Received: by 10.213.65.68 with SMTP id h4csp1034231imn; Wed, 14 Mar 2018 07:42:47 -0700 (PDT) X-Google-Smtp-Source: AG47ELvpK57Xqi5QDomJKHgd+Ul4Y1hhLPBs7mmcT3NhccXhIRV3OZf8qGi/nc66p/MsR98k1omp X-Received: by 10.99.157.142 with SMTP id i136mr4023962pgd.14.1521038567262; Wed, 14 Mar 2018 07:42:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521038567; cv=none; d=google.com; s=arc-20160816; b=Ah2j0Gfjf3YYIL2cZ7WKqe+vHKyPXBCsBecsRJMx9cH3MboKtzKlKmdxrpIhc82Yyx RVquiLEihLTn1EkGngzDPv5xPXUE6SeNovhS7DUKqdKnzZN3Lz70YZCTXyrx6tljf8NI Se2qc0zBjLea0M/x0sQhc8+OIln9XZ6HDMIaTnN+bxVQY3OMa/2L6/uAT2eaIloUavEV qlA7LcKPsnyoCm+lAQk1straQQ5YzPuJgYIGBDdAD/z6MM8+h3jBO/cJvu7TpNKzSgYU ZSK3MaS+5P0hOIJuAHpVydS87tJ9gzx2HJZSkQwvLnNHt/rGpVSZW9yetAfCa2/LkLMa EAKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:arc-authentication-results; bh=IpQdzftXGej2Nz+dtWZ7pMCQxu++72eZjg4O/4P/B5w=; b=GzPp4bKgmWLBmiThog0GUY5ALxbg1F8susGEB8WLdCpjMy71kO7KKGGJOvyS3YA9rg DXQbxLFZbqaHfasN//gmG+c8TMLdTg3PzYGmfud0U5LRVCwhyX0EjnGToLj21x9kgl5U ZOCDf9uL2BnQ7emKoGh2vnvRgCzdMaCyHTT00arTfO9Uh/+/rInlA3y+1IetjxVUwiEh WFiuMsTZNBxWTehFsszs+4pFzAeS74HA/3NXPxiVNSdwVnFrQMG/6FnXLS2GUVW3Iqk+ IBqYcphT+zt1+biltereo9n/f+C8lK9ee5XSKaNM7Y8J3pafkvf7U6348YPFJuCZxjZA xXWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ae2q5XQw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x2-v6si2076436plo.479.2018.03.14.07.42.06; Wed, 14 Mar 2018 07:42:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ae2q5XQw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752111AbeCNOlQ (ORCPT + 99 others); Wed, 14 Mar 2018 10:41:16 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:52464 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752009AbeCNOlO (ORCPT ); Wed, 14 Mar 2018 10:41:14 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 715AE8EE139; Wed, 14 Mar 2018 07:41:13 -0700 (PDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sqEI02gzsUu7; Wed, 14 Mar 2018 07:41:13 -0700 (PDT) Received: from [153.66.254.194] (unknown [50.35.65.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id AB4078EE0CF; Wed, 14 Mar 2018 07:41:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1521038473; bh=0h0GtIO7BUJo811aefGFKdjENi1ccgG2Lz4qF6YoKG4=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=ae2q5XQwUkS8a7ZB298M0J18FOvSgP/gEWojdeB1aGOlgi7ujHAJhzpvo5Jwzz4dK spgaFOoTqXFKl4WZf8O6TUgRKbbvjBXqtyHcSpssl+9Gjf0CQ3lkBjnL5lbIu7Xoa/ HB8Jn50F/OGqaUq9hWGSMLE7Olnc1d4mQUY/zedg= Message-ID: <1521038471.4508.25.camel@HansenPartnership.com> Subject: Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64 From: James Bottomley To: "Safford, David (GE Global Research, US)" , Mimi Zohar , Jiandi An , Jason Gunthorpe Cc: "dmitry.kasatkin@gmail.com" , "jmorris@namei.org" , "serge@hallyn.com" , "linux-integrity@vger.kernel.org" , "linux-ima-devel@lists.sourceforge.net" , "linux-ima-user@lists.sourceforge.net" , "linux-security-module@vger.kernel.org" , "linux-kernel@vger.kernel.org" Date: Wed, 14 Mar 2018 07:41:11 -0700 In-Reply-To: References: <1520400386-17674-1-git-send-email-anjiandi@codeaurora.org> <20180307185132.GA30102@ziepe.ca> <1520448953.10396.565.camel@linux.vnet.ibm.com> <1520449719.5558.28.camel@HansenPartnership.com> <1520450495.10396.587.camel@linux.vnet.ibm.com> <1520451662.24314.5.camel@HansenPartnership.com> <1520461156.10396.654.camel@linux.vnet.ibm.com> <191cfd49-0c66-a5ef-3d2b-b6c4132aa294@codeaurora.org> <1520615461.12216.6.camel@HansenPartnership.com> <1520891598.3547.190.camel@linux.vnet.ibm.com> <1520893847.4522.62.camel@HansenPartnership.com> <1520897400.3547.253.camel@linux.vnet.ibm.com> <1520899605.4522.67.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-03-13 at 12:57 +0000, Safford, David (GE Global Research, US) wrote: > > > > -----Original Message----- > > From: James Bottomley [mailto:James.Bottomley@HansenPartnership.com > > ] > > Sent: Monday, March 12, 2018 8:07 PM > > To: Mimi Zohar ; Jiandi An [...] > > > > The key question is not whether the component could > > > > theoretically > > > > access the files but whether it actually does so. > > > > > > As much as you might think you know what is included in the > > > initramfs, IMA-measurement is your safety net, including > > > everything accessed in the TCB. > > > > The initrd *is* part of the Trusted Computing Base because it's > > part of the boot custody chain.  That's really my point.  If I > > don't know what's in my initrd, I've broken the chain there and IMA > > can't fix it. > > > > James > > That's exactly the point - how do you know what's in your initrd? > The initrd is normally built on the possibly compromised system in > question. The point of deploying security measures is to make sure my system isn't compromised.  I realise the institutional view is "we didn't build the initrd" and my individual view is well, I built my own kernel as well, so what's the difference?  But the initrd in both models is still part of the chain. > It's not signed as a whole by someone trusted. How can the > attestation server say a given hash of the initrd as a whole is good? I trust myself.  I can get the hash at build time.  In the same way as I sign my own kernel at build time for secure boot. > If IMA is running from the very start, it can at least measure (and > eventually appraise) every individual file in the initrd. Given this > more detailed measurement list, the attestation server can verify all > the components in the initrd, even when it is assembled on the > untrusted system. > > On many embedded systems, there is no initrd, and IMA has to start > measuring and appraising immediately, anyway. > > Perhaps there is a use case where there is a known set of initrd > images, and so the bootloader's measurement of the initrd is > sufficient for verification. I've not run into that situation yet. If > you want an option for this use case,  that's fine, (I'm all for > choice) but it should not be the default for IMA. Actually, we seem to have wandered away from the main concern which was trying to select built in TPM drivers.  What about a compromise: we already get the boot loader to do measurements and PCR extensions using the BIOS TPM driver, there's no reason why we can't do the same in the early kernel until a real TPM driver is found.  That way IMA would have no dependency on any built in TPM driver ... is that an acceptable compromise to everyone? James