ipe_free_parsed_policy(p->parsed);
/*
* p->text is allocated only when p->pkcs7 is not NULL
@@ -43,6 +71,66 @@ static int set_pkcs7_data(void *ctx, const void *data, size_t len,
return 0;
}
+/**
+ * ipe_update_policy() - parse a new policy and replace old with it.
+ * @root: Supplies a pointer to the securityfs inode saved the policy.
+ * @text: Supplies a pointer to the plain text policy.
+ * @textlen: Supplies the length of @text.
+ * @pkcs7: Supplies a pointer to a buffer containing a pkcs7 message.
+ * @pkcs7len: Supplies the length of @pkcs7len.
+ *
+ * @text/@textlen is mutually exclusive with @pkcs7/@pkcs7len - see
+ * ipe_new_policy.
+ *
+ * Context: Requires root->i_rwsem to be held.
+ * Return: %0 on success. If an error occurs, the function will return
+ * the -errno.
+ */
+int ipe_update_policy(struct inode *root, const char *text, size_t textlen,
+ const char *pkcs7, size_t pkcs7len)
+{
+ struct ipe_policy *old, *ap, *new = NULL;
+ int rc = 0;
+
+ old = (struct ipe_policy *)root->i_private;
+ if (!old)
+ return -ENOENT;
+
+ new = ipe_new_policy(text, textlen, pkcs7, pkcs7len);
+ if (IS_ERR(new))
+ return PTR_ERR(new);
+
+ if (strcmp(new->parsed->name, old->parsed->name)) {
+ rc = -EINVAL;
+ goto err;
+ }
+
+ if (ver_to_u64(old) > ver_to_u64(new)) {
+ rc = -EINVAL;
+ goto err;
+ }
+
+ root->i_private = new;
+ swap(new->policyfs, old->policyfs);
+
+ mutex_lock(&ipe_policy_lock);
+ ap = rcu_dereference_protected(ipe_active_policy,
+ lockdep_is_held(&ipe_policy_lock));
+ if (old == ap) {
+ rcu_assign_pointer(ipe_active_policy, new);
+ mutex_unlock(&ipe_policy_lock);
+ synchronize_rcu();
+ } else {
+ mutex_unlock(&ipe_policy_lock);
+ }
+ ipe_free_policy(old);
+
+ return 0;
+err:
+ ipe_free_policy(new);
+ return rc;
+}
+
/**
* ipe_new_policy() - Allocate and parse an ipe_policy structure.
*
@@ -101,3 +189,36 @@ struct ipe_policy *ipe_new_policy(const char *text, size_t textlen,
ipe_free_policy(new);
return ERR_PTR(rc);
}
+
+/**
+ * ipe_set_active_pol() - Make @p the active policy.
+ * @p: Supplies a pointer to the policy to make active.
+ *
+ * Context: Requires root->i_rwsem, which i_private has the policy, to be held.
+ * Return:
+ * * %0 - Success
+ * * %-EINVAL - New active policy version is invalid
+ */
+int ipe_set_active_pol(const struct ipe_policy *p)
+{
+ struct ipe_policy *ap = NULL;
+
+ mutex_lock(&ipe_policy_lock);
+
+ ap = rcu_dereference_protected(ipe_active_policy,
+ lockdep_is_held(&ipe_policy_lock));
+ if (ap == p) {
+ mutex_unlock(&ipe_policy_lock);
+ return 0;
+ }
+ if (ap && ver_to_u64(ap) > ver_to_u64(p)) {
+ mutex_unlock(&ipe_policy_lock);
+ return -EINVAL;
+ }
+
+ rcu_assign_pointer(ipe_active_policy, p);
+ mutex_unlock(&ipe_policy_lock);
+ synchronize_rcu();
+
+ return 0;
+}
diff --git a/security/ipe/policy.h b/security/ipe/policy.h
index 69ca8cdecd64..ffd60cc7fda6 100644
--- a/security/ipe/policy.h
+++ b/security/ipe/policy.h
@@ -7,6 +7,7 @@
#include <linux/list.h>
#include <linux/types.h>
+#include <linux/fs.h>
enum ipe_op_type {
IPE_OP_EXEC = 0,
@@ -76,10 +77,16 @@ struct ipe_policy {
size_t textlen;
struct ipe_parsed_policy *parsed;
+
+ struct dentry *policyfs;
};
struct ipe_policy *ipe_new_policy(const char *text, size_t textlen,
const char *pkcs7, size_t pkcs7len);
void ipe_free_policy(struct ipe_policy *pol);
+int ipe_update_policy(struct inode *root, const char *text, size_t textlen,
+ const char *pkcs7, size_t pkcs7len);
+int ipe_set_active_pol(const struct ipe_policy *p);
+extern struct mutex ipe_policy_lock;
#endif /* _IPE_POLICY_H */
diff --git a/security/ipe/policy_fs.c b/security/ipe/policy_fs.c
new file mode 100644
index 000000000000..c19c06627efb
--- /dev/null
+++ b/security/ipe/policy_fs.c
@@ -0,0 +1,470 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+#include <linux/fs.h>
+#include <linux/namei.h>
+#include <linux/types.h>
+#include <linux/dcache.h>
+#include <linux/security.h>
+
+#include "ipe.h"
+#include "policy.h"
+#include "eval.h"
+#include "fs.h"
+
+#define MAX_VERSION_SIZE ARRAY_SIZE("65535.65535.65535")
+
+/**
+ * ipefs_file - defines a file in securityfs.
+ */
+struct ipefs_file {
+ const char *name;
+ umode_t access;
+ const struct file_operations *fops;
+};
+
+/**
+ * read_pkcs7() - Read handler for "ipe/policies/$name/pkcs7".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * @data will be populated with the pkcs7 blob representing the policy
+ * on success. If the policy is unsigned (like the boot policy), this
+ * will return -ENOENT.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-ENOENT - Policy initializing/deleted or is unsigned
+ */
+static ssize_t read_pkcs7(struct file *f, char __user *data,
+ size_t len, loff_t *offset)
+{
+ const struct ipe_policy *p = NULL;
+ struct inode *root = NULL;
+ int rc = 0;
+
+ root = d_inode(f->f_path.dentry->d_parent);
+
+ inode_lock_shared(root);
+ p = (struct ipe_policy *)root->i_private;
+ if (!p) {
+ rc = -ENOENT;
+ goto out;
+ }
+
+ if (!p->pkcs7) {
+ rc = -ENOENT;
+ goto out;
+ }
+
+ rc = simple_read_from_buffer(data, len, offset, p->pkcs7, p->pkcs7len);
+
+out:
+ inode_unlock_shared(root);
+
+ return rc;
+}
+
+/**
+ * read_policy() - Read handler for "ipe/policies/$name/policy".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * @data will be populated with the plain-text version of the policy
+ * on success.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-ENOENT - Policy initializing/deleted
+ */
+static ssize_t read_policy(struct file *f, char __user *data,
+ size_t len, loff_t *offset)
+{
+ const struct ipe_policy *p = NULL;
+ struct inode *root = NULL;
+ int rc = 0;
+
+ root = d_inode(f->f_path.dentry->d_parent);
+
+ inode_lock_shared(root);
+ p = (struct ipe_policy *)root->i_private;
+ if (!p) {
+ rc = -ENOENT;
+ goto out;
+ }
+
+ rc = simple_read_from_buffer(data, len, offset, p->text, p->textlen);
+
+out:
+ inode_unlock_shared(root);
+
+ return rc;
+}
+
+/**
+ * read_name() - Read handler for "ipe/policies/$name/name".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * @data will be populated with the policy_name attribute on success.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-ENOENT - Policy initializing/deleted
+ */
+static ssize_t read_name(struct file *f, char __user *data,
+ size_t len, loff_t *offset)
+{
+ const struct ipe_policy *p = NULL;
+ struct inode *root = NULL;
+ int rc = 0;
+
+ root = d_inode(f->f_path.dentry->d_parent);
+
+ inode_lock_shared(root);
+ p = (struct ipe_policy *)root->i_private;
+ if (!p) {
+ rc = -ENOENT;
+ goto out;
+ }
+
+ rc = simple_read_from_buffer(data, len, offset, p->parsed->name,
+ strlen(p->parsed->name));
+
+out:
+ inode_unlock_shared(root);
+
+ return rc;
+}
+
+/**
+ * read_version() - Read handler for "ipe/policies/$name/version".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * @data will be populated with the version string on success.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-ENOENT - Policy initializing/deleted
+ */
+static ssize_t read_version(struct file *f, char __user *data,
+ size_t len, loff_t *offset)
+{
+ char buffer[MAX_VERSION_SIZE] = { 0 };
+ const struct ipe_policy *p = NULL;
+ struct inode *root = NULL;
+ size_t strsize = 0;
+ ssize_t rc = 0;
+
+ root = d_inode(f->f_path.dentry->d_parent);
+
+ inode_lock_shared(root);
+ p = (struct ipe_policy *)root->i_private;
+ if (!p) {
+ rc = -ENOENT;
+ goto out;
+ }
+
+ strsize = scnprintf(buffer, ARRAY_SIZE(buffer), "%hu.%hu.%hu",
+ p->parsed->version.major, p->parsed->version.minor,
+ p->parsed->version.rev);
+
+ rc = simple_read_from_buffer(data, len, offset, buffer, strsize);
+
+out:
+ inode_unlock_shared(root);
+
+ return rc;
+}
+
+/**
+ * setactive() - Write handler for "ipe/policies/$name/active".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-EPERM - Insufficient permission
+ * * %-EINVAL - Invalid input
+ * * %-ENOENT - Policy initializing/deleted
+ */
+static ssize_t setactive(struct file *f, const char __user *data,
+ size_t len, loff_t *offset)
+{
+ const struct ipe_policy *p = NULL;
+ struct inode *root = NULL;
+ bool value = false;
+ int rc = 0;
+
+ if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
+ return -EPERM;
+
+ rc = kstrtobool_from_user(data, len, &value);
+ if (rc)
+ return rc;
+
+ if (!value)
+ return -EINVAL;
+
+ root = d_inode(f->f_path.dentry->d_parent);
+ inode_lock(root);
+
+ p = (struct ipe_policy *)root->i_private;
+ if (!p) {
+ rc = -ENOENT;
+ goto out;
+ }
+
+ rc = ipe_set_active_pol(p);
+
+out:
+ inode_unlock(root);
+ return (rc < 0) ? rc : len;
+}
+
+/**
+ * getactive() - Read handler for "ipe/policies/$name/active".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * @data will be populated with the 1 or 0 depending on if the
+ * corresponding policy is active.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-ENOENT - Policy initializing/deleted
+ */
+static ssize_t getactive(struct file *f, char __user *data,
+ size_t len, loff_t *offset)
+{
+ const struct ipe_policy *p = NULL;
+ struct inode *root = NULL;
+ const char *str;
+ int rc = 0;
+
+ root = d_inode(f->f_path.dentry->d_parent);
+
+ inode_lock_shared(root);
+ p = (struct ipe_policy *)root->i_private;
+ if (!p) {
+ inode_unlock_shared(root);
+ return -ENOENT;
+ }
+ inode_unlock_shared(root);
+
+ str = (p == rcu_access_pointer(ipe_active_policy)) ? "1" : "0";
+ rc = simple_read_from_buffer(data, len, offset, str, 1);
+
+ return rc;
+}
+
+/**
+ * update_policy() - Write handler for "ipe/policies/$name/update".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * On success this updates the policy represented by $name,
+ * in-place.
+ *
+ * Return: Length of buffer written on success. If an error occurs,
+ * the function will return the -errno.
+ */
+static ssize_t update_policy(struct file *f, const char __user *data,
+ size_t len, loff_t *offset)
+{
+ struct inode *root = NULL;
+ char *copy = NULL;
+ int rc = 0;
+
+ if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
+ return -EPERM;
+
+ copy = memdup_user(data, len);
+ if (IS_ERR(copy))
+ return PTR_ERR(copy);
+
+ root = d_inode(f->f_path.dentry->d_parent);
+ inode_lock(root);
+ rc = ipe_update_policy(root, NULL, 0, copy, len);
+ inode_unlock(root);
+
+ kfree(copy);
+ if (rc)
+ return rc;
+
+ return len;
+}
+
+/**
+ * delete_policy() - write handler for "ipe/policies/$name/delete".
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * On success this deletes the policy represented by $name.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-EPERM - Insufficient permission/deleting active policy
+ * * %-EINVAL - Invalid input
+ * * %-ENOENT - Policy initializing/deleted
+ */
+static ssize_t delete_policy(struct file *f, const char __user *data,
+ size_t len, loff_t *offset)
+{
+ struct ipe_policy *ap = NULL;
+ struct ipe_policy *p = NULL;
+ struct inode *root = NULL;
+ bool value = false;
+ int rc = 0;
+
+ if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
+ return -EPERM;
+
+ rc = kstrtobool_from_user(data, len, &value);
+ if (rc)
+ return rc;
+
+ if (!value)
+ return -EINVAL;
+
+ root = d_inode(f->f_path.dentry->d_parent);
+ inode_lock(root);
+ p = (struct ipe_policy *)root->i_private;
+ if (!p) {
+ inode_unlock(root);
+ return -ENOENT;
+ }
+
+ mutex_lock(&ipe_policy_lock);
+ ap = rcu_dereference_protected(ipe_active_policy,
+ lockdep_is_held(&ipe_policy_lock));
+ if (p == ap) {
+ mutex_unlock(&ipe_policy_lock);
+ inode_unlock(root);
+ return -EPERM;
+ }
+ mutex_unlock(&ipe_policy_lock);
+
+ root->i_private = NULL;
+ inode_unlock(root);
+
+ ipe_free_policy(p);
+ return len;
+}
+
+static const struct file_operations content_fops = {
+ .read = read_policy,
+};
+
+static const struct file_operations pkcs7_fops = {
+ .read = read_pkcs7,
+};
+
+static const struct file_operations name_fops = {
+ .read = read_name,
+};
+
+static const struct file_operations ver_fops = {
+ .read = read_version,
+};
+
+static const struct file_operations active_fops = {
+ .write = setactive,
+ .read = getactive,
+};
+
+static const struct file_operations update_fops = {
+ .write = update_policy,
+};
+
+static const struct file_operations delete_fops = {
+ .write = delete_policy,
+};
+
+/**
+ * policy_subdir - files under a policy subdirectory
+ */
+static const struct ipefs_file policy_subdir[] = {
+ { "pkcs7", 0444, &pkcs7_fops },
+ { "policy", 0444, &content_fops },
+ { "name", 0444, &name_fops },
+ { "version", 0444, &ver_fops },
+ { "active", 0600, &active_fops },
+ { "update", 0200, &update_fops },
+ { "delete", 0200, &delete_fops },
+};
+
+/**
+ * ipe_del_policyfs_node() - Delete a securityfs entry for @p.
+ * @p: Supplies a pointer to the policy to delete a securityfs entry for.
+ */
+void ipe_del_policyfs_node(struct ipe_policy *p)
+{
+ securityfs_recursive_remove(p->policyfs);
+ p->policyfs = NULL;
+}
+
+/**
+ * ipe_new_policyfs_node() - Create a securityfs entry for @p.
+ * @p: Supplies a pointer to the policy to create a securityfs entry for.
+ *
+ * Return: %0 on success. If an error occurs, the function will return
+ * the -errno.
+ */
+int ipe_new_policyfs_node(struct ipe_policy *p)
+{
+ const struct ipefs_file *f = NULL;
+ struct dentry *policyfs = NULL;
+ struct inode *root = NULL;
+ struct dentry *d = NULL;
+ size_t i = 0;
+ int rc = 0;
+
+ if (p->policyfs)
+ return 0;
+
+ policyfs = securityfs_create_dir(p->parsed->name, policy_root);
+ if (IS_ERR(policyfs))
+ return PTR_ERR(policyfs);
+
+ root = d_inode(policyfs);
+
+ for (i = 0; i < ARRAY_SIZE(policy_subdir); ++i) {
+ f = &policy_subdir[i];
+
+ d = securityfs_create_file(f->name, f->access, policyfs,
+ NULL, f->fops);
+ if (IS_ERR(d)) {
+ rc = PTR_ERR(d);
+ goto err;
+ }
+ }
+
+ inode_lock(root);
+ p->policyfs = policyfs;
+ root->i_private = p;
+ inode_unlock(root);
+
+ return 0;
+err:
+ securityfs_recursive_remove(policyfs);
+ return rc;
+}
--
2.44.0
This patch adds a target finalize hook.
The hook is triggered just before activating an inactive table of a
mapped device. If it returns an error the __bind get cancelled.
The dm-verity target will use this hook to attach the dm-verity's
roothash metadata to the block_device struct of the mapped device.
Signed-off-by: Fan Wu <[email protected]>
---
v1-v10:
+ Not present
v11:
+ Introduced
v12:
+ No changes
v13:
+ No changes
v14:
+ Add documentation
v15:
+ No changes
v16:
+ No changes
v17:
+ No changes
v18:
+ No changes
---
drivers/md/dm.c | 12 ++++++++++++
include/linux/device-mapper.h | 9 +++++++++
2 files changed, 21 insertions(+)
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 7d0746b37c8e..a748c3735156 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -2276,6 +2276,18 @@ static struct dm_table *__bind(struct mapped_device *md, struct dm_table *t,
goto out;
}
+ for (unsigned int i = 0; i < t->num_targets; i++) {
+ struct dm_target *ti = dm_table_get_target(t, i);
+
+ if (ti->type->finalize) {
+ ret = ti->type->finalize(ti);
+ if (ret) {
+ old_map = ERR_PTR(ret);
+ goto out;
+ }
+ }
+ }
+
old_map = rcu_dereference_protected(md->map, lockdep_is_held(&md->suspend_lock));
rcu_assign_pointer(md->map, (void *)t);
md->immutable_target_type = dm_table_get_immutable_target_type(t);
diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h
index 82b2195efaca..ad368904b1d5 100644
--- a/include/linux/device-mapper.h
+++ b/include/linux/device-mapper.h
@@ -160,6 +160,14 @@ typedef int (*dm_dax_zero_page_range_fn)(struct dm_target *ti, pgoff_t pgoff,
*/
typedef size_t (*dm_dax_recovery_write_fn)(struct dm_target *ti, pgoff_t pgoff,
void *addr, size_t bytes, struct iov_iter *i);
+/*
+ * This hook allows DM targets in an inactive table to complete their setup
+ * before the table is made active.
+ * Returns:
+ * < 0 : error
+ * = 0 : success
+ */
+typedef int (*dm_finalize_fn) (struct dm_target *target);
void dm_error(const char *message);
@@ -210,6 +218,7 @@ struct target_type {
dm_dax_direct_access_fn direct_access;
dm_dax_zero_page_range_fn dax_zero_page_range;
dm_dax_recovery_write_fn dax_recovery_write;
+ dm_finalize_fn finalize;
/* For internal device-mapper use. */
struct list_head list;
--
2.44.0
This patch enhances fsverity's capabilities to support both integrity and
authenticity protection by introducing the exposure of built-in
signatures through a new LSM hook. This functionality allows LSMs,
e.g. IPE, to enforce policies based on the authenticity and integrity of
files, specifically focusing on built-in fsverity signatures. It enables
a policy enforcement layer within LSMs for fsverity, offering granular
control over the usage of authenticity claims. For instance, a policy
could be established to permit the execution of all files with verified
built-in fsverity signatures while restricting kernel module loading
from specified fsverity files via fsverity digests.
The introduction of a security_inode_setintegrity() hook call within
fsverity's workflow ensures that the verified built-in signature of a file
is exposed to LSMs. This enables LSMs to recognize and label fsverity files
that contain a verified built-in fsverity signature. This hook is invoked
subsequent to the fsverity_verify_signature() process, guaranteeing the
signature's verification against fsverity's keyring. This mechanism is
crucial for maintaining system security, as it operates in kernel space,
effectively thwarting attempts by malicious binaries to bypass user space
stack interactions.
The second to last commit in this patch set will add a link to the IPE
documentation in fsverity.rst.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v1-v6:
+ Not present
v7:
Introduced
v8:
+ Split fs/verity/ changes and security/ changes into separate patches
+ Change signature of fsverity_create_info to accept non-const inode
+ Change signature of fsverity_verify_signature to accept non-const inode
+ Don't cast-away const from inode.
+ Digest functionality dropped in favor of:
("fs-verity: define a function to return the integrity protected
file digest")
+ Reworded commit description and title to match changes.
+ Fix a bug wherein no LSM implements the particular fsverity @name
(or LSM is disabled), and returns -EOPNOTSUPP, causing errors.
v9:
+ No changes
v10:
+ Rename the signature blob key
+ Cleanup redundant code
+ Make the hook call depends on CONFIG_FS_VERITY_BUILTIN_SIGNATURES
v11:
+ No changes
v12:
+ Add constification to the hook call
v13:
+ No changes
v14:
+ Add doc/comment to built-in signature verification
v15:
+ Add more docs related to IPE
+ Switch the hook call to security_inode_setintegrity()
v16:
+ Explicitly mention "fsverity builtin signatures" in the commit
message
+ Amend documentation in fsverity.rst
+ Fix format issue
+ Change enum name
v17:
+ Fix various documentation issues
+ Use new enum name LSM_INT_FSVERITY_BUILTINSIG_VALID
v18:
+ Fix typos
+ Move the inode_setintegrity hook call into fsverity_verify_signature()
---
Documentation/filesystems/fsverity.rst | 23 +++++++++++++++++++++--
fs/verity/signature.c | 21 ++++++++++++++++++++-
include/linux/security.h | 1 +
3 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst
index 13e4b18e5dbb..362b7a5dc300 100644
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -86,6 +86,14 @@ authenticating fs-verity file hashes include:
signature in their "security.ima" extended attribute, as controlled
by the IMA policy. For more information, see the IMA documentation.
+- Integrity Policy Enforcement (IPE). IPE supports enforcing access
+ control decisions based on immutable security properties of files,
+ including those protected by fs-verity's built-in signatures.
+ "IPE policy" specifically allows for the authorization of fs-verity
+ files using properties ``fsverity_digest`` for identifying
+ files by their verity digest, and ``fsverity_signature`` to authorize
+ files with a verified fs-verity's built-in signature.
+
- Trusted userspace code in combination with `Built-in signature
verification`_. This approach should be used only with great care.
@@ -457,7 +465,11 @@ Enabling this option adds the following:
On success, the ioctl persists the signature alongside the Merkle
tree. Then, any time the file is opened, the kernel verifies the
file's actual digest against this signature, using the certificates
- in the ".fs-verity" keyring.
+ in the ".fs-verity" keyring. This verification happens as long as the
+ file's signature exists, regardless of the state of the sysctl variable
+ "fs.verity.require_signatures" described in the next item. The IPE LSM
+ relies on this behavior to recognize and label fsverity files
+ that contain a verified built-in fsverity signature.
3. A new sysctl "fs.verity.require_signatures" is made available.
When set to 1, the kernel requires that all verity files have a
@@ -481,7 +493,7 @@ be carefully considered before using them:
- Builtin signature verification does *not* make the kernel enforce
that any files actually have fs-verity enabled. Thus, it is not a
- complete authentication policy. Currently, if it is used, the only
+ complete authentication policy. Currently, if it is used, one
way to complete the authentication policy is for trusted userspace
code to explicitly check whether files have fs-verity enabled with a
signature before they are accessed. (With
@@ -490,6 +502,13 @@ be carefully considered before using them:
could just store the signature alongside the file and verify it
itself using a cryptographic library, instead of using this feature.
+- Another approach is to utilize fs-verity builtin signature
+ verification in conjunction with the IPE LSM, which supports defining
+ a kernel-enforced, system-wide authentication policy that allows only
+ files with a verified fs-verity builtin signature to perform certain
+ operations, such as execution. Note that IPE doesn't require
+ fs.verity.require_signatures=1.
+
- A file's builtin signature can only be set at the same time that
fs-verity is being enabled on the file. Changing or deleting the
builtin signature later requires re-creating the file.
diff --git a/fs/verity/signature.c b/fs/verity/signature.c
index 90c07573dd77..727e4a22c3d0 100644
--- a/fs/verity/signature.c
+++ b/fs/verity/signature.c
@@ -17,6 +17,7 @@
#include <linux/cred.h>
#include <linux/key.h>
+#include <linux/security.h>
#include <linux/slab.h>
#include <linux/verification.h>
@@ -41,7 +42,11 @@ static struct key *fsverity_keyring;
* @sig_size: size of signature in bytes, or 0 if no signature
*
* If the file includes a signature of its fs-verity file digest, verify it
- * against the certificates in the fs-verity keyring.
+ * against the certificates in the fs-verity keyring. Note that signatures
+ * are verified regardless of the state of the 'fsverity_require_signatures'
+ * variable and the LSM subsystem relies on this behavior to help enforce
+ * file integrity policies. Please discuss changes with the LSM list
+ * (thank you!).
*
* Return: 0 on success (signature valid or not required); -errno on failure
*/
@@ -106,6 +111,20 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
return err;
}
+ /*
+ * We need to cast out const in order to set inode data
+ */
+ err = security_inode_setintegrity((struct inode *) inode,
+ LSM_INT_FSVERITY_BUILTINSIG_VALID,
+ signature,
+ le32_to_cpu(sig_size));
+
+ if (err) {
+ fsverity_err(inode, "Error %d exposing file signature to LSMs",
+ err);
+ return err;
+ }
+
return 0;
}
diff --git a/include/linux/security.h b/include/linux/security.h
index 568d96012a48..ab5f24040abc 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -92,6 +92,7 @@ struct dm_verity_digest {
enum lsm_integrity_type {
LSM_INT_DMVERITY_SIG_VALID,
LSM_INT_DMVERITY_ROOTHASH,
+ LSM_INT_FSVERITY_BUILTINSIG_VALID,
};
/*
--
2.44.0
From: Deven Bowers <[email protected]>
Users of IPE require a way to identify when and why an operation fails,
allowing them to both respond to violations of policy and be notified
of potentially malicious actions on their systems with respect to IPE
itself.
This patch introduces 3 new audit events.
AUDIT_IPE_ACCESS(1420) indicates the result of an IPE policy evaluation
of a resource.
