Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423366AbdD0WNr convert rfc822-to-8bit (ORCPT ); Thu, 27 Apr 2017 18:13:47 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:36490 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1034330AbdD0WNh (ORCPT ); Thu, 27 Apr 2017 18:13:37 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [PATCH 6/6] ima: Support appended signatures for appraisal From: Mehmet Kayaalp In-Reply-To: <1565385.DQpqeaisNG@morokweng> Date: Thu, 27 Apr 2017 18:17:30 -0400 Cc: kbuild test robot , kbuild-all@01.org, LSM , linux-ima-devel@lists.sourceforge.net, keyrings , linux-crypto@vger.kernel.org, kernel , Mimi Zohar , Dmitry Kasatkin , David Howells , Herbert Xu , "David S. Miller" , Claudio Carvalho Content-Transfer-Encoding: 8BIT References: <201704201148.IPsFhl4B%fengguang.wu@intel.com> <35565259.p7kmk0rNRg@morokweng> <1565385.DQpqeaisNG@morokweng> To: Thiago Jung Bauermann X-Mailer: Apple Mail (2.3273) X-TM-AS-GCONF: 00 x-cbid: 17042722-0008-0000-0000-00000207E693 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00006985; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000208; SDB=6.00853330; UDB=6.00421931; IPR=6.00632226; BA=6.00005316; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00015210; XFM=3.00000014; UTC=2017-04-27 22:13:36 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17042722-0009-0000-0000-000034FAF4D0 Message-Id: <027C5B04-376A-4340-9C6D-A5DB26327A3A@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-04-27_19:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1704270351 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1848 Lines: 41 > On Apr 27, 2017, at 5:41 PM, Thiago Jung Bauermann wrote: > > Am Mittwoch, 26. April 2017, 18:18:34 BRT schrieb Mehmet Kayaalp: >>> On Apr 20, 2017, at 7:41 PM, Thiago Jung Bauermann >>> wrote: >>> >>> This patch introduces the appended_imasig keyword to the IMA policy syntax >>> to specify that a given hook should expect the file to have the IMA >>> signature appended to it. Here is how it can be used in a rule: >>> >>> appraise func=KEXEC_KERNEL_CHECK appraise_type=appended_imasig >>> appraise func=KEXEC_KERNEL_CHECK appraise_type=appended_imasig|imasig >>> >>> In the second form, IMA will accept either an appended signature or a >>> signature stored in the extended attribute. In that case, it will first >>> check whether there is an appended signature, and if not it will read it >>> from the extended attribute. >>> >>> The format of the appended signature is the same used for signed kernel >>> modules. This means that the file can be signed with the scripts/sign-file >> >>> tool, with a command line such as this: >> I would suggest naming the appraise_type as modsig (or some variant) to >> clarify that the format is defined by how module signatures are handled. >> Maybe we'd like to define a different appended/inline signature format for >> IMA in the future. > > I like the suggestion. Would that mean that we will keep refering to it as > "module signature format", and thus nothing changes in patch 5? I think so. If we want IMA to own the format, we might want to go further than just changing the word "module" in the marker. We might consider having more flexibility and some additional fields, for example multiple signatures, or certificate chains, ascii/binary encodings etc. We could maybe add a different type for CMS Signed-Data. Mehmet