AUDIT_IPE_CONFIG_CHANGE(1421) indicates the current active IPE policy
has been changed to another loaded policy.
AUDIT_IPE_POLICY_LOAD(1422) indicates a new IPE policy has been loaded
into the kernel.
This patch also adds support for success auditing, allowing users to
identify why an allow decision was made for a resource. However, it is
recommended to use this option with caution, as it is quite noisy.
Here are some examples of the new audit record types:
AUDIT_IPE_ACCESS(1420):
audit: AUDIT1420 ipe_op=EXECUTE ipe_hook=BPRM_CHECK enforcing=1
pid=297 comm="sh" path="/root/vol/bin/hello" dev="tmpfs"
ino=3897 rule="op=EXECUTE boot_verified=TRUE action=ALLOW"
audit: AUDIT1420 ipe_op=EXECUTE ipe_hook=BPRM_CHECK enforcing=1
pid=299 comm="sh" path="/mnt/ipe/bin/hello" dev="dm-0"
ino=2 rule="DEFAULT action=DENY"
audit: AUDIT1420 ipe_op=EXECUTE ipe_hook=BPRM_CHECK enforcing=1
pid=300 path="/tmp/tmpdp2h1lub/deny/bin/hello" dev="tmpfs"
ino=131 rule="DEFAULT action=DENY"
The above three records were generated when the active IPE policy only
allows binaries from the initramfs to run. The three identical `hello`
binary were placed at different locations, only the first hello from
the rootfs(initramfs) was allowed.
Field ipe_op followed by the IPE operation name associated with the log.
Field ipe_hook followed by the name of the LSM hook that triggered the IPE
event.
Field enforcing followed by the enforcement state of IPE. (it will be
introduced in the next commit)
Field pid followed by the pid of the process that triggered the IPE
event.
Field comm followed by the command line program name of the process that
triggered the IPE event.
Field path followed by the file's path name.
Field dev followed by the device name as found in /dev where the file is
from.
Note that for device mappers it will use the name `dm-X` instead of
the name in /dev/mapper.
For a file in a temp file system, which is not from a device, it will use
`tmpfs` for the field.
The implementation of this part is following another existing use case
LSM_AUDIT_DATA_INODE in security/lsm_audit.c
Field ino followed by the file's inode number.
Field rule followed by the IPE rule made the access decision. The whole
rule must be audited because the decision is based on the combination of
all property conditions in the rule.
Along with the syscall audit event, user can know why a blocked
happened. For example:
audit: AUDIT1420 ipe_op=EXECUTE ipe_hook=BPRM_CHECK enforcing=1
pid=2138 comm="bash" path="/mnt/ipe/bin/hello" dev="dm-0"
ino=2 rule="DEFAULT action=DENY"
audit[1956]: SYSCALL arch=c000003e syscall=59
success=no exit=-13 a0=556790138df0 a1=556790135390 a2=5567901338b0
a3=ab2a41a67f4f1f4e items=1 ppid=147 pid=1956 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
ses=4294967295 comm="bash" exe="/usr/bin/bash" key=(null)
The above two records showed bash used execve to run "hello" and got
blocked by IPE. Note that the IPE records are always prior to a SYSCALL
record.
AUDIT_IPE_CONFIG_CHANGE(1421):
audit: AUDIT1421
old_active_pol_name="Allow_All" old_active_pol_version=0.0.0
old_policy_digest=sha256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649
new_active_pol_name="boot_verified" new_active_pol_version=0.0.0
new_policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F
auid=4294967295 ses=4294967295 lsm=ipe res=1
The above record showed the current IPE active policy switch from
`Allow_All` to `boot_verified` along with the version and the hash
digest of the two policies. Note IPE can only have one policy active
at a time, all access decision evaluation is based on the current active
policy.
The normal procedure to deploy a policy is loading the policy to deploy
into the kernel first, then switch the active policy to it.
AUDIT_IPE_POLICY_LOAD(1422):
audit: AUDIT1422 policy_name="boot_verified" policy_version=0.0.0
policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F2676
auid=4294967295 ses=4294967295 lsm=ipe res=1
The above record showed a new policy has been loaded into the kernel
with the policy name, policy version and policy hash.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ Split evaluation loop, access control hooks,
and evaluation loop from policy parser and userspace
interface to pass mailing list character limit
v3:
+ Move ipe_load_properties to patch 04.
+ Remove useless 0-initializations
+ Prefix extern variables with ipe_
+ Remove kernel module parameters, as these are
exposed through sysctls.
+ Add more prose to the IPE base config option
help text.
+ Use GFP_KERNEL for audit_log_start.
+ Remove unnecessary caching system.
+ Remove comments from headers
+ Use rcu_access_pointer for rcu-pointer null check
+ Remove usage of reqprot; use prot only.
+ Move policy load and activation audit event to 03/12
v4:
+ Remove sysctls in favor of securityfs nodes
+ Re-add kernel module parameters, as these are now
exposed through securityfs.
+ Refactor property audit loop to a separate function.
v5:
+ fix minor grammatical errors
+ do not group rule by curly-brace in audit record,
reconstruct the exact rule.
v6:
+ No changes
v7:
+ Further split lsm creation, the audit system, the evaluation loop,
and access control hooks into separate patches.
+ Further split audit system patch into two separate patches; one
for include/uapi, and the usage of the new defines.
+ Split out the permissive functionality into another separate patch,
for easier review.
+ Correct misuse of audit_log_n_untrusted string to audit_log_format
+ Use get_task_comm instead of comm directly.
+ Quote certain audit values
+ Remove unnecessary help text on choice options - these were
previously indented at the wrong level
+ Correct a stale string constant (ctx_ns_enforce to ctx_enforce)
v8:
+ Change dependency for CONFIG_AUDIT to CONFIG_AUDITSYSCALL
+ Drop ctx_* prefix
+ Reuse, where appropriate, the audit fields from the field
dictionary. This transforms:
ctx_pathname -> path
ctx_ino -> ino
ctx_dev -> dev
+ Add audit records and event examples to commit description.
+ Remove new_audit_ctx, replace with audit_log_start. All data that
would provided by new_audit_ctx is already present in the syscall
audit record, that is always emitted on these actions. The audit
records should be correlated as such.
+ Change audit types:
+ AUDIT_TRUST_RESULT -> AUDIT_IPE_ACCESS
+ This prevents overloading of the AVC type.
+ AUDIT_TRUST_POLICY_ACTIVATE -> AUDIT_MAC_CONFIG_CHANGE
+ AUDIT_TRUST_POLICY_LOAD -> AUDIT_MAC_POLICY_LOAD
+ There were no significant difference in meaning between
these types.
+ Remove enforcing parameter passed from the context structure
for AUDIT_IPE_ACCESS.
+ This field can be inferred from the SYSCALL audit event,
based on the success field.
+ Remove all fields already captured in the syscall record. "hook",
an IPE specific field, can be determined via the syscall field in
the syscall record itself, so it has been removed.
+ ino, path, and dev in IPE's record refer to the subject of the
syscall, while the syscall record refers to the calling process.
+ remove IPE prefix from policy load/policy activation events
+ fix a bug wherein a policy change audit record was not fired when
updating a policy
v9:
+ Merge the AUDIT_IPE_ACCESS definition with the audit support commit
+ Change the audit format of policy load and switch
+ Remove the ipe audit kernel switch
v10:
+ Create AUDIT_IPE_CONFIG_CHANGE and AUDIT_IPE_POLICY_LOAD
+ Change field names per upstream feedback
v11:
+ Fix style issues
v12:
+ Add ipe_op, ipe_hook, and enforcing fields to AUDIT_IPE_ACCESS
v13:
+ Remove dependency on CONFIG_BLK_DEV_INITRD
+ Add field placeholders for anonymous files
v14:
+ No changes
v15:
+ No changes
v16:
+ No changes
v17:
+ Add years to license header
+ Fix code and documentation style issues
v18:
+ No changes
---
include/uapi/linux/audit.h | 3 +
security/ipe/Kconfig | 2 +-
security/ipe/Makefile | 1 +
security/ipe/audit.c | 214 +++++++++++++++++++++++++++++++++++++
security/ipe/audit.h | 18 ++++
security/ipe/eval.c | 44 ++++++--
security/ipe/eval.h | 13 ++-
security/ipe/fs.c | 68 ++++++++++++
security/ipe/hooks.c | 10 +-
security/ipe/hooks.h | 11 ++
security/ipe/policy.c | 5 +
11 files changed, 372 insertions(+), 17 deletions(-)
create mode 100644 security/ipe/audit.c
create mode 100644 security/ipe/audit.h
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index d676ed2b246e..75e21a135483 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -143,6 +143,9 @@
#define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */
#define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */
#define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */
+#define AUDIT_IPE_ACCESS 1420 /* IPE denial or grant */
+#define AUDIT_IPE_CONFIG_CHANGE 1421 /* IPE config change */
+#define AUDIT_IPE_POLICY_LOAD 1422 /* IPE policy load */
#define AUDIT_FIRST_KERN_ANOM_MSG 1700
#define AUDIT_LAST_KERN_ANOM_MSG 1799
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index e4875fb04883..ac4d558e69d5 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -5,7 +5,7 @@
menuconfig SECURITY_IPE
bool "Integrity Policy Enforcement (IPE)"
- depends on SECURITY && SECURITYFS
+ depends on SECURITY && SECURITYFS && AUDIT && AUDITSYSCALL
select PKCS7_MESSAGE_PARSER
select SYSTEM_DATA_VERIFICATION
help
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index b97f8c10fe01..62caccba14b4 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -13,3 +13,4 @@ obj-$(CONFIG_SECURITY_IPE) += \
policy.o \
policy_fs.o \
policy_parser.o \
+ audit.o \
diff --git a/security/ipe/audit.c b/security/ipe/audit.c
new file mode 100644
index 000000000000..6a3f24665655
--- /dev/null
+++ b/security/ipe/audit.c
@@ -0,0 +1,214 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#include <linux/slab.h>
+#include <linux/audit.h>
+#include <linux/types.h>
+#include <crypto/hash.h>
+
+#include "ipe.h"
+#include "eval.h"
+#include "hooks.h"
+#include "policy.h"
+#include "audit.h"
+
+#define ACTSTR(x) ((x) == IPE_ACTION_ALLOW ? "ALLOW" : "DENY")
+
+#define IPE_AUDIT_HASH_ALG "sha256"
+
+#define AUDIT_POLICY_LOAD_FMT "policy_name=\"%s\" policy_version=%hu.%hu.%hu "\
+ "policy_digest=" IPE_AUDIT_HASH_ALG ":"
+#define AUDIT_OLD_ACTIVE_POLICY_FMT "old_active_pol_name=\"%s\" "\
+ "old_active_pol_version=%hu.%hu.%hu "\
+ "old_policy_digest=" IPE_AUDIT_HASH_ALG ":"
+#define AUDIT_NEW_ACTIVE_POLICY_FMT "new_active_pol_name=\"%s\" "\
+ "new_active_pol_version=%hu.%hu.%hu "\
+ "new_policy_digest=" IPE_AUDIT_HASH_ALG ":"
+
+static const char *const audit_op_names[__IPE_OP_MAX + 1] = {
+ "EXECUTE",
+ "FIRMWARE",
+ "KMODULE",
+ "KEXEC_IMAGE",
+ "KEXEC_INITRAMFS",
+ "POLICY",
+ "X509_CERT",
+ "UNKNOWN",
+};
+
+static const char *const audit_hook_names[__IPE_HOOK_MAX] = {
+ "BPRM_CHECK",
+ "MMAP",
+ "MPROTECT",
+ "KERNEL_READ",
+ "KERNEL_LOAD",
+};
+
+static const char *const audit_prop_names[__IPE_PROP_MAX] = {
+ "boot_verified=FALSE",
+ "boot_verified=TRUE",
+};
+
+/**
+ * audit_rule() - audit an IPE policy rule.
+ * @ab: Supplies a pointer to the audit_buffer to append to.
+ * @r: Supplies a pointer to the ipe_rule to approximate a string form for.
+ */
+static void audit_rule(struct audit_buffer *ab, const struct ipe_rule *r)
+{
+ const struct ipe_prop *ptr;
+
+ audit_log_format(ab, " rule=\"%s ", audit_op_names[r->op]);
+
+ list_for_each_entry(ptr, &r->props, next)
+ audit_log_format(ab, "%s ", audit_prop_names[ptr->type]);
+
+ audit_log_format(ab, "action=%s\"", ACTSTR(r->action));
+}
+
+/**
+ * ipe_audit_match() - Audit a rule match in a policy evaluation.
+ * @ctx: Supplies a pointer to the evaluation context that was used in the
+ * evaluation.
+ * @match_type: Supplies the scope of the match: rule, operation default,
+ * global default.
+ * @act: Supplies the IPE's evaluation decision, deny or allow.
+ * @r: Supplies a pointer to the rule that was matched, if possible.
+ */
+void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
+ enum ipe_match match_type,
+ enum ipe_action_type act, const struct ipe_rule *const r)
+{
+ const char *op = audit_op_names[ctx->op];
+ char comm[sizeof(current->comm)];
+ struct audit_buffer *ab;
+ struct inode *inode;
+
+ if (act != IPE_ACTION_DENY && !READ_ONCE(success_audit))
+ return;
+
+ ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_IPE_ACCESS);
+ if (!ab)
+ return;
+
+ audit_log_format(ab, "ipe_op=%s ipe_hook=%s pid=%d comm=",
+ op, audit_hook_names[ctx->hook],
+ task_tgid_nr(current));
+ audit_log_untrustedstring(ab, get_task_comm(comm, current));
+
+ if (ctx->file) {
+ audit_log_d_path(ab, " path=", &ctx->file->f_path);
+ inode = file_inode(ctx->file);
+ if (inode) {
+ audit_log_format(ab, " dev=");
+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
+ audit_log_format(ab, " ino=%lu", inode->i_ino);
+ } else {
+ audit_log_format(ab, " dev=? ino=?");
+ }
+ } else {
+ audit_log_format(ab, " path=? dev=? ino=?");
+ }
+
+ if (match_type == IPE_MATCH_RULE)
+ audit_rule(ab, r);
+ else if (match_type == IPE_MATCH_TABLE)
+ audit_log_format(ab, " rule=\"DEFAULT op=%s action=%s\"", op,
+ ACTSTR(act));
+ else
+ audit_log_format(ab, " rule=\"DEFAULT action=%s\"",
+ ACTSTR(act));
+
+ audit_log_end(ab);
+}
+
+/**
+ * audit_policy() - Audit a policy's name, version and thumbprint to @ab.
+ * @ab: Supplies a pointer to the audit buffer to append to.
+ * @audit_format: Supplies a pointer to the audit format string
+ * @p: Supplies a pointer to the policy to audit.
+ */
+static void audit_policy(struct audit_buffer *ab,
+ const char *audit_format,
+ const struct ipe_policy *const p)
+{
+ SHASH_DESC_ON_STACK(desc, tfm);
+ struct crypto_shash *tfm;
+ u8 *digest = NULL;
+
+ tfm = crypto_alloc_shash(IPE_AUDIT_HASH_ALG, 0, 0);
+ if (IS_ERR(tfm))
+ return;
+
+ desc->tfm = tfm;
+
+ digest = kzalloc(crypto_shash_digestsize(tfm), GFP_KERNEL);
+ if (!digest)
+ goto out;
+
+ if (crypto_shash_init(desc))
+ goto out;
+
+ if (crypto_shash_update(desc, p->pkcs7, p->pkcs7len))
+ goto out;
+
+ if (crypto_shash_final(desc, digest))
+ goto out;
+
+ audit_log_format(ab, audit_format, p->parsed->name,
+ p->parsed->version.major, p->parsed->version.minor,
+ p->parsed->version.rev);
+ audit_log_n_hex(ab, digest, crypto_shash_digestsize(tfm));
+
+out:
+ kfree(digest);
+ crypto_free_shash(tfm);
+}
+
+/**
+ * ipe_audit_policy_activation() - Audit a policy being activated.
+ * @op: Supplies a pointer to the previously activated policy to audit.
+ * @np: Supplies a pointer to the newly activated policy to audit.
+ */
+void ipe_audit_policy_activation(const struct ipe_policy *const op,
+ const struct ipe_policy *const np)
+{
+ struct audit_buffer *ab;
+
+ ab = audit_log_start(audit_context(), GFP_KERNEL,
+ AUDIT_IPE_CONFIG_CHANGE);
+ if (!ab)
+ return;
+
+ audit_policy(ab, AUDIT_OLD_ACTIVE_POLICY_FMT, op);
+ audit_log_format(ab, " ");
+ audit_policy(ab, AUDIT_NEW_ACTIVE_POLICY_FMT, np);
+ audit_log_format(ab, " auid=%u ses=%u lsm=ipe res=1",
+ from_kuid(&init_user_ns, audit_get_loginuid(current)),
+ audit_get_sessionid(current));
+
+ audit_log_end(ab);
+}
+
+/**
+ * ipe_audit_policy_load() - Audit a policy being loaded into the kernel.
+ * @p: Supplies a pointer to the policy to audit.
+ */
+void ipe_audit_policy_load(const struct ipe_policy *const p)
+{
+ struct audit_buffer *ab;
+
+ ab = audit_log_start(audit_context(), GFP_KERNEL,
+ AUDIT_IPE_POLICY_LOAD);
+ if (!ab)
+ return;
+
+ audit_policy(ab, AUDIT_POLICY_LOAD_FMT, p);
+ audit_log_format(ab, " auid=%u ses=%u lsm=ipe res=1",
+ from_kuid(&init_user_ns, audit_get_loginuid(current)),
+ audit_get_sessionid(current));
+
+ audit_log_end(ab);
+}
diff --git a/security/ipe/audit.h b/security/ipe/audit.h
new file mode 100644
index 000000000000..3ba8b8a91541
--- /dev/null
+++ b/security/ipe/audit.h
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#ifndef _IPE_AUDIT_H
+#define _IPE_AUDIT_H
+
+#include "policy.h"
+
+void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
+ enum ipe_match match_type,
+ enum ipe_action_type act, const struct ipe_rule *const r);
+void ipe_audit_policy_load(const struct ipe_policy *const p);
+void ipe_audit_policy_activation(const struct ipe_policy *const op,
+ const struct ipe_policy *const np);
+
+#endif /* _IPE_AUDIT_H */
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index 28b3bded06c2..18fd5d8fa03e 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -9,12 +9,15 @@
#include <linux/file.h>
#include <linux/sched.h>
#include <linux/rcupdate.h>
+#include <linux/moduleparam.h>
#include "ipe.h"
#include "eval.h"
#include "policy.h"
+#include "audit.h"
struct ipe_policy __rcu *ipe_active_policy;
+bool success_audit;
#define FILE_SUPERBLOCK(f) ((f)->f_path.mnt->mnt_sb)
@@ -33,13 +36,16 @@ static void build_ipe_sb_ctx(struct ipe_eval_ctx *ctx, const struct file *const
* @ctx: Supplies a pointer to the context to be populated.
* @file: Supplies a pointer to the file to associated with the evaluation.
* @op: Supplies the IPE policy operation associated with the evaluation.
+ * @hook: Supplies the LSM hook associated with the evaluation.
*/
void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
const struct file *file,
- enum ipe_op_type op)
+ enum ipe_op_type op,
+ enum ipe_hook_type hook)
{
ctx->file = file;
ctx->op = op;
+ ctx->hook = hook;
if (file)
build_ipe_sb_ctx(ctx, file);
@@ -100,6 +106,7 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
struct ipe_policy *pol = NULL;
struct ipe_prop *prop = NULL;
enum ipe_action_type action;
+ enum ipe_match match_type;
bool match = false;
rcu_read_lock();
@@ -111,14 +118,15 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
}
if (ctx->op == IPE_OP_INVALID) {
- if (pol->parsed->global_default_action == IPE_ACTION_DENY) {
- rcu_read_unlock();
- return -EACCES;
- }
- if (pol->parsed->global_default_action == IPE_ACTION_INVALID)
+ if (pol->parsed->global_default_action == IPE_ACTION_INVALID) {
WARN(1, "no default rule set for unknown op, ALLOW it");
+ action = IPE_ACTION_ALLOW;
+ } else {
+ action = pol->parsed->global_default_action;
+ }
rcu_read_unlock();
- return 0;
+ match_type = IPE_MATCH_GLOBAL;
+ goto eval;
}
rules = &pol->parsed->rules[ctx->op];
@@ -136,16 +144,32 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
break;
}
- if (match)
+ if (match) {
action = rule->action;
- else if (rules->default_action != IPE_ACTION_INVALID)
+ match_type = IPE_MATCH_RULE;
+ } else if (rules->default_action != IPE_ACTION_INVALID) {
action = rules->default_action;
- else
+ match_type = IPE_MATCH_TABLE;
+ } else {
action = pol->parsed->global_default_action;
+ match_type = IPE_MATCH_GLOBAL;
+ }
rcu_read_unlock();
+eval:
+ ipe_audit_match(ctx, match_type, action, rule);
+
if (action == IPE_ACTION_DENY)
return -EACCES;
return 0;
}
+
+/* Set the right module name */
+#ifdef KBUILD_MODNAME
+#undef KBUILD_MODNAME
+#define KBUILD_MODNAME "ipe"
+#endif
+
+module_param(success_audit, bool, 0400);
+MODULE_PARM_DESC(success_audit, "Start IPE with success auditing enabled");
diff --git a/security/ipe/eval.h b/security/ipe/eval.h
index 0fa6492354dd..42b74a7a7c2b 100644
--- a/security/ipe/eval.h
+++ b/security/ipe/eval.h
@@ -10,10 +10,12 @@
#include <linux/types.h>
#include "policy.h"
+#include "hooks.h"
#define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 })
extern struct ipe_policy __rcu *ipe_active_policy;
+extern bool success_audit;
struct ipe_superblock {
bool initramfs;
@@ -21,14 +23,23 @@ struct ipe_superblock {
struct ipe_eval_ctx {
enum ipe_op_type op;
+ enum ipe_hook_type hook;
const struct file *file;
bool initramfs;
};
+enum ipe_match {
+ IPE_MATCH_RULE = 0,
+ IPE_MATCH_TABLE,
+ IPE_MATCH_GLOBAL,
+ __IPE_MATCH_MAX
+};
+
void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
const struct file *file,
- enum ipe_op_type op);
+ enum ipe_op_type op,
+ enum ipe_hook_type hook);
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
#endif /* _IPE_EVAL_H */
diff --git a/security/ipe/fs.c b/security/ipe/fs.c
index 49484c8feead..9e410982b759 100644
--- a/security/ipe/fs.c
+++ b/security/ipe/fs.c
@@ -8,11 +8,62 @@
#include "ipe.h"
#include "fs.h"
+#include "eval.h"
#include "policy.h"
+#include "audit.h"
static struct dentry *np __ro_after_init;
static struct dentry *root __ro_after_init;
struct dentry *policy_root __ro_after_init;
+static struct dentry *audit_node __ro_after_init;
+
+/**
+ * setaudit() - Write handler for the securityfs node, "ipe/success_audit"
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the write syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * Return:
+ * * Length of buffer written - Success
+ * * %-EPERM - Insufficient permission
+ */
+static ssize_t setaudit(struct file *f, const char __user *data,
+ size_t len, loff_t *offset)
+{
+ int rc = 0;
+ bool value;
+
+ if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
+ return -EPERM;
+
+ rc = kstrtobool_from_user(data, len, &value);
+ if (rc)
+ return rc;
+
+ WRITE_ONCE(success_audit, value);
+
+ return len;
+}
+
+/**
+ * getaudit() - Read handler for the securityfs node, "ipe/success_audit"
+ * @f: Supplies a file structure representing the securityfs node.
+ * @data: Supplies a buffer passed to the read syscall.
+ * @len: Supplies the length of @data.
+ * @offset: unused.
+ *
+ * Return: Length of buffer written
+ */
+static ssize_t getaudit(struct file *f, char __user *data,
+ size_t len, loff_t *offset)
+{
+ const char *result;
+
+ result = ((READ_ONCE(success_audit)) ? "1" : "0");
+
+ return simple_read_from_buffer(data, len, offset, result, 1);
+}
/**
* new_policy() - Write handler for the securityfs node, "ipe/new_policy".
@@ -51,6 +102,10 @@ static ssize_t new_policy(struct file *f, const char __user *data,
}
rc = ipe_new_policyfs_node(p);
+ if (rc)
+ goto out;
+
+ ipe_audit_policy_load(p);
out:
if (rc < 0)
@@ -63,6 +118,11 @@ static const struct file_operations np_fops = {
.write = new_policy,
};
+static const struct file_operations audit_fops = {
+ .write = setaudit,
+ .read = getaudit,
+};
+
/**
* ipe_init_securityfs() - Initialize IPE's securityfs tree at fsinit.
*
@@ -82,6 +142,13 @@ static int __init ipe_init_securityfs(void)
goto err;
}
+ audit_node = securityfs_create_file("success_audit", 0600, root,
+ NULL, &audit_fops);
+ if (IS_ERR(audit_node)) {
+ rc = PTR_ERR(audit_node);
+ goto err;
+ }
+
policy_root = securityfs_create_dir("policies", root);
if (IS_ERR(policy_root)) {
rc = PTR_ERR(policy_root);
@@ -98,6 +165,7 @@ static int __init ipe_init_securityfs(void)
err:
securityfs_remove(np);
securityfs_remove(policy_root);
+ securityfs_remove(audit_node);
securityfs_remove(root);
return rc;
}
diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
index 76370919aac0..b68719bf44fb 100644
--- a/security/ipe/hooks.c
+++ b/security/ipe/hooks.c
@@ -29,7 +29,7 @@ int ipe_bprm_check_security(struct linux_binprm *bprm)
{
struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT;
- ipe_build_eval_ctx(&ctx, bprm->file, IPE_OP_EXEC);
+ ipe_build_eval_ctx(&ctx, bprm->file, IPE_OP_EXEC, IPE_HOOK_BPRM_CHECK);
return ipe_evaluate_event(&ctx);
}
@@ -54,7 +54,7 @@ int ipe_mmap_file(struct file *f, unsigned long reqprot __always_unused,
struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT;
if (prot & PROT_EXEC) {
- ipe_build_eval_ctx(&ctx, f, IPE_OP_EXEC);
+ ipe_build_eval_ctx(&ctx, f, IPE_OP_EXEC, IPE_HOOK_MMAP);
return ipe_evaluate_event(&ctx);
}
@@ -86,7 +86,7 @@ int ipe_file_mprotect(struct vm_area_struct *vma,
return 0;
if (prot & PROT_EXEC) {
- ipe_build_eval_ctx(&ctx, vma->vm_file, IPE_OP_EXEC);
+ ipe_build_eval_ctx(&ctx, vma->vm_file, IPE_OP_EXEC, IPE_HOOK_MPROTECT);
return ipe_evaluate_event(&ctx);
}
@@ -136,7 +136,7 @@ int ipe_kernel_read_file(struct file *file, enum kernel_read_file_id id,
WARN(1, "no rule setup for kernel_read_file enum %d", id);
}
- ipe_build_eval_ctx(&ctx, file, op);
+ ipe_build_eval_ctx(&ctx, file, op, IPE_HOOK_KERNEL_READ);
return ipe_evaluate_event(&ctx);
}
@@ -180,7 +180,7 @@ int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents)
WARN(1, "no rule setup for kernel_load_data enum %d", id);
}
- ipe_build_eval_ctx(&ctx, NULL, op);
+ ipe_build_eval_ctx(&ctx, NULL, op, IPE_HOOK_KERNEL_LOAD);
return ipe_evaluate_event(&ctx);
}
diff --git a/security/ipe/hooks.h b/security/ipe/hooks.h
index 4de5fabebd54..f4f0b544ddcc 100644
--- a/security/ipe/hooks.h
+++ b/security/ipe/hooks.h
@@ -9,6 +9,17 @@
#include <linux/binfmts.h>
#include <linux/security.h>
+enum ipe_hook_type {
+ IPE_HOOK_BPRM_CHECK = 0,
+ IPE_HOOK_MMAP,
+ IPE_HOOK_MPROTECT,
+ IPE_HOOK_KERNEL_READ,
+ IPE_HOOK_KERNEL_LOAD,
+ __IPE_HOOK_MAX
+};
+
+#define IPE_HOOK_INVALID __IPE_HOOK_MAX
+
int ipe_bprm_check_security(struct linux_binprm *bprm);
int ipe_mmap_file(struct file *f, unsigned long reqprot, unsigned long prot,
diff --git a/security/ipe/policy.c b/security/ipe/policy.c
index 112913f83c6d..5ac7640a8aef 100644
--- a/security/ipe/policy.c
+++ b/security/ipe/policy.c
@@ -11,6 +11,7 @@
#include "fs.h"
#include "policy.h"
#include "policy_parser.h"
+#include "audit.h"
/* lock for synchronizing writers across ipe policy */
DEFINE_MUTEX(ipe_policy_lock);
@@ -112,6 +113,7 @@ int ipe_update_policy(struct inode *root, const char *text, size_t textlen,
root->i_private = new;
swap(new->policyfs, old->policyfs);
+ ipe_audit_policy_load(new);
mutex_lock(&ipe_policy_lock);
ap = rcu_dereference_protected(ipe_active_policy,
@@ -120,6 +122,7 @@ int ipe_update_policy(struct inode *root, const char *text, size_t textlen,
rcu_assign_pointer(ipe_active_policy, new);
mutex_unlock(&ipe_policy_lock);
synchronize_rcu();
+ ipe_audit_policy_activation(old, new);
} else {
mutex_unlock(&ipe_policy_lock);
}
@@ -220,5 +223,7 @@ int ipe_set_active_pol(const struct ipe_policy *p)
mutex_unlock(&ipe_policy_lock);
synchronize_rcu();
+ ipe_audit_policy_activation(ap, p);
+
return 0;
}
--
2.44.0
Update MAINTAINERS to include ipe maintainer information.
Signed-off-by: Fan Wu <[email protected]>
--
v1-v16:
+ Not present
v17:
+ Introduced
v18:
+ No changes
---
MAINTAINERS | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index ec0284125e8f..def7116eba7b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -10742,6 +10742,16 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
F: security/integrity/
F: security/integrity/ima/
+INTEGRITY POLICY ENFORCEMENT (IPE)
+M: Fan Wu <[email protected]>
+L: [email protected]
+S: Supported
+T: git https://github.com/microsoft/ipe.git
+F: Documentation/admin-guide/LSM/ipe.rst
+F: Documentation/security/ipe.rst
+F: scripts/ipe/
+F: security/ipe/
+
INTEL 810/815 FRAMEBUFFER DRIVER
M: Antonino Daplas <[email protected]>
L: [email protected]
--
2.44.0
Enable IPE policy authors to indicate trust for a singular fsverity
file, identified by the digest information, through "fsverity_digest"
and all files using valid fsverity builtin signatures via
"fsverity_signature".
This enables file-level integrity claims to be expressed in IPE,
allowing individual files to be authorized, giving some flexibility
for policy authors. Such file-level claims are important to be expressed
for enforcing the integrity of packages, as well as address some of the
scalability issues in a sole dm-verity based solution (# of loop back
devices, etc).
This solution cannot be done in userspace as the minimum threat that
IPE should mitigate is an attacker downloads malicious payload with
all required dependencies. These dependencies can lack the userspace
check, bypassing the protection entirely. A similar attack succeeds if
the userspace component is replaced with a version that does not
perform the check. As a result, this can only be done in the common
entry point - the kernel.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v1-v6:
+ Not present
v7:
Introduced
v8:
* Undo squash of 08/12, 10/12 - separating drivers/md/ from security/
* Use common-audit function for fsverity_signature.
+ Change fsverity implementation to use fsverity_get_digest
+ prevent unnecessary copy of fs-verity signature data, instead
just check for presence of signature data.
+ Remove free_inode_security hook, as the digest is now acquired
at runtime instead of via LSM blob.
v9:
+ Adapt to the new parser
v10:
+ Update the fsverity get digest call
v11:
+ No changes
v12:
+ Fix audit format
+ Simplify property evaluation
v13:
+ Remove the CONFIG_IPE_PROP_FS_VERITY dependency inside the parser
to make the policy grammar independent of the kernel config.
v14:
+ No changes
v15:
+ Fix on grammar issue in Kconfig
+ Switch hook to security_inode_setintegrity()
v16:
+ Rewrite fsverity signature part in Kconfig
v17:
+ Fix documentation issues
+ Use new enum name LSM_INT_FSVERITY_BUILTINSIG_VALID
v18:
+ Add Kconfig IPE_PROP_FS_VERITY_BUILTIN_SIG and make both FS_VERITY
Kconfigs auto-selected
---
security/ipe/Kconfig | 25 +++++++
security/ipe/audit.c | 17 +++++
security/ipe/eval.c | 123 ++++++++++++++++++++++++++++++++++-
security/ipe/eval.h | 12 ++++
security/ipe/hooks.c | 28 ++++++++
security/ipe/hooks.h | 6 ++
security/ipe/ipe.c | 13 ++++
security/ipe/ipe.h | 3 +
security/ipe/policy.h | 3 +
security/ipe/policy_parser.c | 6 ++
10 files changed, 235 insertions(+), 1 deletion(-)
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index 8279dddf92ad..839d63698841 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -10,6 +10,8 @@ menuconfig SECURITY_IPE
select SYSTEM_DATA_VERIFICATION
select IPE_PROP_DM_VERITY if DM_VERITY
select IPE_PROP_DM_VERITY_SIGNATURE if DM_VERITY && DM_VERITY_VERIFY_ROOTHASH_SIG
+ select IPE_PROP_FS_VERITY if FS_VERITY
+ select IPE_PROP_FS_VERITY_BUILTIN_SIG if FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
help
This option enables the Integrity Policy Enforcement LSM
allowing users to define a policy to enforce a trust-based access
@@ -39,6 +41,29 @@ config IPE_PROP_DM_VERITY_SIGNATURE
volume, which has been mounted with a valid signed root hash,
is evaluated.
+ If unsure, answer Y.
+
+config IPE_PROP_FS_VERITY
+ bool "Enable support for fs-verity based on file digest"
+ depends on FS_VERITY
+ help
+ This option enables the 'fsverity_digest' property within IPE
+ policies. The property evaluates to TRUE when a file is fsverity
+ enabled and its digest matches the supplied value in the policy.
+
+ if unsure, answer Y.
+
+config IPE_PROP_FS_VERITY_BUILTIN_SIG
+ bool "Enable support for fs-verity based on builtin signature"
+ depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
+ help
+ This option enables the 'fsverity_signature' property within IPE
+ policies. The property evaluates to TRUE when a file is fsverity
+ enabled and it has a valid builtin signature whose signing cert
+ is in the .fs-verity keyring.
+
+ if unsure, answer Y.
+
endmenu
endif
diff --git a/security/ipe/audit.c b/security/ipe/audit.c
index 2c98520267c1..bd258f887e6f 100644
--- a/security/ipe/audit.c
+++ b/security/ipe/audit.c
@@ -53,6 +53,9 @@ static const char *const audit_prop_names[__IPE_PROP_MAX] = {
"dmverity_roothash=",
"dmverity_signature=FALSE",
"dmverity_signature=TRUE",
+ "fsverity_digest=",
+ "fsverity_signature=FALSE",
+ "fsverity_signature=TRUE",
};
/**
@@ -66,6 +69,17 @@ static void audit_dmv_roothash(struct audit_buffer *ab, const void *rh)
ipe_digest_audit(ab, rh);
}
+/**
+ * audit_fsv_digest() - audit the digest of a fsverity_digest property.
+ * @ab: Supplies a pointer to the audit_buffer to append to.
+ * @d: Supplies a pointer to the digest structure.
+ */
+static void audit_fsv_digest(struct audit_buffer *ab, const void *d)
+{
+ audit_log_format(ab, "%s", audit_prop_names[IPE_PROP_FSV_DIGEST]);
+ ipe_digest_audit(ab, d);
+}
+
/**
* audit_rule() - audit an IPE policy rule.
* @ab: Supplies a pointer to the audit_buffer to append to.
@@ -82,6 +96,9 @@ static void audit_rule(struct audit_buffer *ab, const struct ipe_rule *r)
case IPE_PROP_DMV_ROOTHASH:
audit_dmv_roothash(ab, ptr->value);
break;
+ case IPE_PROP_FSV_DIGEST:
+ audit_fsv_digest(ab, ptr->value);
+ break;
default:
audit_log_format(ab, "%s", audit_prop_names[ptr->type]);
break;
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index 8f4f63088206..dca1b1f312b4 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -10,6 +10,7 @@
#include <linux/sched.h>
#include <linux/rcupdate.h>
#include <linux/moduleparam.h>
+#include <linux/fsverity.h>
#include "ipe.h"
#include "eval.h"
@@ -51,6 +52,36 @@ static void build_ipe_bdev_ctx(struct ipe_eval_ctx *ctx, const struct inode *con
}
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+static void build_ipe_inode_blob_ctx(struct ipe_eval_ctx *ctx,
+ const struct inode *const ino)
+{
+ ctx->ipe_inode = ipe_inode(ctx->ino);
+}
+#else
+static inline void build_ipe_inode_blob_ctx(struct ipe_eval_ctx *ctx,
+ const struct inode *const ino)
+{
+}
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
+
+/**
+ * build_ipe_inode_ctx() - Build inode fields of an evaluation context.
+ * @ctx: Supplies a pointer to the context to be populated.
+ * @ino: Supplies the inode struct of the file triggered IPE event.
+ */
+static void build_ipe_inode_ctx(struct ipe_eval_ctx *ctx, const struct inode *const ino)
+{
+ ctx->ino = ino;
+ build_ipe_inode_blob_ctx(ctx, ino);
+}
+#else
+static void build_ipe_inode_ctx(struct ipe_eval_ctx *ctx, const struct inode *const ino)
+{
+}
+#endif /* CONFIG_IPE_PROP_FS_VERITY */
+
/**
* ipe_build_eval_ctx() - Build an ipe evaluation context.
* @ctx: Supplies a pointer to the context to be populated.
@@ -63,13 +94,17 @@ void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
enum ipe_op_type op,
enum ipe_hook_type hook)
{
+ struct inode *ino;
+
ctx->file = file;
ctx->op = op;
ctx->hook = hook;
if (file) {
build_ipe_sb_ctx(ctx, file);
- build_ipe_bdev_ctx(ctx, d_real_inode(file->f_path.dentry));
+ ino = d_real_inode(file->f_path.dentry);
+ build_ipe_bdev_ctx(ctx, ino);
+ build_ipe_inode_ctx(ctx, ino);
}
}
@@ -150,6 +185,86 @@ static bool evaluate_dmv_sig_true(const struct ipe_eval_ctx *const ctx)
}
#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
+#ifdef CONFIG_IPE_PROP_FS_VERITY
+/**
+ * evaluate_fsv_digest() - Evaluate @ctx against a fsv digest property.
+ * @ctx: Supplies a pointer to the context being evaluated.
+ * @p: Supplies a pointer to the property being evaluated.
+ *
+ * Return:
+ * * %true - The current @ctx match the @p
+ * * %false - The current @ctx doesn't match the @p
+ */
+static bool evaluate_fsv_digest(const struct ipe_eval_ctx *const ctx,
+ struct ipe_prop *p)
+{
+ enum hash_algo alg;
+ u8 digest[FS_VERITY_MAX_DIGEST_SIZE];
+ struct digest_info info;
+
+ if (!ctx->ino)
+ return false;
+ if (!fsverity_get_digest((struct inode *)ctx->ino,
+ digest,
+ NULL,
+ &alg))
+ return false;
+
+ info.alg = hash_algo_name[alg];
+ info.digest = digest;
+ info.digest_len = hash_digest_size[alg];
+
+ return ipe_digest_eval(p->value, &info);
+}
+#else
+static bool evaluate_fsv_digest(const struct ipe_eval_ctx *const ctx,
+ struct ipe_prop *p)
+{
+ return false;
+}
+#endif /* CONFIG_IPE_PROP_FS_VERITY */
+
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+/**
+ * evaluate_fsv_sig_false() - Evaluate @ctx against a fsv sig false property.
+ * @ctx: Supplies a pointer to the context being evaluated.
+ *
+ * Return:
+ * * %true - The current @ctx match the property
+ * * %false - The current @ctx doesn't match the property
+ */
+static bool evaluate_fsv_sig_false(const struct ipe_eval_ctx *const ctx)
+{
+ return !ctx->ino ||
+ !IS_VERITY(ctx->ino) ||
+ !ctx->ipe_inode ||
+ !ctx->ipe_inode->fs_verity_signed;
+}
+
+/**
+ * evaluate_fsv_sig_true() - Evaluate @ctx against a fsv sig true property.
+ * @ctx: Supplies a pointer to the context being evaluated.
+ *
+ * Return:
+ * * %true - The current @ctx match the property
+ * * %false - The current @ctx doesn't match the property
+ */
+static bool evaluate_fsv_sig_true(const struct ipe_eval_ctx *const ctx)
+{
+ return !evaluate_fsv_sig_false(ctx);
+}
+#else
+static bool evaluate_fsv_sig_false(const struct ipe_eval_ctx *const ctx)
+{
+ return false;
+}
+
+static bool evaluate_fsv_sig_true(const struct ipe_eval_ctx *const ctx)
+{
+ return false;
+}
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
+
/**
* evaluate_property() - Analyze @ctx against a rule property.
* @ctx: Supplies a pointer to the context to be evaluated.
@@ -176,6 +291,12 @@ static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
return evaluate_dmv_sig_false(ctx);
case IPE_PROP_DMV_SIG_TRUE:
return evaluate_dmv_sig_true(ctx);
+ case IPE_PROP_FSV_DIGEST:
+ return evaluate_fsv_digest(ctx, p);
+ case IPE_PROP_FSV_SIG_FALSE:
+ return evaluate_fsv_sig_false(ctx);
+ case IPE_PROP_FSV_SIG_TRUE:
+ return evaluate_fsv_sig_true(ctx);
default:
return false;
}
diff --git a/security/ipe/eval.h b/security/ipe/eval.h
index 4901df0e1369..fef65a36468c 100644
--- a/security/ipe/eval.h
+++ b/security/ipe/eval.h
@@ -31,6 +31,12 @@ struct ipe_bdev {
};
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+struct ipe_inode {
+ bool fs_verity_signed;
+};
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
+
struct ipe_eval_ctx {
enum ipe_op_type op;
enum ipe_hook_type hook;
@@ -40,6 +46,12 @@ struct ipe_eval_ctx {
#ifdef CONFIG_IPE_PROP_DM_VERITY
const struct ipe_bdev *ipe_bdev;
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY
+ const struct inode *ino;
+#endif /* CONFIG_IPE_PROP_FS_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+ const struct ipe_inode *ipe_inode;
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
};
enum ipe_match {
diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
index bc0a7268179d..df5057b8670f 100644
--- a/security/ipe/hooks.c
+++ b/security/ipe/hooks.c
@@ -282,3 +282,31 @@ int ipe_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type typ
return -EINVAL;
}
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+/**
+ * ipe_inode_setintegrity() - save integrity data from a inode to IPE's LSM blob.
+ * @inode: The inode to source the security blob from.
+ * @type: Supplies the integrity type.
+ * @value: The value to be stored.
+ * @size: The size of @value.
+ *
+ * This hook is currently used to save the existence of a validated fs-verity
+ * builtin signature into LSM blob.
+ *
+ * Return: %0 on success. If an error occurs, the function will return the
+ * -errno.
+ */
+int ipe_inode_setintegrity(struct inode *inode, enum lsm_integrity_type type,
+ const void *value, size_t size)
+{
+ struct ipe_inode *inode_sec = ipe_inode(inode);
+
+ if (type == LSM_INT_FSVERITY_BUILTINSIG_VALID) {
+ inode_sec->fs_verity_signed = size > 0 && value;
+ return 0;
+ }
+
+ return -EINVAL;
+}
+#endif /* CONFIG_CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
diff --git a/security/ipe/hooks.h b/security/ipe/hooks.h
index 4d585fb6ada3..b45c0243107b 100644
--- a/security/ipe/hooks.h
+++ b/security/ipe/hooks.h
@@ -9,6 +9,7 @@
#include <linux/binfmts.h>
#include <linux/security.h>
#include <linux/blk_types.h>
+#include <linux/fsverity.h>
enum ipe_hook_type {
IPE_HOOK_BPRM_CHECK = 0,
@@ -43,4 +44,9 @@ int ipe_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type typ
const void *value, size_t len);
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+int ipe_inode_setintegrity(struct inode *inode, enum lsm_integrity_type type,
+ const void *value, size_t size);
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
+
#endif /* _IPE_HOOKS_H */
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 99cb42caa63a..da79f66b0010 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -16,6 +16,9 @@ static struct lsm_blob_sizes ipe_blobs __ro_after_init = {
#ifdef CONFIG_IPE_PROP_DM_VERITY
.lbs_bdev = sizeof(struct ipe_bdev),
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+ .lbs_inode = sizeof(struct ipe_inode),
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
};
static const struct lsm_id ipe_lsmid = {
@@ -35,6 +38,13 @@ struct ipe_bdev *ipe_bdev(struct block_device *b)
}
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+struct ipe_inode *ipe_inode(const struct inode *inode)
+{
+ return inode->i_security + ipe_blobs.lbs_inode;
+}
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
+
static struct security_hook_list ipe_hooks[] __ro_after_init = {
LSM_HOOK_INIT(bprm_check_security, ipe_bprm_check_security),
LSM_HOOK_INIT(mmap_file, ipe_mmap_file),
@@ -46,6 +56,9 @@ static struct security_hook_list ipe_hooks[] __ro_after_init = {
LSM_HOOK_INIT(bdev_free_security, ipe_bdev_free_security),
LSM_HOOK_INIT(bdev_setintegrity, ipe_bdev_setintegrity),
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+ LSM_HOOK_INIT(inode_setintegrity, ipe_inode_setintegrity),
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
};
/**
diff --git a/security/ipe/ipe.h b/security/ipe/ipe.h
index 01f46286e383..fb37513812dd 100644
--- a/security/ipe/ipe.h
+++ b/security/ipe/ipe.h
@@ -19,5 +19,8 @@ extern bool ipe_enabled;
#ifdef CONFIG_IPE_PROP_DM_VERITY
struct ipe_bdev *ipe_bdev(struct block_device *b);
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+struct ipe_inode *ipe_inode(const struct inode *inode);
+#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
#endif /* _IPE_H */
diff --git a/security/ipe/policy.h b/security/ipe/policy.h
index 26776092c710..5bfbdbddeef8 100644
--- a/security/ipe/policy.h
+++ b/security/ipe/policy.h
@@ -36,6 +36,9 @@ enum ipe_prop_type {
IPE_PROP_DMV_ROOTHASH,
IPE_PROP_DMV_SIG_FALSE,
IPE_PROP_DMV_SIG_TRUE,
+ IPE_PROP_FSV_DIGEST,
+ IPE_PROP_FSV_SIG_FALSE,
+ IPE_PROP_FSV_SIG_TRUE,
__IPE_PROP_MAX
};
diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c
index 71c84b293029..5a182c006b0e 100644
--- a/security/ipe/policy_parser.c
+++ b/security/ipe/policy_parser.c
@@ -278,6 +278,9 @@ static const match_table_t property_tokens = {
{IPE_PROP_DMV_ROOTHASH, "dmverity_roothash=%s"},
{IPE_PROP_DMV_SIG_FALSE, "dmverity_signature=FALSE"},
{IPE_PROP_DMV_SIG_TRUE, "dmverity_signature=TRUE"},
+ {IPE_PROP_FSV_DIGEST, "fsverity_digest=%s"},
+ {IPE_PROP_FSV_SIG_FALSE, "fsverity_signature=FALSE"},
+ {IPE_PROP_FSV_SIG_TRUE, "fsverity_signature=TRUE"},
{IPE_PROP_INVALID, NULL}
};
@@ -310,6 +313,7 @@ static int parse_property(char *t, struct ipe_rule *r)
switch (token) {
case IPE_PROP_DMV_ROOTHASH:
+ case IPE_PROP_FSV_DIGEST:
dup = match_strdup(&args[0]);
if (!dup) {
rc = -ENOMEM;
@@ -325,6 +329,8 @@ static int parse_property(char *t, struct ipe_rule *r)
case IPE_PROP_BOOT_VERIFIED_TRUE:
case IPE_PROP_DMV_SIG_FALSE:
case IPE_PROP_DMV_SIG_TRUE:
+ case IPE_PROP_FSV_SIG_FALSE:
+ case IPE_PROP_FSV_SIG_TRUE:
p->type = token;
break;
default:
--
2.44.0
From: Deven Bowers <[email protected]>
Add IPE's admin and developer documentation to the kernel tree.
Co-developed-by: Fan Wu <[email protected]>
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ No Changes
v3:
+ Add Acked-by
+ Fixup code block syntax
+ Fix a minor grammatical issue.
v4:
+ Update documentation with the results of other
code changes.
v5:
+ No changes
v6:
+ No changes
v7:
+ Add additional developer-level documentation
+ Update admin-guide docs to reflect changes.
+ Drop Acked-by due to significant changes
+ Added section about audit events in admin-guide
v8:
+ Correct terminology from "audit event" to "audit record"
+ Add associated documentation with the correct "audit event"
terminology.
+ Add some context to the historical motivation for IPE and design
philosophy.
+ Add some content about the securityfs layout in the policies
directory.
+ Various spelling and grammatical corrections.
v9:
+ Correct spelling of "pitfalls"
+ Update the docs w.r.t the new parser and new audit formats
v10:
+ Refine user docs per upstream suggestions
+ Update audit events part
v11:
+ No changes
v12:
+ Update audit formats
+ Update initramfs related docs
+ Add test suite link
v13:
+ No changes
v14:
+ No changes
v15:
+ Update boot_verified part
+ Fix format issues
+ Add IPE doc link to fsverity.rst
v16:
+ Explicitly mention fsverity builtin signature
v17:
+ Rewrite many parts of Documentation/admin-guide/LSM/ipe.rst
+ Fix incorrect path name of policyfs interfaces
v18:
+ Improve policy examples
+ Remove insecure hash algorithms and adapt the documentation
accordingly
+ Update the documentation regarding the new Kconfig switches
---
Documentation/admin-guide/LSM/index.rst | 1 +
Documentation/admin-guide/LSM/ipe.rst | 792 ++++++++++++++++++
.../admin-guide/kernel-parameters.txt | 12 +
Documentation/filesystems/fsverity.rst | 5 +-
Documentation/security/index.rst | 1 +
Documentation/security/ipe.rst | 446 ++++++++++
6 files changed, 1256 insertions(+), 1 deletion(-)
create mode 100644 Documentation/admin-guide/LSM/ipe.rst
create mode 100644 Documentation/security/ipe.rst
diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst
index a6ba95fbaa9f..ce63be6d64ad 100644
--- a/Documentation/admin-guide/LSM/index.rst
+++ b/Documentation/admin-guide/LSM/index.rst
@@ -47,3 +47,4 @@ subdirectories.
tomoyo
Yama
SafeSetID
+ ipe
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
new file mode 100644
index 000000000000..1a3bf1d8aa23
--- /dev/null
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -0,0 +1,792 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+Integrity Policy Enforcement (IPE)
+==================================
+
+.. NOTE::
+
+ This is the documentation for admins, system builders, or individuals
+ attempting to use IPE. If you're looking for more developer-focused
+ documentation about IPE please see Documentation/security/ipe.rst
+
+Overview
+--------
+
+Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a
+complementary approach to access control. Unlike traditional access control
+mechanisms that rely on labels and paths for decision-making, IPE focuses
+on the immutable security properties inherent to system components. These
+properties are fundamental attributes or features of a system component
+that cannot be altered, ensuring a consistent and reliable basis for
+security decisions.
+
+To elaborate, in the context of IPE, system components primarily refer to
+files or the devices these files reside on. However, this is just a
+starting point. The concept of system components is flexible and can be
+extended to include new elements as the system evolves. The immutable
+properties include the origin of a file, which remains constant and
+unchangeable over time. For example, IPE policies can be crafted to trust
+files originating from the initramfs. Since initramfs is typically verified
+by the bootloader, its files are deemed trustworthy; "file is from
+initramfs" becomes an immutable property under IPE's consideration.
+
+The immutable property concept extends to the security features enabled on
+a file's origin, such as dm-verity or fs-verity, which provide a layer of
+integrity and trust. For example, IPE allows the definition of policies
+that trust files from a dm-verity protected device. dm-verity ensures the
+integrity of an entire device by providing a verifiable and immutable state
+of its contents. Similarly, fs-verity offers filesystem-level integrity
+checks, allowing IPE to enforce policies that trust files protected by
+fs-verity. These two features cannot be turned off once established, so
+they are considered immutable properties. These examples demonstrate how
+IPE leverages immutable properties, such as a file's origin and its
+integrity protection mechanisms, to make access control decisions.
+
+For the IPE policy, specifically, it grants the ability to enforce
+stringent access controls by assessing security properties against
+reference values defined within the policy. This assessment can be based on
+the existence of a security property (e.g., verifying if a file originates
+from initramfs) or evaluating the internal state of an immutable security
+property. The latter includes checking the roothash of a dm-verity
+protected device, determining whether dm-verity possesses a valid
+signature, assessing the digest of a fs-verity protected file, or
+determining whether fs-verity possesses a valid built-in signature. This
+nuanced approach to policy enforcement enables a highly secure and
+customizable system defense mechanism, tailored to specific security
+requirements and trust models.
+
+To enable IPE, ensure that ``CONFIG_SECURITY_IPE`` (under
+:menuselection:`Security -> Integrity Policy Enforcement (IPE)`) config
+option is enabled.
+
+Use Cases
+---------
+
+IPE works best in fixed-function devices: devices in which their purpose
+is clearly defined and not supposed to be changed (e.g. network firewall
+device in a data center, an IoT device, etcetera), where all software and
+configuration is built and provisioned by the system owner.
+
+IPE is a long-way off for use in general-purpose computing: the Linux
+community as a whole tends to follow a decentralized trust model (known as
+the web of trust), which IPE has no support for it yet. Instead, IPE
+supports PKI (public key infrastructure), which generally designates a
+set of trusted entities that provide a measure of absolute trust.
+
+Additionally, while most packages are signed today, the files inside
+the packages (for instance, the executables), tend to be unsigned. This
+makes it difficult to utilize IPE in systems where a package manager is
+expected to be functional, without major changes to the package manager
+and ecosystem behind it.
+
+The digest_cache LSM [#digest_cache_lsm]_ is a system that when combined with IPE,
+could be used to enable and support general-purpose computing use cases.
+
+Known Limitations
+-----------------
+
+IPE cannot verify the integrity of anonymous executable memory, such as
+the trampolines created by gcc closures and libffi (<3.4.2), or JIT'd code.
+Unfortunately, as this is dynamically generated code, there is no way
+for IPE to ensure the integrity of this code to form a trust basis. In all
+cases, the return result for these operations will be whatever the admin
+configures as the ``DEFAULT`` action for ``EXECUTE``.
+
+IPE cannot verify the integrity of programs written in interpreted
+languages when these scripts are invoked by passing these program files
+to the interpreter. This is because the way interpreters execute these
+files; the scripts themselves are not evaluated as executable code
+through one of IPE's hooks, but they are merely text files that are read
+(as opposed to compiled executables) [#interpreters]_.
+
+Threat Model
+------------
+
+IPE specifically targets the risk of tampering with user-space executable
+code after the kernel has initially booted, including the kernel modules
+loaded from userspace via ``modprobe`` or ``insmod``.
+
+To illustrate, consider a scenario where an untrusted binary, possibly
+malicious, is downloaded along with all necessary dependencies, including a
+loader and libc. The primary function of IPE in this context is to prevent
+the execution of such binaries and their dependencies.
+
+IPE achieves this by verifying the integrity and authenticity of all
+executable code before allowing them to run. It conducts a thorough
+check to ensure that the code's integrity is intact and that they match an
+authorized reference value (digest, signature, etc) as per the defined
+policy. If a binary does not pass this verification process, either
+because its integrity has been compromised or it does not meet the
+authorization criteria, IPE will deny its execution. Additionally, IPE
+generates audit logs which may be utilized to detect and analyze failures
+resulting from policy violation.
+
+Tampering threat scenarios include modification or replacement of
+executable code by a range of actors including:
+
+- Actors with physical access to the hardware
+- Actors with local network access to the system
+- Actors with access to the deployment system
+- Compromised internal systems under external control
+- Malicious end users of the system
+- Compromised end users of the system
+- Remote (external) compromise of the system
+
+IPE does not mitigate threats arising from malicious but authorized
+developers (with access to a signing certificate), or compromised
+developer tools used by them (i.e. return-oriented programming attacks).
+Additionally, IPE draws hard security boundary between userspace and
+kernelspace. As a result, IPE does not provide any protections against a
+kernel level exploit, and a kernel-level exploit can disable or tamper
+with IPE's protections.
+
+Policy
+------
+
+IPE policy is a plain-text [#devdoc]_ policy composed of multiple statements
+over several lines. There is one required line, at the top of the
+policy, indicating the policy name, and the policy version, for
+instance::
+
+ policy_name=Ex_Policy policy_version=0.0.0
+
+The policy name is a unique key identifying this policy in a human
+readable name. This is used to create nodes under securityfs as well as
+uniquely identify policies to deploy new policies vs update existing
+policies.
+
+The policy version indicates the current version of the policy (NOT the
+policy syntax version). This is used to prevent rollback of policy to
+potentially insecure previous versions of the policy.
+
+The next portion of IPE policy are rules. Rules are formed by key=value
+pairs, known as properties. IPE rules require two properties: ``action``,
+which determines what IPE does when it encounters a match against the
+rule, and ``op``, which determines when the rule should be evaluated.
+The ordering is significant, a rule must start with ``op``, and end with
+``action``. Thus, a minimal rule is::
+
+ op=EXECUTE action=ALLOW
+
+This example will allow any execution. Additional properties are used to
+assess immutable security properties about the files being evaluated.
+These properties are intended to be descriptions of systems within the
+kernel that can provide a measure of integrity verification, such that IPE
+can determine the trust of the resource based on the value of the property.
+
+Rules are evaluated top-to-bottom. As a result, any revocation rules,
+or denies should be placed early in the file to ensure that these rules
+are evaluated before a rule with ``action=ALLOW``.
+
+IPE policy supports comments. The character '#' will function as a
+comment, ignoring all characters to the right of '#' until the newline.
+
+The default behavior of IPE evaluations can also be expressed in policy,
+through the ``DEFAULT`` statement. This can be done at a global level,
+or a per-operation level::
+
+ # Global
+ DEFAULT action=ALLOW
+
+ # Operation Specific
+ DEFAULT op=EXECUTE action=ALLOW
+
+A default must be set for all known operations in IPE. If you want to
+preserve older policies being compatible with newer kernels that can introduce
+new operations, set a global default of ``ALLOW``, then override the
+defaults on a per-operation basis (as above).
+
+With configurable policy-based LSMs, there's several issues with
+enforcing the configurable policies at startup, around reading and
+parsing the policy:
+
+1. The kernel *should* not read files from userspace, so directly reading
+ the policy file is prohibited.
+2. The kernel command line has a character limit, and one kernel module
+ should not reserve the entire character limit for its own
+ configuration.
+3. There are various boot loaders in the kernel ecosystem, so handing
+ off a memory block would be costly to maintain.
+
+As a result, IPE has addressed this problem through a concept of a "boot
+policy". A boot policy is a minimal policy which is compiled into the
+kernel. This policy is intended to get the system to a state where
+userspace is set up and ready to receive commands, at which point a more
+complex policy can be deployed via securityfs. The boot policy can be
+specified via ``SECURITY_IPE_BOOT_POLICY`` config option, which accepts
+a path to a plain-text version of the IPE policy to apply. This policy
+will be compiled into the kernel. If not specified, IPE will be disabled
+until a policy is deployed and activated through securityfs.
+
+Deploying Policies
+~~~~~~~~~~~~~~~~~~
+
+Policies can be deployed from userspace through securityfs. These policies
+are signed through the PKCS#7 message format to enforce some level of
+authorization of the policies (prohibiting an attacker from gaining
+unconstrained root, and deploying an "allow all" policy). These
+policies must be signed by a certificate that chains to the
+``SYSTEM_TRUSTED_KEYRING``. With openssl, the policy can be signed by::
+
+ openssl smime -sign \
+ -in "$MY_POLICY" \
+ -signer "$MY_CERTIFICATE" \
+ -inkey "$MY_PRIVATE_KEY" \
+ -noattr \
+ -nodetach \
+ -nosmimecap \
+ -outform der \
+ -out "$MY_POLICY.p7b"
+
+Deploying the policies is done through securityfs, through the
+``new_policy`` node. To deploy a policy, simply cat the file into the
+securityfs node::
+
+ cat "$MY_POLICY.p7b" > /sys/kernel/security/ipe/new_policy
+
+Upon success, this will create one subdirectory under
+``/sys/kernel/security/ipe/policies/``. The subdirectory will be the
+``policy_name`` field of the policy deployed, so for the example above,
+the directory will be ``/sys/kernel/security/ipe/policies/Ex_Policy``.
+Within this directory, there will be seven files: ``pkcs7``, ``policy``,
+``name``, ``version``, ``active``, ``update``, and ``delete``.
+
+The ``pkcs7`` file is read-only. Reading it returns the raw PKCS#7 data
+that was provided to the kernel, representing the policy. If the policy being
+read is the boot policy, this will return ``ENOENT``, as it is not signed.
+
+The ``policy`` file is read only. Reading it returns the PKCS#7 inner
+content of the policy, which will be the plain text policy.
+
+The ``active`` file is used to set a policy as the currently active policy.
+This file is rw, and accepts a value of ``"1"`` to set the policy as active.
+Since only a single policy can be active at one time, all other policies
+will be marked inactive. The policy being marked active must have a policy
+version greater or equal to the currently-running version.
+
+The ``update`` file is used to update a policy that is already present
+in the kernel. This file is write-only and accepts a PKCS#7 signed
+policy. Two checks will always be performed on this policy: First, the
+``policy_names`` must match with the updated version and the existing
+version. Second the updated policy must have a policy version greater than
+or equal to the currently-running version. This is to prevent rollback attacks.
+
+The ``delete`` file is used to remove a policy that is no longer needed.
+This file is write-only and accepts a value of ``1`` to delete the policy.
+On deletion, the securityfs node representing the policy will be removed.
+However, delete the current active policy is not allowed and will return
+an operation not permitted error.
+
+Similarly, writing to both ``update`` and ``new_policy`` could result in
+bad message(policy syntax error) or file exists error. The latter error happens
+when trying to deploy a policy with a ``policy_name`` while the kernel already
+has a deployed policy with the same ``policy_name``.
+
+Deploying a policy will *not* cause IPE to start enforcing the policy. IPE will
+only enforce the policy marked active. Note that only one policy can be active
+at a time.
+
+Once deployment is successful, the policy can be activated, by writing file
+``/sys/kernel/security/ipe/policies/$policy_name/active``.
+For example, the ``Ex_Policy`` can be activated by::
+
+ echo 1 > "/sys/kernel/security/ipe/policies/Ex_Policy/active"
+
+From above point on, ``Ex_Policy`` is now the enforced policy on the
+system.
+
+IPE also provides a way to delete policies. This can be done via the
+``delete`` securityfs node,
+``/sys/kernel/security/ipe/policies/$policy_name/delete``.
+Writing ``1`` to that file deletes the policy::
+
+ echo 1 > "/sys/kernel/security/ipe/policies/$policy_name/delete"
+
+There is only one requirement to delete a policy: the policy being deleted
+must be inactive.
+
+.. NOTE::
+
+ If a traditional MAC system is enabled (SELinux, apparmor, smack), all
+ writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
+
+Modes
+~~~~~
+
+IPE supports two modes of operation: permissive (similar to SELinux's
+permissive mode) and enforced. In permissive mode, all events are
+checked and policy violations are logged, but the policy is not really
+enforced. This allows users to test policies before enforcing them.
+
+The default mode is enforce, and can be changed via the kernel command
+line parameter ``ipe.enforce=(0|1)``, or the securityfs node
+``/sys/kernel/security/ipe/enforce``.
+
+.. NOTE::
+
+ If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera),
+ all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
+
+Audit Events
+~~~~~~~~~~~~
+
+1420 AUDIT_IPE_ACCESS
+^^^^^^^^^^^^^^^^^^^^^
+Event Examples::
+
+ type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-linux.so" path="/deny/lib/libc.so.6" dev="sda2" ino=14549020 rule="DEFAULT action=DENY"
+ type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a28000 a1=195000 a2=5 a3=812 items=0 ppid=2219 pid=2241 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null)
+ type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00
+
+ type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_test" path=? dev=? ino=? rule="DEFAULT action=DENY"
+ type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000 a2=4 a3=21 items=0 ppid=2219 pid=2472 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="mmap_test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null)
+ type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00
+
+This event indicates that IPE made an access control decision; the IPE
+specific record (1420) is always emitted in conjunction with a
+``AUDITSYSCALL`` record.
+
+Determining whether IPE is in permissive or enforced mode can be derived
+from ``success`` property and exit code of the ``AUDITSYSCALL`` record.
+
+
+Field descriptions:
+
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| Field | Value Type | Optional? | Description of Value |
++===========+============+===========+=================================================================================+
+| ipe_op | string | No | The IPE operation name associated with the log |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| ipe_hook | string | No | The name of the LSM hook that triggered the IPE event |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| enforcing | integer | No | The current IPE enforcing state 1 is in enforcing mode, 0 is in permissive mode |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| pid | integer | No | The pid of the process that triggered the IPE event. |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| comm | string | No | The command line program name of the process that triggered the IPE event |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| path | string | Yes | The absolute path to the evaluated file |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| ino | integer | Yes | The inode number of the evaluated file |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| dev | string | Yes | The device name of the evaluated file, e.g. vda |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+| rule | string | No | The matched policy rule |
++-----------+------------+-----------+---------------------------------------------------------------------------------+
+
+1421 AUDIT_IPE_CONFIG_CHANGE
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Event Example::
+
+ type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 old_policy_digest=sha256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 new_active_pol_name="boot_verified" new_active_pol_version=0.0.0 new_policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1
+ type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=5596fcae1fb0 a2=2 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null)
+ type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2
+
+This event indicates that IPE switched the active poliy from one to another
+along with the version and the hash digest of the two policies.
+Note IPE can only have one policy active at a time, all access decision
+evaluation is based on the current active policy.
+The normal procedure to deploy a new policy is loading the policy to deploy
+into the kernel first, then switch the active policy to it.
+
+This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
+
+Field descriptions:
+
++------------------------+------------+-----------+---------------------------------------------------+
+| Field | Value Type | Optional? | Description of Value |
++========================+============+===========+===================================================+
+| old_active_pol_name | string | No | The name of previous active policy |
++------------------------+------------+-----------+---------------------------------------------------+
+| old_active_pol_version | string | No | The version of previous active policy |
++------------------------+------------+-----------+---------------------------------------------------+
+| old_policy_digest | string | No | The hash of previous active policy |
++------------------------+------------+-----------+---------------------------------------------------+
+| new_active_pol_name | string | No | The name of current active policy |
++------------------------+------------+-----------+---------------------------------------------------+
+| new_active_pol_version | string | No | The version of current active policy |
++------------------------+------------+-----------+---------------------------------------------------+
+| new_policy_digest | string | No | The hash of current active policy |
++------------------------+------------+-----------+---------------------------------------------------+
+| auid | integer | No | The login user ID |
++------------------------+------------+-----------+---------------------------------------------------+
+| ses | integer | No | The login session ID |
++------------------------+------------+-----------+---------------------------------------------------+
+| lsm | string | No | The lsm name associated with the event |
++------------------------+------------+-----------+---------------------------------------------------+
+| res | integer | No | The result of the audited operation(success/fail) |
++------------------------+------------+-----------+---------------------------------------------------+
+
+1422 AUDIT_IPE_POLICY_LOAD
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Event Example::
+
+ type=1422 audit(1653425529.927:53): policy_name="boot_verified" policy_version=0.0.0 policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1
+ type=1300 audit(1653425529.927:53): arch=c000003e syscall=1 success=yes exit=2567 a0=3 a1=5596fcae1fb0 a2=a07 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null)
+ type=1327 audit(1653425529.927:53): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2E
+
+This record indicates a new policy has been loaded into the kernel with the policy name, policy version and policy hash.
+
+This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
+
+Field descriptions:
+
++----------------+------------+-----------+---------------------------------------------------+
+| Field | Value Type | Optional? | Description of Value |
++================+============+===========+===================================================+
+| policy_name | string | No | The policy_name |
++----------------+------------+-----------+---------------------------------------------------+
+| policy_version | string | No | The policy_version |
++----------------+------------+-----------+---------------------------------------------------+
+| policy_digest | string | No | The policy hash |
++----------------+------------+-----------+---------------------------------------------------+
+| auid | integer | No | The login user ID |
++----------------+------------+-----------+---------------------------------------------------+
+| ses | integer | No | The login session ID |
++----------------+------------+-----------+---------------------------------------------------+
+| lsm | string | No | The lsm name associated with the event |
++----------------+------------+-----------+---------------------------------------------------+
+| res | integer | No | The result of the audited operation(success/fail) |
++----------------+------------+-----------+---------------------------------------------------+
+
+
+1404 AUDIT_MAC_STATUS
+^^^^^^^^^^^^^^^^^^^^^
+
+Event Examples::
+
+ type=1404 audit(1653425689.008:55): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
+ type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=)
+ type=1327 audit(1653425689.008:55): proctitle="-bash"
+
+ type=1404 audit(1653425689.008:55): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
+ type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=)
+ type=1327 audit(1653425689.008:55): proctitle="-bash"
+
+This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
+
+Field descriptions:
+
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| Field | Value Type | Optional? | Description of Value |
++===============+============+===========+=================================================================================================+
+| enforcing | integer | No | The enforcing state IPE is being switched to, 1 is in enforcing mode, 0 is in permissive mode |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| old_enforcing | integer | No | The enforcing state IPE is being switched from, 1 is in enforcing mode, 0 is in permissive mode |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| auid | integer | No | The login user ID |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| ses | integer | No | The login session ID |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| enabled | integer | No | The new TTY audit enabled setting |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| old-enabled | integer | No | The old TTY audit enabled setting |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| lsm | string | No | The lsm name associated with the event |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+| res | integer | No | The result of the audited operation(success/fail) |
++---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
+
+
+Success Auditing
+^^^^^^^^^^^^^^^^
+
+IPE supports success auditing. When enabled, all events that pass IPE
+policy and are not blocked will emit an audit event. This is disabled by
+default, and can be enabled via the kernel command line
+``ipe.success_audit=(0|1)`` or
+``/sys/kernel/security/ipe/success_audit`` securityfs file.
+
+This is *very* noisy, as IPE will check every userspace binary on the
+system, but is useful for debugging policies.
+
+.. NOTE::
+
+ If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera),
+ all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
+
+Properties
+----------
+
+As explained above, IPE properties are ``key=value`` pairs expressed in IPE
+policy. Two properties are built-into the policy parser: 'op' and 'action'.
+The other properties are used to restrict immutable security properties
+about the files being evaluated. Currently those properties are:
+'``boot_verified``', '``dmverity_signature``', '``dmverity_roothash``',
+'``fsverity_signature``', '``fsverity_digest``'. A description of all
+properties supported by IPE are listed below:
+
+op
+~~
+
+Indicates the operation for a rule to apply to. Must be in every rule,
+as the first token. IPE supports the following operations:
+
+ ``EXECUTE``
+
+ Pertains to any file attempting to be executed, or loaded as an
+ executable.
+
+ ``FIRMWARE``:
+
+ Pertains to firmware being loaded via the firmware_class interface.
+ This covers both the preallocated buffer and the firmware file
+ itself.
+
+ ``KMODULE``:
+
+ Pertains to loading kernel modules via ``modprobe`` or ``insmod``.
+
+ ``KEXEC_IMAGE``:
+
+ Pertains to kernel images loading via ``kexec``.
+
+ ``KEXEC_INITRAMFS``
+
+ Pertains to initrd images loading via ``kexec --initrd``.
+
+ ``POLICY``:
+
+ Controls loading policies via reading a kernel-space initiated read.
+
+ An example of such is loading IMA policies by writing the path
+ to the policy file to ``$securityfs/ima/policy``
+
+ ``X509_CERT``:
+
+ Controls loading IMA certificates through the Kconfigs,
+ ``CONFIG_IMA_X509_PATH`` and ``CONFIG_EVM_X509_PATH``.
+
+action
+~~~~~~
+
+ Determines what IPE should do when a rule matches. Must be in every
+ rule, as the final clause. Can be one of:
+
+ ``ALLOW``:
+
+ If the rule matches, explicitly allow access to the resource to proceed
+ without executing any more rules.
+
+ ``DENY``:
+
+ If the rule matches, explicitly prohibit access to the resource to
+ proceed without executing any more rules.
+
+boot_verified
+~~~~~~~~~~~~~
+
+ This property can be utilized for authorization of files from initramfs.
+ The format of this property is::
+
+ boot_verified=(TRUE|FALSE)
+
+
+ .. WARNING::
+
+ This property will trust files from initramfs(rootfs). It should
+ only be used during early booting stage. Before mounting the real
+ rootfs on top of the initramfs, initramfs script will recursively
+ remove all files and directories on the initramfs. This is typically
+ implemented by using switch_root(8) [#switch_root]_. Therefore the
+ initramfs will be empty and not accessible after the real
+ rootfs takes over. It is advised to switch to a different policy
+ that doesn't rely on the property after this point.
+ This ensures that the trust policies remain relevant and effective
+ throughout the system's operation.
+
+dmverity_roothash
+~~~~~~~~~~~~~~~~~
+
+ This property can be utilized for authorization or revocation of
+ specific dm-verity volumes, identified via their root hashes. It has a
+ dependency on the DM_VERITY module. This property is controlled by
+ the ``IPE_PROP_DM_VERITY`` config option, it will be automatically
+ selected when ``SECURITY_IPE`` and ``DM_VERITY`` are all enabled.
+ The format of this property is::
+
+ dmverity_roothash=DigestName:HexadecimalString
+
+ The supported DigestNames for dmverity_roothash are [#dmveritydigests]_
+
+ + blake2b-512
+ + blake2s-256
+ + sha256
+ + sha384
+ + sha512
+ + sha3-224
+ + sha3-256
+ + sha3-384
+ + sha3-512
+ + sm3
+ + rmd160
+
+dmverity_signature
+~~~~~~~~~~~~~~~~~~
+
+ This property can be utilized for authorization of all dm-verity
+ volumes that have a signed roothash that validated by a keyring
+ specified by dm-verity's configuration, either the system trusted
+ keyring, or the secondary keyring. It depends on
+ ``DM_VERITY_VERIFY_ROOTHASH_SIG`` config option and is controlled by
+ the ``IPE_PROP_DM_VERITY_SIGNATURE`` config option, it will be automatically
+ selected when ``SECURITY_IPE``, ``DM_VERITY`` and
+ ``DM_VERITY_VERIFY_ROOTHASH_SIG`` are all enabled.
+ The format of this property is::
+
+ dmverity_signature=(TRUE|FALSE)
+
+fsverity_digest
+~~~~~~~~~~~~~~~
+
+ This property can be utilized for authorization of specific fsverity
+ enabled files, identified via their fsverity digests.
+ It depends on ``FS_VERITY`` config option and is controlled by
+ the ``IPE_PROP_FS_VERITY`` config option, it will be automatically
+ selected when ``SECURITY_IPE`` and ``FS_VERITY`` are all enabled.
+ The format of this property is::
+
+ fsverity_digest=DigestName:HexadecimalString
+
+ The supported DigestNames for fsverity_digest are [#fsveritydigest]_
+
+ + sha256
+ + sha512
+
+fsverity_signature
+~~~~~~~~~~~~~~~~~~
+
+ This property is used to authorize all fs-verity enabled files that have
+ been verified by fs-verity's built-in signature mechanism. The signature
+ verification relies on a key stored within the ".fs-verity" keyring. It
+ depends on ``FS_VERITY_BUILTIN_SIGNATURES`` config option and
+ it is controlled by the ``IPE_PROP_FS_VERITY`` config option,
+ it will be automatically selected when ``SECURITY_IPE``, ``FS_VERITY``
+ and ``FS_VERITY_BUILTIN_SIGNATURES`` are all enabled.
+ The format of this property is::
+
+ fsverity_signature=(TRUE|FALSE)
+
+Policy Examples
+---------------
+
+Allow all
+~~~~~~~~~
+
+::
+
+ policy_name=Allow_All policy_version=0.0.0
+ DEFAULT action=ALLOW
+
+Allow only initramfs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ policy_name=Allow_Initramfs policy_version=0.0.0
+ DEFAULT action=DENY
+
+ op=EXECUTE boot_verified=TRUE action=ALLOW
+
+Allow any signed and validated dm-verity volume and the initramfs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ policy_name=Allow_Signed_DMV_And_Initramfs policy_version=0.0.0
+ DEFAULT action=DENY
+
+ op=EXECUTE boot_verified=TRUE action=ALLOW
+ op=EXECUTE dmverity_signature=TRUE action=ALLOW
+
+Prohibit execution from a specific dm-verity volume
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ policy_name=Deny_DMV_By_Roothash policy_version=0.0.0
+ DEFAULT action=DENY
+
+ op=EXECUTE dmverity_roothash=sha256:cd2c5bae7c6c579edaae4353049d58eb5f2e8be0244bf05345bc8e5ed257baff action=DENY
+
+ op=EXECUTE boot_verified=TRUE action=ALLOW
+ op=EXECUTE dmverity_signature=TRUE action=ALLOW
+
+Allow only a specific dm-verity volume
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ policy_name=Allow_DMV_By_Roothash policy_version=0.0.0
+ DEFAULT action=DENY
+
+ op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
+
+Allow any fs-verity file with a valid built-in signature
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ policy_name=Allow_Signed_And_Validated_FSVerity policy_version=0.0.0
+ DEFAULT action=DENY
+
+ op=EXECUTE fsverity_signature=TRUE action=ALLOW
+
+Allow execution of a specific fs-verity file
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ policy_name=ALLOW_FSV_By_Digest policy_version=0.0.0
+ DEFAULT action=DENY
+
+ op=EXECUTE fsverity_digest=sha256:fd88f2b8824e197f850bf4c5109bea5cf0ee38104f710843bb72da796ba5af9e action=ALLOW
+
+Additional Information
+----------------------
+
+- `Github Repository <https://github.com/microsoft/ipe>`_
+- Documentation/security/ipe.rst
+
+FAQ
+---
+
+Q:
+ What's the difference between other LSMs which provide a measure of
+ trust-based access control?
+
+A:
+
+ In general, there's two other LSMs that can provide similar functionality:
+ IMA, and Loadpin.
+
+ IMA and IPE are functionally very similar. The significant difference between
+ the two is the policy. [#devdoc]_
+
+ Loadpin and IPE differ fairly dramatically, as Loadpin only covers the IPE's
+ kernel read operations, whereas IPE is capable of controlling execution
+ on top of kernel read. The trust model is also different; Loadpin roots its
+ trust in the initial super-block, whereas trust in IPE is stemmed from kernel
+ itself (via ``SYSTEM_TRUSTED_KEYS``).
+
+-----------
+
+.. [#digest_cache_lsm] https://lore.kernel.org/lkml/[email protected]/
+
+.. [#interpreters] There is `some interest in solving this issue <https://lore.kernel.org/lkml/[email protected]/>`_.
+
+.. [#devdoc] Please see Documentation/security/ipe.rst for more on this topic.
+
+.. [#switch_root] https://man7.org/linux/man-pages/man8/switch_root.8.html
+
+.. [#dmveritydigests] These hash algorithms are based on values accepted by
+ the Linux crypto API; IPE does not impose any
+ restrictions on the digest algorithm itself;
+ thus, this list may be out of date.
+
+.. [#fsveritydigest] These hash algorithms are based on values accepted by the
+ kernel's fsverity support; IPE does not impose any
+ restrictions on the digest algorithm itself;
+ thus, this list may be out of date.
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 213d0719e2b7..bf7ae099db9c 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2321,6 +2321,18 @@
ipcmni_extend [KNL,EARLY] Extend the maximum number of unique System V
IPC identifiers from 32,768 to 16,777,216.
+ ipe.enforce= [IPE]
+ Format: <bool>
+ Determine whether IPE starts in permissive (0) or
+ enforce (1) mode. The default is enforce.
+
+ ipe.success_audit=
+ [IPE]
+ Format: <bool>
+ Start IPE with success auditing enabled, emitting
+ an audit event when a binary is allowed. The default
+ is 0.
+
irqaffinity= [SMP] Set the default irq affinity mask
The argument is a cpu list, as described above.
diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst
index 362b7a5dc300..46ab280e1b13 100644
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -92,7 +92,9 @@ authenticating fs-verity file hashes include:
"IPE policy" specifically allows for the authorization of fs-verity
files using properties ``fsverity_digest`` for identifying
files by their verity digest, and ``fsverity_signature`` to authorize
- files with a verified fs-verity's built-in signature.
+ files with a verified fs-verity's built-in signature. For
+ details on configuring IPE policies and understanding its operational
+ modes, please refer to Documentation/admin-guide/LSM/ipe.rst.
- Trusted userspace code in combination with `Built-in signature
verification`_. This approach should be used only with great care.
@@ -508,6 +510,7 @@ be carefully considered before using them:
files with a verified fs-verity builtin signature to perform certain
operations, such as execution. Note that IPE doesn't require
fs.verity.require_signatures=1.
+ Please refer to Documentation/admin-guide/LSM/ipe.rst for more details.
- A file's builtin signature can only be set at the same time that
fs-verity is being enabled on the file. Changing or deleting the
diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst
index 59f8fc106cb0..3e0a7114a862 100644
--- a/Documentation/security/index.rst
+++ b/Documentation/security/index.rst
@@ -19,3 +19,4 @@ Security Documentation
digsig
landlock
secrets/index
+ ipe
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
new file mode 100644
index 000000000000..07e363224128
--- /dev/null
+++ b/Documentation/security/ipe.rst
@@ -0,0 +1,446 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+Integrity Policy Enforcement (IPE) - Kernel Documentation
+=========================================================
+
+.. NOTE::
+
+ This is documentation targeted at developers, instead of administrators.
+ If you're looking for documentation on the usage of IPE, please see
+ Documentation/admin-guide/LSM/ipe.rst
+
+Historical Motivation
+---------------------
+
+The original issue that prompted IPE's implementation was the creation
+of a locked-down system. This system would be born-secure, and have
+strong integrity guarantees over both the executable code, and specific
+*data files* on the system, that were critical to its function. These
+specific data files would not be readable unless they passed integrity
+policy. A mandatory access control system would be present, and
+as a result, xattrs would have to be protected. This lead to a selection
+of what would provide the integrity claims. At the time, there were two
+main mechanisms considered that could guarantee integrity for the system
+with these requirements:
+
+ 1. IMA + EVM Signatures
+ 2. DM-Verity
+
+Both options were carefully considered, however the choice to use DM-Verity
+over IMA+EVM as the *integrity mechanism* in the original use case of IPE
+was due to three main reasons:
+
+ 1. Protection of additional attack vectors:
+
+ * With IMA+EVM, without an encryption solution, the system is vulnerable
+ to offline attack against the aforementioned specific data files.
+
+ Unlike executables, read operations (like those on the protected data
+ files), cannot be enforced to be globally integrity verified. This means
+ there must be some form of selector to determine whether a read should
+ enforce the integrity policy, or it should not.
+
+ At the time, this was done with mandatory access control labels. An IMA
+ policy would indicate what labels required integrity verification, which
+ presented an issue: EVM would protect the label, but if an attacker could
+ modify filesystem offline, the attacker could wipe all the xattrs -
+ including the SELinux labels that would be used to determine whether the
+ file should be subject to integrity policy.
+
+ With DM-Verity, as the xattrs are saved as part of the Merkel tree, if
+ offline mount occurs against the filesystem protected by dm-verity, the
+ checksum no longer matches and the file fails to be read.
+
+ * As userspace binaries are paged in Linux, dm-verity also offers the
+ additional protection against a hostile block device. In such an attack,
+ the block device reports the appropriate content for the IMA hash
+ initially, passing the required integrity check. Then, on the page fault
+ that accesses the real data, will report the attacker's payload. Since
+ dm-verity will check the data when the page fault occurs (and the disk
+ access), this attack is mitigated.
+
+ 2. Performance:
+
+ * dm-verity provides integrity verification on demand as blocks are
+ read versus requiring the entire file being read into memory for
+ validation.
+
+ 3. Simplicity of signing:
+
+ * No need for two signatures (IMA, then EVM): one signature covers
+ an entire block device.
+ * Signatures can be stored externally to the filesystem metadata.
+ * The signature supports an x.509-based signing infrastructure.
+
+The next step was to choose a *policy* to enforce the integrity mechanism.
+The minimum requirements for the policy were:
+
+ 1. The policy itself must be integrity verified (preventing trivial
+ attack against it).
+ 2. The policy itself must be resistant to rollback attacks.
+ 3. The policy enforcement must have a permissive-like mode.
+ 4. The policy must be able to be updated, in its entirety, without
+ a reboot.
+ 5. Policy updates must be atomic.
+ 6. The policy must support *revocations* of previously authored
+ components.
+ 7. The policy must be auditable, at any point-of-time.
+
+IMA, as the only integrity policy mechanism at the time, was
+considered against these list of requirements, and did not fulfill
+all of the minimum requirements. Extending IMA to cover these
+requirements was considered, but ultimately discarded for a
+two reasons:
+
+ 1. Regression risk; many of these changes would result in
+ dramatic code changes to IMA, which is already present in the
+ kernel, and therefore might impact users.
+
+ 2. IMA was used in the system for measurement and attestation;
+ separation of measurement policy from local integrity policy
+ enforcement was considered favorable.
+
+Due to these reasons, it was decided that a new LSM should be created,
+whose responsibility would be only the local integrity policy enforcement.
+
+Role and Scope
+--------------
+
+IPE, as its name implies, is fundamentally an integrity policy enforcement
+solution; IPE does not mandate how integrity is provided, but instead
+leaves that decision to the system administrator to set the security bar,
+via the mechanisms that they select that suit their individual needs.
+There are several different integrity solutions that provide a different
+level of security guarantees; and IPE allows sysadmins to express policy for
+theoretically all of them.
+
+IPE does not have an inherent mechanism to ensure integrity on its own.
+Instead, there are more effective layers available for building systems that
+can guarantee integrity. It's important to note that the mechanism for proving
+integrity is independent of the policy for enforcing that integrity claim.
+
+Therefore, IPE was designed around:
+
+ 1. Easy integrations with integrity providers.
+ 2. Ease of use for platform administrators/sysadmins.
+
+Design Rationale:
+-----------------
+
+IPE was designed after evaluating existing integrity policy solutions
+in other operating systems and environments. In this survey of other
+implementations, there were a few pitfalls identified:
+
+ 1. Policies were not readable by humans, usually requiring a binary
+ intermediary format.
+ 2. A single, non-customizable action was implicitly taken as a default.
+ 3. Debugging the policy required manual steps to determine what rule was violated.
+ 4. Authoring a policy required an in-depth knowledge of the larger system,
+ or operating system.
+
+IPE attempts to avoid all of these pitfalls.
+
+Policy
+~~~~~~
+
+Plain Text
+^^^^^^^^^^
+
+IPE's policy is plain-text. This introduces slightly larger policy files than
+other LSMs, but solves two major problems that occurs with some integrity policy
+solutions on other platforms.
+
+The first issue is one of code maintenance and duplication. To author policies,
+the policy has to be some form of string representation (be it structured,
+through XML, JSON, YAML, etcetera), to allow the policy author to understand
+what is being written. In a hypothetical binary policy design, a serializer
+is necessary to write the policy from the human readable form, to the binary
+form, and a deserializer is needed to interpret the binary form into a data
+structure in the kernel.
+
+Eventually, another deserializer will be needed to transform the binary from
+back into the human-readable form with as much information preserved. This is because a
+user of this access control system will have to keep a lookup table of a checksum
+and the original file itself to try to understand what policies have been deployed
+on this system and what policies have not. For a single user, this may be alright,
+as old policies can be discarded almost immediately after the update takes hold.
+For users that manage computer fleets in the thousands, if not hundreds of thousands,
+with multiple different operating systems, and multiple different operational needs,
+this quickly becomes an issue, as stale policies from years ago may be present,
+quickly resulting in the need to recover the policy or fund extensive infrastructure
+to track what each policy contains.
+
+With now three separate serializer/deserializers, maintenance becomes costly. If the
+policy avoids the binary format, there is only one required serializer: from the
+human-readable form to the data structure in kernel, saving on code maintenance,
+and retaining operability.
+
+The second issue with a binary format is one of transparency. As IPE controls
+access based on the trust of the system's resources, it's policy must also be
+trusted to be changed. This is done through signatures, resulting in needing
+signing as a process. Signing, as a process, is typically done with a
+high security bar, as anything signed can be used to attack integrity
+enforcement systems. It is also important that, when signing something, that
+the signer is aware of what they are signing. A binary policy can cause
+obfuscation of that fact; what signers see is an opaque binary blob. A
+plain-text policy, on the other hand, the signers see the actual policy
+submitted for signing.
+
+Boot Policy
+~~~~~~~~~~~
+
+IPE, if configured appropriately, is able to enforce a policy as soon as a
+kernel is booted and usermode starts. That implies some level of storage
+of the policy to apply the minute usermode starts. Generally, that storage
+can be handled in one of three ways:
+
+ 1. The policy file(s) live on disk and the kernel loads the policy prior
+ to an code path that would result in an enforcement decision.
+ 2. The policy file(s) are passed by the bootloader to the kernel, who
+ parses the policy.
+ 3. There is a policy file that is compiled into the kernel that is
+ parsed and enforced on initialization.
+
+The first option has problems: the kernel reading files from userspace
+is typically discouraged and very uncommon in the kernel.
+
+The second option also has problems: Linux supports a variety of bootloaders
+across its entire ecosystem - every bootloader would have to support this
+new methodology or there must be an independent source. It would likely
+result in more drastic changes to the kernel startup than necessary.
+
+The third option is the best but it's important to be aware that the policy
+will take disk space against the kernel it's compiled in. It's important to
+keep this policy generalized enough that userspace can load a new, more
+complicated policy, but restrictive enough that it will not overauthorize
+and cause security issues.
+
+The initramfs provides a way that this bootup path can be established. The
+kernel starts with a minimal policy, that trusts the initramfs only. Inside
+the initramfs, when the real rootfs is mounted, but not yet transferred to,
+it deploys and activates a policy that trusts the new root filesystem.
+This prevents overauthorization at any step, and keeps the kernel policy
+to a minimal size.
+
+Startup
+^^^^^^^
+
+Not every system, however starts with an initramfs, so the startup policy
+compiled into the kernel will need some flexibility to express how trust
+is established for the next phase of the bootup. To this end, if we just
+make the compiled-in policy a full IPE policy, it allows system builders
+to express the first stage bootup requirements appropriately.
+
+Updatable, Rebootless Policy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As requirements change over time (vulnerabilities are found in previously
+trusted applications, keys roll, etcetera). Updating a kernel to change the
+meet those security goals is not always a suitable option, as updates are not
+always risk-free, and blocking a security update leaves systems vulnerable.
+This means IPE requires a policy that can be completely updated (allowing
+revocations of existing policy) from a source external to the kernel (allowing
+policies to be updated without updating the kernel).
+
+Additionally, since the kernel is stateless between invocations, and reading
+policy files off the disk from kernel space is a bad idea(tm), then the
+policy updates have to be done rebootlessly.
+
+To allow an update from an external source, it could be potentially malicious,
+so this policy needs to have a way to be identified as trusted. This is
+done via a signature chained to a trust source in the kernel. Arbitrarily,
+this is the ``SYSTEM_TRUSTED_KEYRING``, a keyring that is initially
+populated at kernel compile-time, as this matches the expectation that the
+author of the compiled-in policy described above is the same entity that can
+deploy policy updates.
+
+Anti-Rollback / Anti-Replay
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Over time, vulnerabilities are found and trusted resources may not be
+trusted anymore. IPE's policy has no exception to this. There can be
+instances where a mistaken policy author deploys an insecure policy,
+before correcting it with a secure policy.
+
+Assuming that as soon as the insecure policy is signed, and an attacker
+acquires the insecure policy, IPE needs a way to prevent rollback
+from the secure policy update to the insecure policy update.
+
+Initially, IPE's policy can have a policy_version that states the
+minimum required version across all policies that can be active on
+the system. This will prevent rollback while the system is live.
+
+.. WARNING::
+
+ However, since the kernel is stateless across boots, this policy
+ version will be reset to 0.0.0 on the next boot. System builders
+ need to be aware of this, and ensure the new secure policies are
+ deployed ASAP after a boot to ensure that the window of
+ opportunity is minimal for an attacker to deploy the insecure policy.
+
+Implicit Actions:
+~~~~~~~~~~~~~~~~~
+
+The issue of implicit actions only becomes visible when you consider
+a mixed level of security bars across multiple operations in a system.
+For example, consider a system that has strong integrity guarantees
+over both the executable code, and specific *data files* on the system,
+that were critical to its function. In this system, three types of policies
+are possible:
+
+ 1. A policy in which failure to match any rules in the policy results
+ in the action being denied.
+ 2. A policy in which failure to match any rules in the policy results
+ in the action being allowed.
+ 3. A policy in which the action taken when no rules are matched is
+ specified by the policy author.
+
+The first option could make a policy like this::
+
+ op=EXECUTE integrity_verified=YES action=ALLOW
+
+In the example system, this works well for the executables, as all
+executables should have integrity guarantees, without exception. The
+issue becomes with the second requirement about specific data files.
+This would result in a policy like this (assuming each line is
+evaluated in order)::
+
+ op=EXECUTE integrity_verified=YES action=ALLOW
+
+ op=READ integrity_verified=NO label=critical_t action=DENY
+ op=READ action=ALLOW
+
+This is somewhat clear if you read the docs, understand the policy
+is executed in order and that the default is a denial; however, the
+last line effectively changes that default to an ALLOW. This is
+required, because in a realistic system, there are some unverified
+reads (imagine appending to a log file).
+
+The second option, matching no rules results in an allow, is clearer
+for the specific data files::
+
+ op=READ integrity_verified=NO label=critical_t action=DENY
+
+And, like the first option, falls short with the opposite scenario,
+effectively needing to override the default::
+
+ op=EXECUTE integrity_verified=YES action=ALLOW
+ op=EXECUTE action=DENY
+
+ op=READ integrity_verified=NO label=critical_t action=DENY
+
+This leaves the third option. Instead of making users be clever
+and override the default with an empty rule, force the end-user
+to consider what the appropriate default should be for their
+scenario and explicitly state it::
+
+ DEFAULT op=EXECUTE action=DENY
+ op=EXECUTE integrity_verified=YES action=ALLOW
+
+ DEFAULT op=READ action=ALLOW
+ op=READ integrity_verified=NO label=critical_t action=DENY
+
+Policy Debugging:
+~~~~~~~~~~~~~~~~~
+
+When developing a policy, it is useful to know what line of the policy
+is being violated to reduce debugging costs; narrowing the scope of the
+investigation to the exact line that resulted in the action. Some integrity
+policy systems do not provide this information, instead providing the
+information that was used in the evaluation. This then requires a correlation
+with the policy to evaluate what went wrong.
+
+Instead, IPE just emits the rule that was matched. This limits the scope
+of the investigation to the exact policy line (in the case of a specific
+rule), or the section (in the case of a DEFAULT). This decreases iteration
+and investigation times when policy failures are observed while evaluating
+policies.
+
+IPE's policy engine is also designed in a way that it makes it obvious to
+a human of how to investigate a policy failure. Each line is evaluated in
+the sequence that is written, so the algorithm is very simple to follow
+for humans to recreate the steps and could have caused the failure. In other
+surveyed systems, optimizations occur (sorting rules, for instance) when loading
+the policy. In those systems, it requires multiple steps to debug, and the
+algorithm may not always be clear to the end-user without reading the code first.
+
+Simplified Policy:
+~~~~~~~~~~~~~~~~~~
+
+Finally, IPE's policy is designed for sysadmins, not kernel developers. Instead
+of covering individual LSM hooks (or syscalls), IPE covers operations. This means
+instead of sysadmins needing to know that the syscalls ``mmap``, ``mprotect``,
+``execve``, and ``uselib`` must have rules protecting them, they must simple know
+that they want to restrict code execution. This limits the amount of bypasses that
+could occur due to a lack of knowledge of the underlying system; whereas the
+maintainers of IPE, being kernel developers can make the correct choice to determine
+whether something maps to these operations, and under what conditions.
+
+Implementation Notes
+--------------------
+
+Anonymous Memory
+~~~~~~~~~~~~~~~~
+
+Anonymous memory isn't treated any differently from any other access in IPE.
+When anonymous memory is mapped with ``+X``, it still comes into the ``file_mmap``
+or ``file_mprotect`` hook, but with a ``NULL`` file object. This is submitted to
+the evaluation, like any other file, however, all current trust mechanisms will
+return false as there is nothing to evaluate. This means anonymous memory
+execution is subject to whatever the ``DEFAULT`` is for ``EXECUTE``.
+
+.. WARNING::
+
+ This also occurs with the ``kernel_load_data`` hook, which is used by signed
+ and compressed kernel modules. Using signed and compressed kernel modules with
+ IPE will always result in the ``DEFAULT`` action for ``KMODULE``.
+
+Securityfs Interface
+~~~~~~~~~~~~~~~~~~~~
+
+The per-policy securityfs tree is somewhat unique. For example, for
+a standard securityfs policy tree::
+
+ MyPolicy
+ |- active
+ |- delete
+ |- name
+ |- pkcs7
+ |- policy
+ |- update
+ |- version
+
+The policy is stored in the ``->i_private`` data of the MyPolicy inode.
+
+Tests
+-----
+
+IPE has KUnit Tests for the policy parser. Recommended kunitconfig::
+
+ CONFIG_KUNIT=y
+ CONFIG_SECURITY=y
+ CONFIG_SECURITYFS=y
+ CONFIG_PKCS7_MESSAGE_PARSER=y
+ CONFIG_SYSTEM_DATA_VERIFICATION=y
+ CONFIG_FS_VERITY=y
+ CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y
+ CONFIG_BLOCK=y
+ CONFIG_MD=y
+ CONFIG_BLK_DEV_DM=y
+ CONFIG_DM_VERITY=y
+ CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
+ CONFIG_NET=y
+ CONFIG_AUDIT=y
+ CONFIG_AUDITSYSCALL=y
+ CONFIG_BLK_DEV_INITRD=y
+
+ CONFIG_SECURITY_IPE=y
+ CONFIG_IPE_PROP_DM_VERITY=y
+ CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y
+ CONFIG_IPE_PROP_FS_VERITY=y
+ CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y
+ CONFIG_SECURITY_IPE_KUNIT_TEST=y
+
+In addition, IPE has a python based integration
+`test suite <https://github.com/microsoft/ipe/tree/test-suite>`_ that
+can test both user interfaces and enforcement functionalities.
--
2.44.0
From: Deven Bowers <[email protected]>
Allows author of IPE policy to indicate trust for a singular dm-verity
volume, identified by roothash, through "dmverity_roothash" and all
signed dm-verity volumes, through "dmverity_signature".
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ No Changes
v3:
+ No changes
v4:
+ No changes
v5:
+ No changes
v6:
+ Fix an improper cleanup that can result in
a leak
v7:
+ Squash patch 08/12, 10/12 to [11/16]
v8:
+ Undo squash of 08/12, 10/12 - separating drivers/md/ from security/
& block/
+ Use common-audit function for dmverity_signature.
+ Change implementation for storing the dm-verity digest to use the
newly introduced dm_verity_digest structure introduced in patch
14/20.
v9:
+ Adapt to the new parser
v10:
+ Select the Kconfig when all dependencies are enabled
v11:
+ No changes
v12:
+ Refactor to use struct digest_info* instead of void*
+ Correct audit format
v13:
+ Remove the CONFIG_IPE_PROP_DM_VERITY dependency inside the parser
to make the policy grammar independent of the kernel config.
v14:
+ No changes
v15:
+ Fix one grammar issue in KCONFIG
+ Switch to use security_bdev_setintegrity() hook
v16:
+ Refactor for enum integrity type
v17:
+ Add years to license header
+ Fix code and documentation style issues
+ Return -EINVAL in ipe_bdev_setintegrity when passed type is not
supported
+ Use new enum name LSM_INT_DMVERITY_SIG_VALID
v18:
+ Add Kconfig IPE_PROP_DM_VERITY_SIGNATURE and make both DM_VERITY
config auto-selected
---
security/ipe/Kconfig | 27 ++++++++
security/ipe/Makefile | 1 +
security/ipe/audit.c | 29 ++++++++-
security/ipe/digest.c | 118 +++++++++++++++++++++++++++++++++++
security/ipe/digest.h | 26 ++++++++
security/ipe/eval.c | 93 ++++++++++++++++++++++++++-
security/ipe/eval.h | 12 ++++
security/ipe/hooks.c | 91 +++++++++++++++++++++++++++
security/ipe/hooks.h | 8 +++
security/ipe/ipe.c | 15 +++++
security/ipe/ipe.h | 4 ++
security/ipe/policy.h | 3 +
security/ipe/policy_parser.c | 24 ++++++-
13 files changed, 447 insertions(+), 4 deletions(-)
create mode 100644 security/ipe/digest.c
create mode 100644 security/ipe/digest.h
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index ac4d558e69d5..8279dddf92ad 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -8,6 +8,8 @@ menuconfig SECURITY_IPE
depends on SECURITY && SECURITYFS && AUDIT && AUDITSYSCALL
select PKCS7_MESSAGE_PARSER
select SYSTEM_DATA_VERIFICATION
+ select IPE_PROP_DM_VERITY if DM_VERITY
+ select IPE_PROP_DM_VERITY_SIGNATURE if DM_VERITY && DM_VERITY_VERIFY_ROOTHASH_SIG
help
This option enables the Integrity Policy Enforcement LSM
allowing users to define a policy to enforce a trust-based access
@@ -15,3 +17,28 @@ menuconfig SECURITY_IPE
admins to reconfigure trust requirements on the fly.
If unsure, answer N.
+
+if SECURITY_IPE
+menu "IPE Trust Providers"
+
+config IPE_PROP_DM_VERITY
+ bool "Enable support for dm-verity based on root hash"
+ depends on DM_VERITY
+ help
+ This option enables the 'dmverity_roothash' property within IPE
+ policies. The property evaluates to TRUE when a file from a dm-verity
+ volume is evaluated, and the volume's root hash matches the value
+ supplied in the policy.
+
+config IPE_PROP_DM_VERITY_SIGNATURE
+ bool "Enable support for dm-verity based on root hash signature"
+ depends on DM_VERITY && DM_VERITY_VERIFY_ROOTHASH_SIG
+ help
+ This option enables the 'dmverity_signature' property within IPE
+ policies. The property evaluates to TRUE when a file from a dm-verity
+ volume, which has been mounted with a valid signed root hash,
+ is evaluated.
+
+endmenu
+
+endif
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index 62caccba14b4..e1019bb9f0f3 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -6,6 +6,7 @@
#
obj-$(CONFIG_SECURITY_IPE) += \
+ digest.o \
eval.o \
hooks.o \
fs.o \
diff --git a/security/ipe/audit.c b/security/ipe/audit.c
index a416291ba477..2c98520267c1 100644
--- a/security/ipe/audit.c
+++ b/security/ipe/audit.c
@@ -13,6 +13,7 @@
#include "hooks.h"
#include "policy.h"
#include "audit.h"
+#include "digest.h"
#define ACTSTR(x) ((x) == IPE_ACTION_ALLOW ? "ALLOW" : "DENY")
@@ -49,8 +50,22 @@ static const char *const audit_hook_names[__IPE_HOOK_MAX] = {
static const char *const audit_prop_names[__IPE_PROP_MAX] = {
"boot_verified=FALSE",
"boot_verified=TRUE",
+ "dmverity_roothash=",
+ "dmverity_signature=FALSE",
+ "dmverity_signature=TRUE",
};
+/**
+ * audit_dmv_roothash() - audit the roothash of a dmverity_roothash property.
+ * @ab: Supplies a pointer to the audit_buffer to append to.
+ * @rh: Supplies a pointer to the digest structure.
+ */
+static void audit_dmv_roothash(struct audit_buffer *ab, const void *rh)
+{
+ audit_log_format(ab, "%s", audit_prop_names[IPE_PROP_DMV_ROOTHASH]);
+ ipe_digest_audit(ab, rh);
+}
+
/**
* audit_rule() - audit an IPE policy rule.
* @ab: Supplies a pointer to the audit_buffer to append to.
@@ -62,8 +77,18 @@ static void audit_rule(struct audit_buffer *ab, const struct ipe_rule *r)
audit_log_format(ab, " rule=\"%s ", audit_op_names[r->op]);
- list_for_each_entry(ptr, &r->props, next)
- audit_log_format(ab, "%s ", audit_prop_names[ptr->type]);
+ list_for_each_entry(ptr, &r->props, next) {
+ switch (ptr->type) {
+ case IPE_PROP_DMV_ROOTHASH:
+ audit_dmv_roothash(ab, ptr->value);
+ break;
+ default:
+ audit_log_format(ab, "%s", audit_prop_names[ptr->type]);
+ break;
+ }
+
+ audit_log_format(ab, " ");
+ }
audit_log_format(ab, "action=%s\"", ACTSTR(r->action));
}
diff --git a/security/ipe/digest.c b/security/ipe/digest.c
new file mode 100644
index 000000000000..493716370570
--- /dev/null
+++ b/security/ipe/digest.c
@@ -0,0 +1,118 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#include "digest.h"
+
+/**
+ * ipe_digest_parse() - parse a digest in IPE's policy.
+ * @valstr: Supplies the string parsed from the policy.
+ *
+ * Digests in IPE are defined in a standard way:
+ * <alg_name>:<hex>
+ *
+ * Use this function to create a property to parse the digest
+ * consistently. The parsed digest will be saved in @value in IPE's
+ * policy.
+ *
+ * Return: The parsed digest_info structure on success. If an error occurs,
+ * the function will return the error value (via ERR_PTR).
+ */
+struct digest_info *ipe_digest_parse(const char *valstr)
+{
+ struct digest_info *info = NULL;
+ char *sep, *raw_digest;
+ size_t raw_digest_len;
+ u8 *digest = NULL;
+ char *alg = NULL;
+ int rc = 0;
+
+ info = kzalloc(sizeof(*info), GFP_KERNEL);
+ if (!info)
+ return ERR_PTR(-ENOMEM);
+
+ sep = strchr(valstr, ':');
+ if (!sep) {
+ rc = -EBADMSG;
+ goto err;
+ }
+
+ alg = kstrndup(valstr, sep - valstr, GFP_KERNEL);
+ if (!alg) {
+ rc = -ENOMEM;
+ goto err;
+ }
+
+ raw_digest = sep + 1;
+ raw_digest_len = strlen(raw_digest);
+
+ info->digest_len = (raw_digest_len + 1) / 2;
+ digest = kzalloc(info->digest_len, GFP_KERNEL);
+ if (!digest) {
+ rc = -ENOMEM;
+ goto err;
+ }
+
+ rc = hex2bin(digest, raw_digest, info->digest_len);
+ if (rc < 0) {
+ rc = -EINVAL;
+ goto err;
+ }
+
+ info->alg = alg;
+ info->digest = digest;
+ return info;
+
+err:
+ kfree(alg);
+ kfree(digest);
+ kfree(info);
+ return ERR_PTR(rc);
+}
+
+/**
+ * ipe_digest_eval() - evaluate an IPE digest against another digest.
+ * @expected: Supplies the policy-provided digest value.
+ * @digest: Supplies the digest to compare against the policy digest value.
+ *
+ * Return:
+ * * %true - digests match
+ * * %false - digests do not match
+ */
+bool ipe_digest_eval(const struct digest_info *expected,
+ const struct digest_info *digest)
+{
+ return (expected->digest_len == digest->digest_len) &&
+ (!strcmp(expected->alg, digest->alg)) &&
+ (!memcmp(expected->digest, digest->digest, expected->digest_len));
+}
+
+/**
+ * ipe_digest_free() - free an IPE digest.
+ * @info: Supplies a pointer the policy-provided digest to free.
+ */
+void ipe_digest_free(struct digest_info *info)
+{
+ if (IS_ERR_OR_NULL(info))
+ return;
+
+ kfree(info->alg);
+ kfree(info->digest);
+ kfree(info);
+}
+
+/**
+ * ipe_digest_audit() - audit a digest that was sourced from IPE's policy.
+ * @ab: Supplies the audit_buffer to append the formatted result.
+ * @info: Supplies a pointer to source the audit record from.
+ *
+ * Digests in IPE are audited in this format:
+ * <alg_name>:<hex>
+ */
+void ipe_digest_audit(struct audit_buffer *ab, const struct digest_info *info)
+{
+ audit_log_untrustedstring(ab, info->alg);
+ audit_log_format(ab, ":");
+ audit_log_n_hex(ab, info->digest, info->digest_len);
+}
diff --git a/security/ipe/digest.h b/security/ipe/digest.h
new file mode 100644
index 000000000000..52c9b3844a38
--- /dev/null
+++ b/security/ipe/digest.h
@@ -0,0 +1,26 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#ifndef _IPE_DIGEST_H
+#define _IPE_DIGEST_H
+
+#include <linux/types.h>
+#include <linux/audit.h>
+
+#include "policy.h"
+
+struct digest_info {
+ const char *alg;
+ const u8 *digest;
+ size_t digest_len;
+};
+
+struct digest_info *ipe_digest_parse(const char *valstr);
+void ipe_digest_free(struct digest_info *digest_info);
+void ipe_digest_audit(struct audit_buffer *ab, const struct digest_info *val);
+bool ipe_digest_eval(const struct digest_info *expected,
+ const struct digest_info *digest);
+
+#endif /* _IPE_DIGEST_H */
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index dd9064974be6..8f4f63088206 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -15,10 +15,12 @@
#include "eval.h"
#include "policy.h"
#include "audit.h"
+#include "digest.h"
struct ipe_policy __rcu *ipe_active_policy;
bool success_audit;
bool enforce = true;
+#define INO_BLOCK_DEV(ino) ((ino)->i_sb->s_bdev)
#define FILE_SUPERBLOCK(f) ((f)->f_path.mnt->mnt_sb)
@@ -32,6 +34,23 @@ static void build_ipe_sb_ctx(struct ipe_eval_ctx *ctx, const struct file *const
ctx->initramfs = ipe_sb(FILE_SUPERBLOCK(file))->initramfs;
}
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+/**
+ * build_ipe_bdev_ctx() - Build ipe_bdev field of an evaluation context.
+ * @ctx: Supplies a pointer to the context to be populated.
+ * @ino: Supplies the inode struct of the file triggered IPE event.
+ */
+static void build_ipe_bdev_ctx(struct ipe_eval_ctx *ctx, const struct inode *const ino)
+{
+ if (INO_BLOCK_DEV(ino))
+ ctx->ipe_bdev = ipe_bdev(INO_BLOCK_DEV(ino));
+}
+#else
+static void build_ipe_bdev_ctx(struct ipe_eval_ctx *ctx, const struct inode *const ino)
+{
+}
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
/**
* ipe_build_eval_ctx() - Build an ipe evaluation context.
* @ctx: Supplies a pointer to the context to be populated.
@@ -48,8 +67,10 @@ void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
ctx->op = op;
ctx->hook = hook;
- if (file)
+ if (file) {
build_ipe_sb_ctx(ctx, file);
+ build_ipe_bdev_ctx(ctx, d_real_inode(file->f_path.dentry));
+ }
}
/**
@@ -65,6 +86,70 @@ static bool evaluate_boot_verified(const struct ipe_eval_ctx *const ctx)
return ctx->initramfs;
}
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+/**
+ * evaluate_dmv_roothash() - Evaluate @ctx against a dmv roothash property.
+ * @ctx: Supplies a pointer to the context being evaluated.
+ * @p: Supplies a pointer to the property being evaluated.
+ *
+ * Return:
+ * * %true - The current @ctx match the @p
+ * * %false - The current @ctx doesn't match the @p
+ */
+static bool evaluate_dmv_roothash(const struct ipe_eval_ctx *const ctx,
+ struct ipe_prop *p)
+{
+ return !!ctx->ipe_bdev &&
+ !!ctx->ipe_bdev->root_hash &&
+ ipe_digest_eval(p->value,
+ ctx->ipe_bdev->root_hash);
+}
+#else
+static bool evaluate_dmv_roothash(const struct ipe_eval_ctx *const ctx,
+ struct ipe_prop *p)
+{
+ return false;
+}
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
+#ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
+/**
+ * evaluate_dmv_sig_false() - Evaluate @ctx against a dmv sig false property.
+ * @ctx: Supplies a pointer to the context being evaluated.
+ *
+ * Return:
+ * * %true - The current @ctx match the property
+ * * %false - The current @ctx doesn't match the property
+ */
+static bool evaluate_dmv_sig_false(const struct ipe_eval_ctx *const ctx)
+{
+ return !ctx->ipe_bdev || (!ctx->ipe_bdev->dm_verity_signed);
+}
+
+/**
+ * evaluate_dmv_sig_true() - Evaluate @ctx against a dmv sig true property.
+ * @ctx: Supplies a pointer to the context being evaluated.
+ *
+ * Return:
+ * * %true - The current @ctx match the property
+ * * %false - The current @ctx doesn't match the property
+ */
+static bool evaluate_dmv_sig_true(const struct ipe_eval_ctx *const ctx)
+{
+ return !evaluate_dmv_sig_false(ctx);
+}
+#else
+static bool evaluate_dmv_sig_false(const struct ipe_eval_ctx *const ctx)
+{
+ return false;
+}
+
+static bool evaluate_dmv_sig_true(const struct ipe_eval_ctx *const ctx)
+{
+ return false;
+}
+#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
+
/**
* evaluate_property() - Analyze @ctx against a rule property.
* @ctx: Supplies a pointer to the context to be evaluated.
@@ -85,6 +170,12 @@ static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
return !evaluate_boot_verified(ctx);
case IPE_PROP_BOOT_VERIFIED_TRUE:
return evaluate_boot_verified(ctx);
+ case IPE_PROP_DMV_ROOTHASH:
+ return evaluate_dmv_roothash(ctx, p);
+ case IPE_PROP_DMV_SIG_FALSE:
+ return evaluate_dmv_sig_false(ctx);
+ case IPE_PROP_DMV_SIG_TRUE:
+ return evaluate_dmv_sig_true(ctx);
default:
return false;
}
diff --git a/security/ipe/eval.h b/security/ipe/eval.h
index 80b74f55fa69..4901df0e1369 100644
--- a/security/ipe/eval.h
+++ b/security/ipe/eval.h
@@ -22,12 +22,24 @@ struct ipe_superblock {
bool initramfs;
};
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+struct ipe_bdev {
+#ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
+ bool dm_verity_signed;
+#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
+ struct digest_info *root_hash;
+};
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
struct ipe_eval_ctx {
enum ipe_op_type op;
enum ipe_hook_type hook;
const struct file *file;
bool initramfs;
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+ const struct ipe_bdev *ipe_bdev;
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
};
enum ipe_match {
diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
index b68719bf44fb..bc0a7268179d 100644
--- a/security/ipe/hooks.c
+++ b/security/ipe/hooks.c
@@ -8,10 +8,12 @@
#include <linux/types.h>
#include <linux/binfmts.h>
#include <linux/mman.h>
+#include <linux/blk_types.h>
#include "ipe.h"
#include "hooks.h"
#include "eval.h"
+#include "digest.h"
/**
* ipe_bprm_check_security() - ipe security hook function for bprm check.
@@ -191,3 +193,92 @@ void ipe_unpack_initramfs(void)
{
ipe_sb(current->fs->root.mnt->mnt_sb)->initramfs = true;
}
+
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+/**
+ * ipe_bdev_free_security() - Free IPE's LSM blob of block_devices.
+ * @bdev: Supplies a pointer to a block_device that contains the structure
+ * to free.
+ */
+void ipe_bdev_free_security(struct block_device *bdev)
+{
+ struct ipe_bdev *blob = ipe_bdev(bdev);
+
+ ipe_digest_free(blob->root_hash);
+}
+
+#ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
+static void ipe_set_dmverity_signature(struct ipe_bdev *blob,
+ const void *value,
+ size_t size)
+{
+ blob->dm_verity_signed = size > 0 && value;
+}
+#else
+static inline void ipe_set_dmverity_signature(struct ipe_bdev *blob,
+ const void *value,
+ size_t size)
+{
+}
+#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
+
+/**
+ * ipe_bdev_setintegrity() - Save integrity data from a bdev to IPE's LSM blob.
+ * @bdev: Supplies a pointer to a block_device that contains the LSM blob.
+ * @type: Supplies the integrity type.
+ * @value: Supplies the value to store.
+ * @size: The size of @value.
+ *
+ * This hook is currently used to save dm-verity's root hash or the existence
+ * of a validated signed dm-verity root hash into LSM blob.
+ *
+ * Return: %0 on success. If an error occurs, the function will return the
+ * -errno.
+ */
+int ipe_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type type,
+ const void *value, size_t size)
+{
+ const struct dm_verity_digest *digest = NULL;
+ struct ipe_bdev *blob = ipe_bdev(bdev);
+ struct digest_info *info = NULL;
+
+ if (type == LSM_INT_DMVERITY_ROOTHASH) {
+ if (!value) {
+ ipe_digest_free(blob->root_hash);
+ blob->root_hash = NULL;
+
+ return 0;
+ }
+ digest = value;
+
+ info = kzalloc(sizeof(*info), GFP_KERNEL);
+ if (!info)
+ return -ENOMEM;
+
+ info->digest = kmemdup(digest->digest, digest->digest_len,
+ GFP_KERNEL);
+ if (!info->digest)
+ goto dmv_roothash_err;
+
+ info->alg = kstrdup(digest->alg, GFP_KERNEL);
+ if (!info->alg)
+ goto dmv_roothash_err;
+
+ info->digest_len = digest->digest_len;
+
+ blob->root_hash = info;
+
+ return 0;
+dmv_roothash_err:
+ ipe_digest_free(info);
+
+ return -ENOMEM;
+ } else if (type == LSM_INT_DMVERITY_SIG_VALID) {
+ ipe_set_dmverity_signature(blob, value, size);
+
+ return 0;
+ }
+
+ return -EINVAL;
+}
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
diff --git a/security/ipe/hooks.h b/security/ipe/hooks.h
index f4f0b544ddcc..4d585fb6ada3 100644
--- a/security/ipe/hooks.h
+++ b/security/ipe/hooks.h
@@ -8,6 +8,7 @@
#include <linux/fs.h>
#include <linux/binfmts.h>
#include <linux/security.h>
+#include <linux/blk_types.h>
enum ipe_hook_type {
IPE_HOOK_BPRM_CHECK = 0,
@@ -35,4 +36,11 @@ int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents);
void ipe_unpack_initramfs(void);
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+void ipe_bdev_free_security(struct block_device *bdev);
+
+int ipe_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type type,
+ const void *value, size_t len);
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
#endif /* _IPE_HOOKS_H */
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 53f2196b9bcc..99cb42caa63a 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -7,11 +7,15 @@
#include "ipe.h"
#include "eval.h"
#include "hooks.h"
+#include "eval.h"
bool ipe_enabled;
static struct lsm_blob_sizes ipe_blobs __ro_after_init = {
.lbs_superblock = sizeof(struct ipe_superblock),
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+ .lbs_bdev = sizeof(struct ipe_bdev),
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
};
static const struct lsm_id ipe_lsmid = {
@@ -24,6 +28,13 @@ struct ipe_superblock *ipe_sb(const struct super_block *sb)
return sb->s_security + ipe_blobs.lbs_superblock;
}
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+struct ipe_bdev *ipe_bdev(struct block_device *b)
+{
+ return b->security + ipe_blobs.lbs_bdev;
+}
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
static struct security_hook_list ipe_hooks[] __ro_after_init = {
LSM_HOOK_INIT(bprm_check_security, ipe_bprm_check_security),
LSM_HOOK_INIT(mmap_file, ipe_mmap_file),
@@ -31,6 +42,10 @@ static struct security_hook_list ipe_hooks[] __ro_after_init = {
LSM_HOOK_INIT(kernel_read_file, ipe_kernel_read_file),
LSM_HOOK_INIT(kernel_load_data, ipe_kernel_load_data),
LSM_HOOK_INIT(initramfs_populated, ipe_unpack_initramfs),
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+ LSM_HOOK_INIT(bdev_free_security, ipe_bdev_free_security),
+ LSM_HOOK_INIT(bdev_setintegrity, ipe_bdev_setintegrity),
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
};
/**
diff --git a/security/ipe/ipe.h b/security/ipe/ipe.h
index 4aa18d1d0525..01f46286e383 100644
--- a/security/ipe/ipe.h
+++ b/security/ipe/ipe.h
@@ -16,4 +16,8 @@ struct ipe_superblock *ipe_sb(const struct super_block *sb);
extern bool ipe_enabled;
+#ifdef CONFIG_IPE_PROP_DM_VERITY
+struct ipe_bdev *ipe_bdev(struct block_device *b);
+#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
#endif /* _IPE_H */
diff --git a/security/ipe/policy.h b/security/ipe/policy.h
index ffd60cc7fda6..26776092c710 100644
--- a/security/ipe/policy.h
+++ b/security/ipe/policy.h
@@ -33,6 +33,9 @@ enum ipe_action_type {
enum ipe_prop_type {
IPE_PROP_BOOT_VERIFIED_FALSE,
IPE_PROP_BOOT_VERIFIED_TRUE,
+ IPE_PROP_DMV_ROOTHASH,
+ IPE_PROP_DMV_SIG_FALSE,
+ IPE_PROP_DMV_SIG_TRUE,
__IPE_PROP_MAX
};
diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c
index 84cc688be3a2..71c84b293029 100644
--- a/security/ipe/policy_parser.c
+++ b/security/ipe/policy_parser.c
@@ -11,6 +11,7 @@
#include "policy.h"
#include "policy_parser.h"
+#include "digest.h"
#define START_COMMENT '#'
#define IPE_POLICY_DELIM " \t"
@@ -221,6 +222,7 @@ static void free_rule(struct ipe_rule *r)
list_for_each_entry_safe(p, t, &r->props, next) {
list_del(&p->next);
+ ipe_digest_free(p->value);
kfree(p);
}
@@ -273,6 +275,9 @@ static enum ipe_action_type parse_action(char *t)
static const match_table_t property_tokens = {
{IPE_PROP_BOOT_VERIFIED_FALSE, "boot_verified=FALSE"},
{IPE_PROP_BOOT_VERIFIED_TRUE, "boot_verified=TRUE"},
+ {IPE_PROP_DMV_ROOTHASH, "dmverity_roothash=%s"},
+ {IPE_PROP_DMV_SIG_FALSE, "dmverity_signature=FALSE"},
+ {IPE_PROP_DMV_SIG_TRUE, "dmverity_signature=TRUE"},
{IPE_PROP_INVALID, NULL}
};
@@ -295,6 +300,7 @@ static int parse_property(char *t, struct ipe_rule *r)
struct ipe_prop *p = NULL;
int rc = 0;
int token;
+ char *dup = NULL;
p = kzalloc(sizeof(*p), GFP_KERNEL);
if (!p)
@@ -303,8 +309,22 @@ static int parse_property(char *t, struct ipe_rule *r)
token = match_token(t, property_tokens, args);
switch (token) {
+ case IPE_PROP_DMV_ROOTHASH:
+ dup = match_strdup(&args[0]);
+ if (!dup) {
+ rc = -ENOMEM;
+ goto err;
+ }
+ p->value = ipe_digest_parse(dup);
+ if (IS_ERR(p->value)) {
+ rc = PTR_ERR(p->value);
+ goto err;
+ }
+ fallthrough;
case IPE_PROP_BOOT_VERIFIED_FALSE:
case IPE_PROP_BOOT_VERIFIED_TRUE:
+ case IPE_PROP_DMV_SIG_FALSE:
+ case IPE_PROP_DMV_SIG_TRUE:
p->type = token;
break;
default:
@@ -315,10 +335,12 @@ static int parse_property(char *t, struct ipe_rule *r)
goto err;
list_add_tail(&p->next, &r->props);
+out:
+ kfree(dup);
return rc;
err:
kfree(p);
- return rc;
+ goto out;
}
/**
--
2.44.0
From: Deven Bowers <[email protected]>
Enables an IPE policy to be enforced from kernel start, enabling access
control based on trust from kernel startup. This is accomplished by
transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
c-string literal that is parsed at kernel startup as an unsigned policy.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ No Changes
v3:
+ No Changes
v4:
+ No Changes
v5:
+ No Changes
v6:
+ No Changes
v7:
+ Move from 01/11 to 14/16
+ Don't return errno directly.
+ Make output of script more user-friendly
+ Add escaping for tab and '?'
+ Mark argv pointer const
+ Invert return code check in the boot policy parsing code path.
v8:
+ No significant changes.
v9:
+ No changes
v10:
+ Update the init part code for rcu changes in the eval loop patch
v11:
+ Fix code style issues
v12:
+ No changes
v13:
+ No changes
v14:
+ No changes
v15:
+ Fix one grammar issue in Kconfig
v16:
+ No changes
v17:
+ Add years to license header
+ Fix code and documentation style issues
v18:
+ No changes
---
scripts/Makefile | 1 +
scripts/ipe/Makefile | 2 +
scripts/ipe/polgen/.gitignore | 2 +
scripts/ipe/polgen/Makefile | 5 ++
scripts/ipe/polgen/polgen.c | 145 ++++++++++++++++++++++++++++++++++
security/ipe/.gitignore | 2 +
security/ipe/Kconfig | 10 +++
security/ipe/Makefile | 11 +++
security/ipe/fs.c | 8 ++
security/ipe/ipe.c | 12 +++
10 files changed, 198 insertions(+)
create mode 100644 scripts/ipe/Makefile
create mode 100644 scripts/ipe/polgen/.gitignore
create mode 100644 scripts/ipe/polgen/Makefile
create mode 100644 scripts/ipe/polgen/polgen.c
create mode 100644 security/ipe/.gitignore
diff --git a/scripts/Makefile b/scripts/Makefile
index bc90520a5426..cae8a14fa40d 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -55,6 +55,7 @@ targets += module.lds
subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
subdir-$(CONFIG_MODVERSIONS) += genksyms
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+subdir-$(CONFIG_SECURITY_IPE) += ipe
# Let clean descend into subdirs
subdir- += basic dtc gdb kconfig mod
diff --git a/scripts/ipe/Makefile b/scripts/ipe/Makefile
new file mode 100644
index 000000000000..e87553fbb8d6
--- /dev/null
+++ b/scripts/ipe/Makefile
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0-only
+subdir-y := polgen
diff --git a/scripts/ipe/polgen/.gitignore b/scripts/ipe/polgen/.gitignore
new file mode 100644
index 000000000000..b6f05cf3dc0e
--- /dev/null
+++ b/scripts/ipe/polgen/.gitignore
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0-only
+polgen
diff --git a/scripts/ipe/polgen/Makefile b/scripts/ipe/polgen/Makefile
new file mode 100644
index 000000000000..c20456a2f2e9
--- /dev/null
+++ b/scripts/ipe/polgen/Makefile
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0
+hostprogs-always-y := polgen
+HOST_EXTRACFLAGS += \
+ -I$(srctree)/include \
+ -I$(srctree)/include/uapi \
diff --git a/scripts/ipe/polgen/polgen.c b/scripts/ipe/polgen/polgen.c
new file mode 100644
index 000000000000..c6283b3ff006
--- /dev/null
+++ b/scripts/ipe/polgen/polgen.c
@@ -0,0 +1,145 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+
+static void usage(const char *const name)
+{
+ printf("Usage: %s OutputFile (PolicyFile)\n", name);
+ exit(EINVAL);
+}
+
+static int policy_to_buffer(const char *pathname, char **buffer, size_t *size)
+{
+ size_t fsize;
+ size_t read;
+ char *lbuf;
+ int rc = 0;
+ FILE *fd;
+
+ fd = fopen(pathname, "r");
+ if (!fd) {
+ rc = errno;
+ goto out;
+ }
+
+ fseek(fd, 0, SEEK_END);
+ fsize = ftell(fd);
+ rewind(fd);
+
+ lbuf = malloc(fsize);
+ if (!lbuf) {
+ rc = ENOMEM;
+ goto out_close;
+ }
+
+ read = fread((void *)lbuf, sizeof(*lbuf), fsize, fd);
+ if (read != fsize) {
+ rc = -1;
+ goto out_free;
+ }
+
+ *buffer = lbuf;
+ *size = fsize;
+ fclose(fd);
+
+ return rc;
+
+out_free:
+ free(lbuf);
+out_close:
+ fclose(fd);
+out:
+ return rc;
+}
+
+static int write_boot_policy(const char *pathname, const char *buf, size_t size)
+{
+ int rc = 0;
+ FILE *fd;
+ size_t i;
+
+ fd = fopen(pathname, "w");
+ if (!fd) {
+ rc = errno;
+ goto err;
+ }
+
+ fprintf(fd, "/* This file is automatically generated.");
+ fprintf(fd, " Do not edit. */\n");
+ fprintf(fd, "#include <linux/stddef.h>\n");
+ fprintf(fd, "\nextern const char *const ipe_boot_policy;\n\n");
+ fprintf(fd, "const char *const ipe_boot_policy =\n");
+
+ if (!buf || size == 0) {
+ fprintf(fd, "\tNULL;\n");
+ fclose(fd);
+ return 0;
+ }
+
+ fprintf(fd, "\t\"");
+
+ for (i = 0; i < size; ++i) {
+ switch (buf[i]) {
+ case '"':
+ fprintf(fd, "\\\"");
+ break;
+ case '\'':
+ fprintf(fd, "'");
+ break;
+ case '\n':
+ fprintf(fd, "\\n\"\n\t\"");
+ break;
+ case '\\':
+ fprintf(fd, "\\\\");
+ break;
+ case '\t':
+ fprintf(fd, "\\t");
+ break;
+ case '\?':
+ fprintf(fd, "\\?");
+ break;
+ default:
+ fprintf(fd, "%c", buf[i]);
+ }
+ }
+ fprintf(fd, "\";\n");
+ fclose(fd);
+
+ return 0;
+
+err:
+ if (fd)
+ fclose(fd);
+ return rc;
+}
+
+int main(int argc, const char *const argv[])
+{
+ char *policy = NULL;
+ size_t len = 0;
+ int rc = 0;
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ if (argc > 2) {
+ rc = policy_to_buffer(argv[2], &policy, &len);
+ if (rc != 0)
+ goto cleanup;
+ }
+
+ rc = write_boot_policy(argv[1], policy, len);
+cleanup:
+ if (policy)
+ free(policy);
+ if (rc != 0)
+ perror("An error occurred during policy conversion: ");
+ return rc;
+}
diff --git a/security/ipe/.gitignore b/security/ipe/.gitignore
new file mode 100644
index 000000000000..07313d3fd74a
--- /dev/null
+++ b/security/ipe/.gitignore
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0-only
+boot-policy.c
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index 839d63698841..7a82778f93ae 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -21,6 +21,16 @@ menuconfig SECURITY_IPE
If unsure, answer N.
if SECURITY_IPE
+config IPE_BOOT_POLICY
+ string "Integrity policy to apply on system startup"
+ help
+ This option specifies a filepath to an IPE policy that is compiled
+ into the kernel. This policy will be enforced until a policy update
+ is deployed via the $securityfs/ipe/policies/$policy_name/active
+ interface.
+
+ If unsure, leave blank.
+
menu "IPE Trust Providers"
config IPE_PROP_DM_VERITY
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index e1019bb9f0f3..84ad76556170 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -5,7 +5,16 @@
# Makefile for building the IPE module as part of the kernel tree.
#
+quiet_cmd_polgen = IPE_POL $(2)
+ cmd_polgen = scripts/ipe/polgen/polgen security/ipe/boot-policy.c $(2)
+
+targets += boot-policy.c
+
+$(obj)/boot-policy.c: scripts/ipe/polgen/polgen $(CONFIG_IPE_BOOT_POLICY) FORCE
+ $(call if_changed,polgen,$(CONFIG_IPE_BOOT_POLICY))
+
obj-$(CONFIG_SECURITY_IPE) += \
+ boot-policy.o \
digest.o \
eval.o \
hooks.o \
@@ -15,3 +24,5 @@ obj-$(CONFIG_SECURITY_IPE) += \
policy_fs.o \
policy_parser.o \
audit.o \
+
+clean-files := boot-policy.c \
diff --git a/security/ipe/fs.c b/security/ipe/fs.c
index b52fb6023904..5b6d19fb844a 100644
--- a/security/ipe/fs.c
+++ b/security/ipe/fs.c
@@ -190,6 +190,7 @@ static const struct file_operations enforce_fops = {
static int __init ipe_init_securityfs(void)
{
int rc = 0;
+ struct ipe_policy *ap;
if (!ipe_enabled)
return -EOPNOTSUPP;
@@ -220,6 +221,13 @@ static int __init ipe_init_securityfs(void)
goto err;
}
+ ap = rcu_access_pointer(ipe_active_policy);
+ if (ap) {
+ rc = ipe_new_policyfs_node(ap);
+ if (rc)
+ goto err;
+ }
+
np = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops);
if (IS_ERR(np)) {
rc = PTR_ERR(np);
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index da79f66b0010..5e993cbf3428 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -9,6 +9,7 @@
#include "hooks.h"
#include "eval.h"
+extern const char *const ipe_boot_policy;
bool ipe_enabled;
static struct lsm_blob_sizes ipe_blobs __ro_after_init = {
@@ -74,9 +75,20 @@ static struct security_hook_list ipe_hooks[] __ro_after_init = {
*/
static int __init ipe_init(void)
{
+ struct ipe_policy *p = NULL;
+
security_add_hooks(ipe_hooks, ARRAY_SIZE(ipe_hooks), &ipe_lsmid);
ipe_enabled = true;
+ if (ipe_boot_policy) {
+ p = ipe_new_policy(ipe_boot_policy, strlen(ipe_boot_policy),
+ NULL, 0);
+ if (IS_ERR(p))
+ return PTR_ERR(p);
+
+ rcu_assign_pointer(ipe_active_policy, p);
+ }
+
return 0;
}
--
2.44.0
This patch introduces a new hook to save inode's integrity
data. For example, for fsverity enabled files, LSMs can use this hook to
save the verified fsverity builtin signature into the inode's security
blob, and LSMs can make access decisions based on the data inside
the signature, like the signer certificate.
Signed-off-by: Fan Wu <[email protected]>
--
v1-v14:
+ Not present
v15:
+ Introduced
v16:
+ Switch to call_int_hook()
v17:
+ Fix a typo
v18:
+ No changes
---
include/linux/lsm_hook_defs.h | 2 ++
include/linux/security.h | 10 ++++++++++
security/security.c | 20 ++++++++++++++++++++
3 files changed, 32 insertions(+)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index b391a7f13053..6f746dfdb28b 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -177,6 +177,8 @@ LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer,
LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid)
LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new)
LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name)
+LSM_HOOK(int, 0, inode_setintegrity, struct inode *inode,
+ enum lsm_integrity_type type, const void *value, size_t size)
LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,
struct kernfs_node *kn)
LSM_HOOK(int, 0, file_permission, struct file *file, int mask)
diff --git a/include/linux/security.h b/include/linux/security.h
index d2ddd7c63b62..568d96012a48 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -410,6 +410,9 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
void security_inode_getsecid(struct inode *inode, u32 *secid);
int security_inode_copy_up(struct dentry *src, struct cred **new);
int security_inode_copy_up_xattr(const char *name);
+int security_inode_setintegrity(struct inode *inode,
+ enum lsm_integrity_type type, const void *value,
+ size_t size);
int security_kernfs_init_security(struct kernfs_node *kn_dir,
struct kernfs_node *kn);
int security_file_permission(struct file *file, int mask);
@@ -1026,6 +1029,13 @@ static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
return 0;
}
+static inline int security_inode_setintegrity(struct inode *inode,
+ enum lsm_integrity_type type,
+ const void *value, size_t size)
+{
+ return 0;
+}
+
static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
struct kernfs_node *kn)
{
diff --git a/security/security.c b/security/security.c
index 3a7724c3dd76..2c20635a589b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2681,6 +2681,26 @@ int security_inode_copy_up_xattr(const char *name)
}
EXPORT_SYMBOL(security_inode_copy_up_xattr);
+/**
+ * security_inode_setintegrity() - Set the inode's integrity data
+ * @inode: inode
+ * @type: type of integrity, e.g. hash digest, signature, etc
+ * @value: the integrity value
+ * @size: size of the integrity value
+ *
+ * Register a verified integrity measurement of a inode with LSMs.
+ * LSMs should free the previously saved data if @value is NULL.
+ *
+ * Return: Returns 0 on success, negative values on failure.
+ */
+int security_inode_setintegrity(struct inode *inode,
+ enum lsm_integrity_type type, const void *value,
+ size_t size)
+{
+ return call_int_hook(inode_setintegrity, inode, type, value, size);
+}
+EXPORT_SYMBOL(security_inode_setintegrity);
+
/**
* security_kernfs_init_security() - Init LSM context for a kernfs node
* @kn_dir: parent kernfs node
--
2.44.0
From: Deven Bowers <[email protected]>
dm-verity provides a strong guarantee of a block device's integrity. As
a generic way to check the integrity of a block device, it provides
those integrity guarantees to its higher layers, including the filesystem
level.
An LSM that control access to a resource on the system based on the
available integrity claims can use this transitive property of
dm-verity, by querying the underlying block_device of a particular
file.
The digest and signature information need to be stored in the block
device to fulfill the next requirement of authorization via LSM policy.
This will enable the LSM to perform revocation of devices that are still
mounted, prohibiting execution of files that are no longer authorized
by the LSM in question.
This patch adds two security hook calls in dm-verity to expose the
dm-verity roothash and the roothash signature to LSMs. The hook calls
are depended on CONFIG_SECURITY.
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v2:
+ No Changes
v3:
+ No changes
v4:
+ No changes
v5:
+ No changes
v6:
+ Fix an improper cleanup that can result in
a leak
v7:
+ Squash patch 08/12, 10/12 to [11/16]
+ Use part0 for block_device, to retrieve the block_device, when
calling security_bdev_setsecurity
v8:
+ Undo squash of 08/12, 10/12 - separating drivers/md/ from
security/ & block/
+ Use common-audit function for dmverity_signature.
+ Change implementation for storing the dm-verity digest to use the
newly introduced dm_verity_digest structure introduced in patch
14/20.
+ Create new structure, dm_verity_digest, containing digest algorithm,
size, and digest itself to pass to the LSM layer. V7 was missing the
algorithm.
+ Create an associated public header containing this new structure and
the key values for the LSM hook, specific to dm-verity.
+ Additional information added to commit, discussing the layering of
the changes and how the information passed will be used.
v9:
+ No changes
v10:
+ No changes
v11:
+ Add an optional field to save signature
+ Move the security hook call to the new finalize hook
v12:
+ No changes
v13:
+ No changes
v14:
+ Correct code format
+ Remove unnecessary header and switch to dm_disk()
v15:
+ Refactor security_bdev_setsecurity() to security_bdev_setintegrity()
+ Remove unnecessary headers
v16:
+ Use kmemdup to duplicate signature
+ Clean up lsm blob data in error case
v17:
+ Switch to depend on CONFIG_SECURITY
+ Use new enum name LSM_INT_DMVERITY_SIG_VALID
v18:
+ Amend commit title
+ Fix incorrect error handling
+ Make signature exposure depends on CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
+ Fix inaccurate comment
+ Remove include/linux/dm-verity.h
+ use crypto_ahash_alg_name(v->tfm) instead of v->alg_name
---
drivers/md/dm-verity-target.c | 100 ++++++++++++++++++++++++++++++++++
drivers/md/dm-verity.h | 6 ++
include/linux/security.h | 9 ++-
3 files changed, 114 insertions(+), 1 deletion(-)
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index bb5da66da4c1..3afab8f2c509 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -22,6 +22,7 @@
#include <linux/scatterlist.h>
#include <linux/string.h>
#include <linux/jump_label.h>
+#include <linux/security.h>
#define DM_MSG_PREFIX "verity"
@@ -1017,6 +1018,38 @@ static void verity_io_hints(struct dm_target *ti, struct queue_limits *limits)
blk_limits_io_min(limits, limits->logical_block_size);
}
+#ifdef CONFIG_SECURITY
+
+static int verity_init_sig(struct dm_verity *v, const void *sig,
+ size_t sig_size)
+{
+ v->sig_size = sig_size;
+ v->root_digest_sig = kmemdup(sig, v->sig_size, GFP_KERNEL);
+ if (!v->root_digest_sig)
+ return -ENOMEM;
+
+ return 0;
+}
+
+static void verity_free_sig(struct dm_verity *v)
+{
+ kfree(v->root_digest_sig);
+}
+
+#else
+
+static inline int verity_init_sig(struct dm_verity *v, const void *sig,
+ size_t sig_size)
+{
+ return 0;
+}
+
+static inline void verity_free_sig(struct dm_verity *v)
+{
+}
+
+#endif /* CONFIG_SECURITY */
+
static void verity_dtr(struct dm_target *ti)
{
struct dm_verity *v = ti->private;
@@ -1035,6 +1068,7 @@ static void verity_dtr(struct dm_target *ti)
kfree(v->salt);
kfree(v->root_digest);
kfree(v->zero_digest);
+ verity_free_sig(v);
if (v->tfm)
crypto_free_ahash(v->tfm);
@@ -1434,6 +1468,13 @@ static int verity_ctr(struct dm_target *ti, unsigned int argc, char **argv)
ti->error = "Root hash verification failed";
goto bad;
}
+
+ r = verity_init_sig(v, verify_args.sig, verify_args.sig_size);
+ if (r < 0) {
+ ti->error = "Cannot allocate root digest signature";
+ goto bad;
+ }
+
v->hash_per_block_bits =
__fls((1 << v->hash_dev_block_bits) / v->digest_size);
@@ -1584,6 +1625,62 @@ int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned i
return 0;
}
+#ifdef CONFIG_SECURITY
+
+#ifdef CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
+
+static int verity_security_set_signature(struct block_device *bdev,
+ struct dm_verity *v)
+{
+ return security_bdev_setintegrity(bdev,
+ LSM_INT_DMVERITY_SIG_VALID,
+ v->root_digest_sig,
+ v->sig_size);
+}
+
+#else
+
+static inline int verity_security_set_signature(struct block_device *bdev,
+ struct dm_verity *v)
+{
+ return 0;
+}
+
+#endif /* CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG */
+
+static int verity_finalize(struct dm_target *ti)
+{
+ struct block_device *bdev;
+ struct dm_verity_digest root_digest;
+ struct dm_verity *v;
+ int r;
+
+ v = ti->private;
+ bdev = dm_disk(dm_table_get_md(ti->table))->part0;
+ root_digest.digest = v->root_digest;
+ root_digest.digest_len = v->digest_size;
+ root_digest.alg = crypto_ahash_alg_name(v->tfm);
+
+ r = security_bdev_setintegrity(bdev, LSM_INT_DMVERITY_ROOTHASH, &root_digest,
+ sizeof(root_digest));
+ if (r)
+ return r;
+
+ r = verity_security_set_signature(bdev, v);
+ if (r)
+ goto bad;
+
+ return 0;
+
+bad:
+
+ security_bdev_setintegrity(bdev, LSM_INT_DMVERITY_ROOTHASH, NULL, 0);
+
+ return r;
+}
+
+#endif /* CONFIG_SECURITY */
+
static struct target_type verity_target = {
.name = "verity",
.features = DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE,
@@ -1596,6 +1693,9 @@ static struct target_type verity_target = {
.prepare_ioctl = verity_prepare_ioctl,
.iterate_devices = verity_iterate_devices,
.io_hints = verity_io_hints,
+#ifdef CONFIG_SECURITY
+ .finalize = verity_finalize,
+#endif /* CONFIG_SECURITY */
};
module_dm(verity);
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
index 20b1bcf03474..2de89e0d555b 100644
--- a/drivers/md/dm-verity.h
+++ b/drivers/md/dm-verity.h
@@ -43,6 +43,9 @@ struct dm_verity {
u8 *root_digest; /* digest of the root block */
u8 *salt; /* salt: its size is salt_size */
u8 *zero_digest; /* digest for a zero block */
+#ifdef CONFIG_SECURITY
+ u8 *root_digest_sig; /* signature of the root digest */
+#endif /* CONFIG_SECURITY */
unsigned int salt_size;
sector_t data_start; /* data offset in 512-byte sectors */
sector_t hash_start; /* hash start in blocks */
@@ -56,6 +59,9 @@ struct dm_verity {
bool hash_failed:1; /* set if hash of any block failed */
bool use_bh_wq:1; /* try to verify in BH wq before normal work-queue */
unsigned int digest_size; /* digest size for the current hash algorithm */
+#ifdef CONFIG_SECURITY
+ unsigned int sig_size; /* root digest signature size */
+#endif /* CONFIG_SECURITY */
unsigned int ahash_reqsize;/* the size of temporary space for crypto */
enum verity_mode mode; /* mode for handling verification errors */
unsigned int corrupted_errs;/* Number of errors for corrupted blocks */
diff --git a/include/linux/security.h b/include/linux/security.h
index ac0985641611..d2ddd7c63b62 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -83,8 +83,15 @@ enum lsm_event {
LSM_POLICY_CHANGE,
};
+struct dm_verity_digest {
+ const char *alg;
+ const u8 *digest;
+ size_t digest_len;
+};
+
enum lsm_integrity_type {
- __LSM_INT_MAX
+ LSM_INT_DMVERITY_SIG_VALID,
+ LSM_INT_DMVERITY_ROOTHASH,
};
/*
--
2.44.0
From: Deven Bowers <[email protected]>
Add various happy/unhappy unit tests for both IPE's policy parser.
Besides, a test suite for IPE functionality is available at
https://github.com/microsoft/ipe/tree/test-suite
Signed-off-by: Deven Bowers <[email protected]>
Signed-off-by: Fan Wu <[email protected]>
---
v1-v6:
+ Not present
v7:
Introduced
v8:
+ Remove the kunit tests with respect to the fsverity digest, as these
require significant changes to work with the new method of acquiring
the digest at runtime.
v9:
+ Remove the kunit tests related to ipe_context
v10:
+ No changes
v11:
+ No changes
v12:
+ No changes
v13:
+ No changes
v14:
+ No changes
v15:
+ No changes
v16:
+ No changes
v17:
+ Add years to license header
+ Fix code and documentation style issues
v18:
+ No changes
---
security/ipe/Kconfig | 17 +++
security/ipe/Makefile | 3 +
security/ipe/policy_tests.c | 296 ++++++++++++++++++++++++++++++++++++
3 files changed, 316 insertions(+)
create mode 100644 security/ipe/policy_tests.c
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index 7a82778f93ae..6c4677d1880e 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -76,4 +76,21 @@ config IPE_PROP_FS_VERITY_BUILTIN_SIG
endmenu
+config SECURITY_IPE_KUNIT_TEST
+ bool "Build KUnit tests for IPE" if !KUNIT_ALL_TESTS
+ depends on KUNIT=y
+ default KUNIT_ALL_TESTS
+ help
+ This builds the IPE KUnit tests.
+
+ KUnit tests run during boot and output the results to the debug log
+ in TAP format (https://testanything.org/). Only useful for kernel devs
+ running KUnit test harness and are not for inclusion into a
+ production build.
+
+ For more information on KUnit and unit tests in general please refer
+ to the KUnit documentation in Documentation/dev-tools/kunit/.
+
+ If unsure, say N.
+
endif
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index 84ad76556170..5125b8357e2f 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -26,3 +26,6 @@ obj-$(CONFIG_SECURITY_IPE) += \
audit.o \
clean-files := boot-policy.c \
+
+obj-$(CONFIG_SECURITY_IPE_KUNIT_TEST) += \
+ policy_tests.o \
diff --git a/security/ipe/policy_tests.c b/security/ipe/policy_tests.c
new file mode 100644
index 000000000000..89521f6b9994
--- /dev/null
+++ b/security/ipe/policy_tests.c
@@ -0,0 +1,296 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
+ */
+
+#include <linux/slab.h>
+#include <linux/types.h>
+#include <linux/list.h>
+#include <kunit/test.h>
+#include "policy.h"
+struct policy_case {
+ const char *const policy;
+ int errno;
+ const char *const desc;
+};
+
+static const struct policy_case policy_cases[] = {
+ {
+ "policy_name=allowall policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW",
+ 0,
+ "basic",
+ },
+ {
+ "policy_name=trailing_comment policy_version=152.0.0 #This is comment\n"
+ "DEFAULT action=ALLOW",
+ 0,
+ "trailing comment",
+ },
+ {
+ "policy_name=allowallnewline policy_version=0.2.0\n"
+ "DEFAULT action=ALLOW\n"
+ "\n",
+ 0,
+ "trailing newline",
+ },
+ {
+ "policy_name=carriagereturnlinefeed policy_version=0.0.1\n"
+ "DEFAULT action=ALLOW\n"
+ "\r\n",
+ 0,
+ "clrf newline",
+ },
+ {
+ "policy_name=whitespace policy_version=0.0.0\n"
+ "DEFAULT\taction=ALLOW\n"
+ " \t DEFAULT \t op=EXECUTE action=DENY\n"
+ "op=EXECUTE boot_verified=TRUE action=ALLOW\n"
+ "# this is a\tcomment\t\t\t\t\n"
+ "DEFAULT \t op=KMODULE\t\t\t action=DENY\r\n"
+ "op=KMODULE boot_verified=TRUE action=ALLOW\n",
+ 0,
+ "various whitespaces and nested default",
+ },
+ {
+ "policy_name=boot_verified policy_version=-1236.0.0\n"
+ "DEFAULT\taction=ALLOW\n",
+ -EINVAL,
+ "negative version",
+ },
+ {
+ "policy_name=$@!*&^%%\\:;{}() policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW",
+ 0,
+ "special characters",
+ },
+ {
+ "policy_name=test policy_version=999999.0.0\n"
+ "DEFAULT action=ALLOW",
+ -ERANGE,
+ "overflow version",
+ },
+ {
+ "policy_name=test policy_version=255.0\n"
+ "DEFAULT action=ALLOW",
+ -EBADMSG,
+ "incomplete version",
+ },
+ {
+ "policy_name=test policy_version=111.0.0.0\n"
+ "DEFAULT action=ALLOW",
+ -EBADMSG,
+ "extra version",
+ },
+ {
+ "",
+ -EBADMSG,
+ "0-length policy",
+ },
+ {
+ "policy_name=test\0policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW",
+ -EBADMSG,
+ "random null in header",
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "\0DEFAULT action=ALLOW",
+ -EBADMSG,
+ "incomplete policy from NULL",
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=DENY\n\0"
+ "op=EXECUTE dmverity_signature=TRUE action=ALLOW\n",
+ 0,
+ "NULL truncates policy",
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "op=EXECUTE dmverity_signature=abc action=ALLOW",
+ -EBADMSG,
+ "invalid property type",
+ },
+ {
+ "DEFAULT action=ALLOW",
+ -EBADMSG,
+ "missing policy header",
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n",
+ -EBADMSG,
+ "missing default definition",
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "dmverity_signature=TRUE op=EXECUTE action=ALLOW",
+ -EBADMSG,
+ "invalid rule ordering"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "action=ALLOW op=EXECUTE dmverity_signature=TRUE",
+ -EBADMSG,
+ "invalid rule ordering (2)",
+ },
+ {
+ "policy_name=test policy_version=0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "op=EXECUTE dmverity_signature=TRUE action=ALLOW",
+ -EBADMSG,
+ "invalid version",
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "op=UNKNOWN dmverity_signature=TRUE action=ALLOW",
+ -EBADMSG,
+ "unknown operation",
+ },
+ {
+ "policy_name=asdvpolicy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n",
+ -EBADMSG,
+ "missing space after policy name",
+ },
+ {
+ "policy_name=test\xFF\xEF policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "op=EXECUTE dmverity_signature=TRUE action=ALLOW",
+ 0,
+ "expanded ascii",
+ },
+ {
+ "policy_name=test\xFF\xEF policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "op=EXECUTE dmverity_roothash=GOOD_DOG action=ALLOW",
+ -EBADMSG,
+ "invalid property value (2)",
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "policy_name=test policy_version=0.1.0\n"
+ "DEFAULT action=ALLOW",
+ -EBADMSG,
+ "double header"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "DEFAULT action=ALLOW\n",
+ -EBADMSG,
+ "double default"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "DEFAULT op=EXECUTE action=DENY\n"
+ "DEFAULT op=EXECUTE action=ALLOW\n",
+ -EBADMSG,
+ "double operation default"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "DEFAULT op=EXECUTE action=DEN\n",
+ -EBADMSG,
+ "invalid action value"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "DEFAULT op=EXECUTE action\n",
+ -EBADMSG,
+ "invalid action value (2)"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "UNKNOWN value=true\n",
+ -EBADMSG,
+ "unrecognized statement"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "op=EXECUTE dmverity_roothash=1c0d7ee1f8343b7fbe418378e8eb22c061d7dec7 action=DENY\n",
+ -EBADMSG,
+ "old-style digest"
+ },
+ {
+ "policy_name=test policy_version=0.0.0\n"
+ "DEFAULT action=ALLOW\n"
+ "op=EXECUTE fsverity_digest=1c0d7ee1f8343b7fbe418378e8eb22c061d7dec7 action=DENY\n",
+ -EBADMSG,
+ "old-style digest"
+ }
+};
+
+static void pol_to_desc(const struct policy_case *c, char *desc)
+{
+ strscpy(desc, c->desc, KUNIT_PARAM_DESC_SIZE);
+}
+
+KUNIT_ARRAY_PARAM(ipe_policies, policy_cases, pol_to_desc);
+
+/**
+ * ipe_parser_unsigned_test - Test the parser by passing unsigned policies.
+ * @test: Supplies a pointer to a kunit structure.
+ *
+ * This is called by the kunit harness. This test does not check the correctness
+ * of the policy, but ensures that errors are handled correctly.
+ */
+static void ipe_parser_unsigned_test(struct kunit *test)
+{
+ const struct policy_case *p = test->param_value;
+ struct ipe_policy *pol;
+
+ pol = ipe_new_policy(p->policy, strlen(p->policy), NULL, 0);
+
+ if (p->errno) {
+ KUNIT_EXPECT_EQ(test, PTR_ERR(pol), p->errno);
+ return;
+ }
+
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, pol);
+ KUNIT_EXPECT_NOT_ERR_OR_NULL(test, pol->parsed);
+ KUNIT_EXPECT_STREQ(test, pol->text, p->policy);
+ KUNIT_EXPECT_PTR_EQ(test, NULL, pol->pkcs7);
+ KUNIT_EXPECT_EQ(test, 0, pol->pkcs7len);
+
+ ipe_free_policy(pol);
+}
+
+/**
+ * ipe_parser_widestring_test - Ensure parser fail on a wide string policy.
+ * @test: Supplies a pointer to a kunit structure.
+ *
+ * This is called by the kunit harness.
+ */
+static void ipe_parser_widestring_test(struct kunit *test)
+{
+ const unsigned short policy[] = L"policy_name=Test policy_version=0.0.0\n"
+ L"DEFAULT action=ALLOW";
+ struct ipe_policy *pol = NULL;
+
+ pol = ipe_new_policy((const char *)policy, (ARRAY_SIZE(policy) - 1) * 2, NULL, 0);
+ KUNIT_EXPECT_TRUE(test, IS_ERR_OR_NULL(pol));
+
+ ipe_free_policy(pol);
+}
+
+static struct kunit_case ipe_parser_test_cases[] = {
+ KUNIT_CASE_PARAM(ipe_parser_unsigned_test, ipe_policies_gen_params),
+ KUNIT_CASE(ipe_parser_widestring_test),
+};
+
+static struct kunit_suite ipe_parser_test_suite = {
+ .name = "ipe-parser",
+ .test_cases = ipe_parser_test_cases,
+};
+
+kunit_test_suite(ipe_parser_test_suite);
--
2.44.0
On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
> +IPE does not mitigate threats arising from malicious but authorized
> +developers (with access to a signing certificate), or compromised
> +developer tools used by them (i.e. return-oriented programming attacks).
> +Additionally, IPE draws hard security boundary between userspace and
> +kernelspace. As a result, IPE does not provide any protections against a
> +kernel level exploit, and a kernel-level exploit can disable or tamper
> +with IPE's protections.
So how to mitigate kernel-level exploits then?
> +Allow only initramfs
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> <snipped>...
> +Allow any signed and validated dm-verity volume and the initramfs
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> <snipped>...
htmldocs build reports new warnings:
Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
Allow any signed and validated dm-verity volume and the initramfs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
Allow any signed and validated dm-verity volume and the initramfs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.
I have to match these sections underline length:
---- >8 ----
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
index 1a3bf1d8aa23f0..a47e14e024a90d 100644
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -681,7 +681,7 @@ Allow all
DEFAULT action=ALLOW
Allow only initramfs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~
::
@@ -691,7 +691,7 @@ Allow only initramfs
op=EXECUTE boot_verified=TRUE action=ALLOW
Allow any signed and validated dm-verity volume and the initramfs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
@@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
Allow any fs-verity file with a valid built-in signature
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
@@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
op=EXECUTE fsverity_signature=TRUE action=ALLOW
Allow execution of a specific fs-verity file
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
> +Additional Information
> +----------------------
> +
> +- `Github Repository <https://github.com/microsoft/ipe>`_
> +- Documentation/security/ipe.rst
Link title to both this admin-side and developer docs can be added for
disambiguation (to avoid confusion on readers):
---- >8 ----
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
index a47e14e024a90d..25b17e11559149 100644
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
This is the documentation for admins, system builders, or individuals
attempting to use IPE. If you're looking for more developer-focused
- documentation about IPE please see Documentation/security/ipe.rst
+ documentation about IPE please see :doc:`the design docs
+ </security/ipe>`.
Overview
--------
@@ -748,7 +749,7 @@ Additional Information
----------------------
- `Github Repository <https://github.com/microsoft/ipe>`_
-- Documentation/security/ipe.rst
+- :doc:`Developer and design docs for IPE </security/ipe>`
FAQ
---
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index 07e3632241285d..fd1b1a852d2165 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
This is documentation targeted at developers, instead of administrators.
If you're looking for documentation on the usage of IPE, please see
- Documentation/admin-guide/LSM/ipe.rst
+ `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
Historical Motivation
---------------------
Thanks.
--
An old man doll... just what I always wanted! - Clara
On 5/4/2024 1:04 AM, Bagas Sanjaya wrote:
> On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
>> +IPE does not mitigate threats arising from malicious but authorized
>> +developers (with access to a signing certificate), or compromised
>> +developer tools used by them (i.e. return-oriented programming attacks).
>> +Additionally, IPE draws hard security boundary between userspace and
>> +kernelspace. As a result, IPE does not provide any protections against a
>> +kernel level exploit, and a kernel-level exploit can disable or tamper
>> +with IPE's protections.
>
> So how to mitigate kernel-level exploits then?
>
One possible way is to use hypervisor to protect the kernel integrity.
https://github.com/heki-linux is one project on this direction. Perhaps
I should also add this link to the doc.
>> +Allow only initramfs
>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> <snipped>...
>> +Allow any signed and validated dm-verity volume and the initramfs
>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> <snipped>...
>
> htmldocs build reports new warnings:
>
> Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
>
> Allow any signed and validated dm-verity volume and the initramfs
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
>
> Allow any signed and validated dm-verity volume and the initramfs
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.
>
> I have to match these sections underline length:
>
> ---- >8 ----
> diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> index 1a3bf1d8aa23f0..a47e14e024a90d 100644
> --- a/Documentation/admin-guide/LSM/ipe.rst
> +++ b/Documentation/admin-guide/LSM/ipe.rst
> @@ -681,7 +681,7 @@ Allow all
> DEFAULT action=ALLOW
>
> Allow only initramfs
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~
>
> ::
>
> @@ -691,7 +691,7 @@ Allow only initramfs
> op=EXECUTE boot_verified=TRUE action=ALLOW
>
> Allow any signed and validated dm-verity volume and the initramfs
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ::
>
> @@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
> op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
>
> Allow any fs-verity file with a valid built-in signature
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ::
>
> @@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
> op=EXECUTE fsverity_signature=TRUE action=ALLOW
>
> Allow execution of a specific fs-verity file
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ::
>
>
>> +Additional Information
>> +----------------------
>> +
>> +- `Github Repository <https://github.com/microsoft/ipe>`_
>> +- Documentation/security/ipe.rst
>
> Link title to both this admin-side and developer docs can be added for
> disambiguation (to avoid confusion on readers):
>
> ---- >8 ----
> diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> index a47e14e024a90d..25b17e11559149 100644
> --- a/Documentation/admin-guide/LSM/ipe.rst
> +++ b/Documentation/admin-guide/LSM/ipe.rst
> @@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
>
> This is the documentation for admins, system builders, or individuals
> attempting to use IPE. If you're looking for more developer-focused
> - documentation about IPE please see Documentation/security/ipe.rst
> + documentation about IPE please see :doc:`the design docs
> + </security/ipe>`.
>
> Overview
> --------
> @@ -748,7 +749,7 @@ Additional Information
> ----------------------
>
> - `Github Repository <https://github.com/microsoft/ipe>`_
> -- Documentation/security/ipe.rst
> +- :doc:`Developer and design docs for IPE </security/ipe>`
>
> FAQ
> ---
> diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
> index 07e3632241285d..fd1b1a852d2165 100644
> --- a/Documentation/security/ipe.rst
> +++ b/Documentation/security/ipe.rst
> @@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
>
> This is documentation targeted at developers, instead of administrators.
> If you're looking for documentation on the usage of IPE, please see
> - Documentation/admin-guide/LSM/ipe.rst
> + `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
>
> Historical Motivation
> ---------------------
>
> Thanks.
>
My apologies for these format issues and thanks for the suggestions. I
will fix them.
-Fan
On Sat, May 04, 2024 at 01:13:16PM -0700, Fan Wu wrote:
>
>
> On 5/4/2024 1:04 AM, Bagas Sanjaya wrote:
> > On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
> > > +IPE does not mitigate threats arising from malicious but authorized
> > > +developers (with access to a signing certificate), or compromised
> > > +developer tools used by them (i.e. return-oriented programming attacks).
> > > +Additionally, IPE draws hard security boundary between userspace and
> > > +kernelspace. As a result, IPE does not provide any protections against a
> > > +kernel level exploit, and a kernel-level exploit can disable or tamper
> > > +with IPE's protections.
> >
> > So how to mitigate kernel-level exploits then?
> >
> One possible way is to use hypervisor to protect the kernel integrity.
> https://github.com/heki-linux is one project on this direction. Perhaps I
> should also add this link to the doc.
OK.
>
> > > +Allow only initramfs
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > <snipped>...
> > > +Allow any signed and validated dm-verity volume and the initramfs
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > <snipped>...
> >
> > htmldocs build reports new warnings:
> >
> > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
> >
> > Allow any signed and validated dm-verity volume and the initramfs
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
> >
> > Allow any signed and validated dm-verity volume and the initramfs
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.
> >
> > I have to match these sections underline length:
> >
> > ---- >8 ----
> > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> > index 1a3bf1d8aa23f0..a47e14e024a90d 100644
> > --- a/Documentation/admin-guide/LSM/ipe.rst
> > +++ b/Documentation/admin-guide/LSM/ipe.rst
> > @@ -681,7 +681,7 @@ Allow all
> > DEFAULT action=ALLOW
> > Allow only initramfs
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~
> > ::
> > @@ -691,7 +691,7 @@ Allow only initramfs
> > op=EXECUTE boot_verified=TRUE action=ALLOW
> > Allow any signed and validated dm-verity volume and the initramfs
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ::
> > @@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
> > op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
> > Allow any fs-verity file with a valid built-in signature
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ::
> > @@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
> > op=EXECUTE fsverity_signature=TRUE action=ALLOW
> > Allow execution of a specific fs-verity file
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ::
> >
> > > +Additional Information
> > > +----------------------
> > > +
> > > +- `Github Repository <https://github.com/microsoft/ipe>`_
> > > +- Documentation/security/ipe.rst
> >
> > Link title to both this admin-side and developer docs can be added for
> > disambiguation (to avoid confusion on readers):
> >
> > ---- >8 ----
> > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> > index a47e14e024a90d..25b17e11559149 100644
> > --- a/Documentation/admin-guide/LSM/ipe.rst
> > +++ b/Documentation/admin-guide/LSM/ipe.rst
> > @@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
> > This is the documentation for admins, system builders, or individuals
> > attempting to use IPE. If you're looking for more developer-focused
> > - documentation about IPE please see Documentation/security/ipe.rst
> > + documentation about IPE please see :doc:`the design docs
> > + </security/ipe>`.
> > Overview
> > --------
> > @@ -748,7 +749,7 @@ Additional Information
> > ----------------------
> > - `Github Repository <https://github.com/microsoft/ipe>`_
> > -- Documentation/security/ipe.rst
> > +- :doc:`Developer and design docs for IPE </security/ipe>`
> > FAQ
> > ---
> > diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
> > index 07e3632241285d..fd1b1a852d2165 100644
> > --- a/Documentation/security/ipe.rst
> > +++ b/Documentation/security/ipe.rst
> > @@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
> > This is documentation targeted at developers, instead of administrators.
> > If you're looking for documentation on the usage of IPE, please see
> > - Documentation/admin-guide/LSM/ipe.rst
> > + `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
> > Historical Motivation
> > ---------------------
> >
> > Thanks.
> >
>
> My apologies for these format issues and thanks for the suggestions. I will
> fix them.
Oh, I forgot to also add :doc: directive for the last reference link:
---- >8 ----
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index fd1b1a852d2165..aa2e64d4119f3e 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
This is documentation targeted at developers, instead of administrators.
If you're looking for documentation on the usage of IPE, please see
- `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
+ :doc:`IPE admin guide </admin-guide/LSM/ipe>`.
Historical Motivation
---------------------
Thanks.
--
An old man doll... just what I always wanted! - Clara
On Fri, 3 May 2024, Fan Wu wrote:
> This patch adds a target finalize hook.
>
> The hook is triggered just before activating an inactive table of a
> mapped device. If it returns an error the __bind get cancelled.
>
> The dm-verity target will use this hook to attach the dm-verity's
> roothash metadata to the block_device struct of the mapped device.
>
> Signed-off-by: Fan Wu <[email protected]>
Hi
Why not use the preresume callback?
Is there some reason why do we need a new callback instead of using the
existing one?
Mikulas
On 5/8/2024 10:17 AM, Mikulas Patocka wrote:
>
>
> On Fri, 3 May 2024, Fan Wu wrote:
>
>> This patch adds a target finalize hook.
>>
>> The hook is triggered just before activating an inactive table of a
>> mapped device. If it returns an error the __bind get cancelled.
>>
>> The dm-verity target will use this hook to attach the dm-verity's
>> roothash metadata to the block_device struct of the mapped device.
>>
>> Signed-off-by: Fan Wu <[email protected]>
>
> Hi
>
> Why not use the preresume callback?
>
> Is there some reason why do we need a new callback instead of using the
> existing one?
>
> Mikulas
Thanks for the suggestion.
Mike suggested the new finalize() callback. I think the reason for not
using the preresume() callback is that there are multiple points that
can fail before activating an inactive table of a mapped device which
can potentially lead to inconsistent state.
In our specific case, we are trying to associate dm-verity's roothash
metadata with the block_device struct of the mapped device inside the
callback.
If we use the preresume() callback for the work and an error occurs
between the callback and the table activation, this leave the
block_device struct in an inconsistent state.
This is because now the block device contains the roothash metadata of
it's inactive table due to the preresume() callback, but the activation
failed so the mapped device is still using the old table.
The new finalize() callback guarantees that the callback happens just
before the table activation, thus avoiding the inconsistency.
-Fan
On Wed, 8 May 2024, Fan Wu wrote:
>
>
> On 5/8/2024 10:17 AM, Mikulas Patocka wrote:
> >
> >
> > On Fri, 3 May 2024, Fan Wu wrote:
> >
> >> This patch adds a target finalize hook.
> >>
> >> The hook is triggered just before activating an inactive table of a
> >> mapped device. If it returns an error the __bind get cancelled.
> >>
> >> The dm-verity target will use this hook to attach the dm-verity's
> >> roothash metadata to the block_device struct of the mapped device.
> >>
> >> Signed-off-by: Fan Wu <[email protected]>
> >
> > Hi
> >
> > Why not use the preresume callback?
> >
> > Is there some reason why do we need a new callback instead of using the
> > existing one?
> >
> > Mikulas
> Thanks for the suggestion.
>
> Mike suggested the new finalize() callback. I think the reason for not using
> the preresume() callback is that there are multiple points that can fail
> before activating an inactive table of a mapped device which can potentially
> lead to inconsistent state.
>
> In our specific case, we are trying to associate dm-verity's roothash metadata
> with the block_device struct of the mapped device inside the callback.
>
> If we use the preresume() callback for the work and an error occurs between
> the callback and the table activation, this leave the block_device struct in
> an inconsistent state.
The preresume callback is the final GO/NO-GO decision point. If all the
targets return zero in their preresume callback, then there's no turning
back and the table will be activated.
> This is because now the block device contains the roothash metadata of it's
> inactive table due to the preresume() callback, but the activation failed so
> the mapped device is still using the old table.
>
> The new finalize() callback guarantees that the callback happens just before
> the table activation, thus avoiding the inconsistency.
In your patch, it doesn't guarantee that.
do_resume calls dm_swap_table, dm_swap_table calls __bind, __bind calls
ti->type->finalize. Then we go back to do_resume and call dm_resume which
calls __dm_resume which calls dm_table_resume_targets which calls the
preresume callback on all the targets. If some of them fails, it returns a
failure (despite the fact that ti->type->finalize succeeded), if all of
them succeed, it calls the resume callback on all of them.
So, it seems that the preresume callback provides the guarantee that you
looking for.
> -Fan
Mikulas
On Sat, May 4, 2024 at 4:13 PM Fan Wu <[email protected]> wrote:
> On 5/4/2024 1:04 AM, Bagas Sanjaya wrote:
> > On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
> >> +IPE does not mitigate threats arising from malicious but authorized
> >> +developers (with access to a signing certificate), or compromised
> >> +developer tools used by them (i.e. return-oriented programming attacks).
> >> +Additionally, IPE draws hard security boundary between userspace and
> >> +kernelspace. As a result, IPE does not provide any protections against a
> >> +kernel level exploit, and a kernel-level exploit can disable or tamper
> >> +with IPE's protections.
> >
> > So how to mitigate kernel-level exploits then?
>
> One possible way is to use hypervisor to protect the kernel integrity.
> https://github.com/heki-linux is one project on this direction. Perhaps
> I should also add this link to the doc.
I wouldn't spend a lot of time on kernel exploits in the IPE
documentation as it is out of scope for IPE. In face, I would say
just that in the last sentence in the paragraph above:
"As a result, kernel-level exploits are considered outside the scope
of IPE and mitigation is left to other mechanisms."
(or something similar)
--
paul-moore.com
On Fri, May 3, 2024 at 6:32 PM Fan Wu <[email protected]> wrote:
>
> This patch enhances fsverity's capabilities to support both integrity and
> authenticity protection by introducing the exposure of built-in
> signatures through a new LSM hook. This functionality allows LSMs,
> e.g. IPE, to enforce policies based on the authenticity and integrity of
> files, specifically focusing on built-in fsverity signatures. It enables
> a policy enforcement layer within LSMs for fsverity, offering granular
> control over the usage of authenticity claims. For instance, a policy
> could be established to permit the execution of all files with verified
> built-in fsverity signatures while restricting kernel module loading
> from specified fsverity files via fsverity digests.
>
> The introduction of a security_inode_setintegrity() hook call within
> fsverity's workflow ensures that the verified built-in signature of a file
> is exposed to LSMs. This enables LSMs to recognize and label fsverity files
> that contain a verified built-in fsverity signature. This hook is invoked
> subsequent to the fsverity_verify_signature() process, guaranteeing the
> signature's verification against fsverity's keyring. This mechanism is
> crucial for maintaining system security, as it operates in kernel space,
> effectively thwarting attempts by malicious binaries to bypass user space
> stack interactions.
>
> The second to last commit in this patch set will add a link to the IPE
> documentation in fsverity.rst.
>
> Signed-off-by: Deven Bowers <[email protected]>
> Signed-off-by: Fan Wu <[email protected]>
Eric, are you okay with the fs-verity patches in v18? If so, it would
be nice to get your ACK on this patch at the very least.
While it looks like there may be a need for an additional respin to
address some new/different feedback from the device-mapper folks, that
shouldn't affect the fs-verity portions of the patchset.
--
paul-moore.com
On 5/9/2024 10:07 AM, Mikulas Patocka wrote:
>
>
> On Wed, 8 May 2024, Fan Wu wrote:
>
>>
>>
>> On 5/8/2024 10:17 AM, Mikulas Patocka wrote:
>>>
>>>
>>> On Fri, 3 May 2024, Fan Wu wrote:
>>>
>>>> This patch adds a target finalize hook.
>>>>
>>>> The hook is triggered just before activating an inactive table of a
>>>> mapped device. If it returns an error the __bind get cancelled.
>>>>
>>>> The dm-verity target will use this hook to attach the dm-verity's
>>>> roothash metadata to the block_device struct of the mapped device.
>>>>
>>>> Signed-off-by: Fan Wu <[email protected]>
>>>
>>> Hi
>>>
>>> Why not use the preresume callback?
>>>
>>> Is there some reason why do we need a new callback instead of using the
>>> existing one?
>>>
>>> Mikulas
>> Thanks for the suggestion.
>>
>> Mike suggested the new finalize() callback. I think the reason for not using
>> the preresume() callback is that there are multiple points that can fail
>> before activating an inactive table of a mapped device which can potentially
>> lead to inconsistent state.
>>
>> In our specific case, we are trying to associate dm-verity's roothash metadata
>> with the block_device struct of the mapped device inside the callback.
>>
>> If we use the preresume() callback for the work and an error occurs between
>> the callback and the table activation, this leave the block_device struct in
>> an inconsistent state.
>
> The preresume callback is the final GO/NO-GO decision point. If all the
> targets return zero in their preresume callback, then there's no turning
> back and the table will be activated.
>
>> This is because now the block device contains the roothash metadata of it's
>> inactive table due to the preresume() callback, but the activation failed so
>> the mapped device is still using the old table.
>>
>> The new finalize() callback guarantees that the callback happens just before
>> the table activation, thus avoiding the inconsistency.
>
> In your patch, it doesn't guarantee that.
>
> do_resume calls dm_swap_table, dm_swap_table calls __bind, __bind calls
> ti->type->finalize. Then we go back to do_resume and call dm_resume which
> calls __dm_resume which calls dm_table_resume_targets which calls the
> preresume callback on all the targets. If some of them fails, it returns a
> failure (despite the fact that ti->type->finalize succeeded), if all of
> them succeed, it calls the resume callback on all of them.
>
> So, it seems that the preresume callback provides the guarantee that you
> looking for.
>
>> -Fan
>
> Mikulas
Thanks for the info. I have tested and verified that the preresume()
hook can also work for our case.
From the source code
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/md/dm-ioctl.c#n1149,
the whole resume process appears to be:
1. Check if there is a new map for the device. If so, attempt to
activate the new map using dm_swap_table() (where the finalize()
callback occurs).
2. Check if the device is suspended. If so, use dm_resume() (where the
preresume() callback occurs) to resume the device.
3. If a new map is activated, use dm_table_destroy() to destroy the old map.
For our case:
- Using the finalize() callback, the metadata of the dm-verity target
inside the table is attached to the mapped device every time a new table
is activated.
- Using the preresume() callback, the same metadata is attached every
time the device resumes from suspension.
If I understand the code correctly, resuming from suspension is a
necessary step for loading a new mapping table. Thus, the preresume()
callback covers all conditions where the finalize() callback would be
triggered. However, the preresume() callback can also be triggered when
the device resumes from suspension without loading a new table, in which
case there is no new metadata in the table to attach to the mapped device.
In the scenario where the finalize() callback succeeds but the
preresume() callback fails, it seems the device will remain in a
suspended state, the newly activated table will be kept, and the old
table will be destroyed, so it seems there is no inconsistency using
finalize() even preresume() potentially fails.
I believe both the finalize() callback proposed by Mike and the
preresume() callback suggested by Mikulas can work for our case. I am
fine with either approach, but I would like to know which one is
preferred by the maintainers and would appreciate an ACK for the chosen
approach.
-Fan
On Fri, 17 May 2024, Fan Wu wrote:
> > So, it seems that the preresume callback provides the guarantee that you
> > looking for.
> >
> >> -Fan
> >
> > Mikulas
>
> Thanks for the info. I have tested and verified that the preresume() hook can
> also work for our case.
>
> From the source code
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/md/dm-ioctl.c#n1149,
> the whole resume process appears to be:
>
> 1. Check if there is a new map for the device. If so, attempt to activate the
> new map using dm_swap_table() (where the finalize() callback occurs).
>
> 2. Check if the device is suspended. If so, use dm_resume() (where the
> preresume() callback occurs) to resume the device.
>
> 3. If a new map is activated, use dm_table_destroy() to destroy the old map.
>
> For our case:
>
> - Using the finalize() callback, the metadata of the dm-verity target inside
> the table is attached to the mapped device every time a new table is
> activated.
> - Using the preresume() callback, the same metadata is attached every time the
> device resumes from suspension.
>
> If I understand the code correctly, resuming from suspension is a necessary
> step for loading a new mapping table. Thus, the preresume() callback covers
> all conditions where the finalize() callback would be triggered.
Yes.
> However, the preresume() callback can also be triggered when the device
> resumes from suspension without loading a new table, in which case there
> is no new metadata in the table to attach to the mapped device.
Yes.
> In the scenario where the finalize() callback succeeds but the preresume()
> callback fails, it seems the device will remain in a suspended state, the
> newly activated table will be kept, and the old table will be destroyed, so it
> seems there is no inconsistency using finalize() even preresume() potentially
> fails.
What does your security module do when the verification of the dm-verity
hash fails? Does it halt the whole system? Does it destroy just the
failing dm device? Or does it attempt to recover somehow from this
situation?
> I believe both the finalize() callback proposed by Mike and the preresume()
> callback suggested by Mikulas can work for our case. I am fine with either
> approach, but I would like to know which one is preferred by the maintainers
> and would appreciate an ACK for the chosen approach.
>
> -Fan
I would prefer preresume - we shouldn't add new callbacks unless it's
necessary.
Mikulas
On 5/20/2024 5:31 AM, Mikulas Patocka wrote:
>
>
> On Fri, 17 May 2024, Fan Wu wrote:
>
>>> So, it seems that the preresume callback provides the guarantee that you
>>> looking for.
>>>
>>>> -Fan
>>>
>>> Mikulas
>>
>> Thanks for the info. I have tested and verified that the preresume() hook can
>> also work for our case.
>>
>> From the source code
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/md/dm-ioctl.c#n1149,
>> the whole resume process appears to be:
>>
>> 1. Check if there is a new map for the device. If so, attempt to activate the
>> new map using dm_swap_table() (where the finalize() callback occurs).
>>
>> 2. Check if the device is suspended. If so, use dm_resume() (where the
>> preresume() callback occurs) to resume the device.
>>
>> 3. If a new map is activated, use dm_table_destroy() to destroy the old map.
>>
>> For our case:
>>
>> - Using the finalize() callback, the metadata of the dm-verity target inside
>> the table is attached to the mapped device every time a new table is
>> activated.
>> - Using the preresume() callback, the same metadata is attached every time the
>> device resumes from suspension.
>>
>> If I understand the code correctly, resuming from suspension is a necessary
>> step for loading a new mapping table. Thus, the preresume() callback covers
>> all conditions where the finalize() callback would be triggered.
>
> Yes.
>
>> However, the preresume() callback can also be triggered when the device
>> resumes from suspension without loading a new table, in which case there
>> is no new metadata in the table to attach to the mapped device.
>
> Yes.
>
>> In the scenario where the finalize() callback succeeds but the preresume()
>> callback fails, it seems the device will remain in a suspended state, the
>> newly activated table will be kept, and the old table will be destroyed, so it
>> seems there is no inconsistency using finalize() even preresume() potentially
>> fails.
>
> What does your security module do when the verification of the dm-verity
> hash fails? Does it halt the whole system? Does it destroy just the
> failing dm device? Or does it attempt to recover somehow from this
> situation?
>
I'm not sure which hash verification is being referred to here, but it
could be either root hash signature verification or block-level hash
verification. Our security module does not intervene in these processes,
so the behavior remains as dm-verity currently handles it.
Within the device mapper, our security module uses the device mapper
callback to duplicate the root hash of a dm-verity target and record the
signature verification state of the dm-verity target, then attach this
information to the security field of the block_device structure. This
process can only fail if the system is out of memory.
With the root hash and signature verification state attached to the
security field of the block device, the security system can access this
important metadata to enforce policies. For example, these policies can
include only allowing files from a dm-verity volume specified by its
root hash to execute or only allowing files from a verified signed
dm-verity volume to execute.
>> I believe both the finalize() callback proposed by Mike and the preresume()
>> callback suggested by Mikulas can work for our case. I am fine with either
>> approach, but I would like to know which one is preferred by the maintainers
>> and would appreciate an ACK for the chosen approach.
>>
>> -Fan
>
> I would prefer preresume - we shouldn't add new callbacks unless it's
> necessary.
>
> Mikulas
>
Thanks for the confirmation. I will switch to use prereume and I will
send a new version later this week.
-Fan