Received: by 10.192.165.148 with SMTP id m20csp4956490imm; Tue, 1 May 2018 06:51:47 -0700 (PDT) X-Google-Smtp-Source: AB8JxZp760lfKFHY5v2PPvhfTrJXN1A/sKW7kJykwWgNvyncxDoGdcrg+XAgQVyiHKLtG1uSuz+z X-Received: by 10.98.19.6 with SMTP id b6mr15465136pfj.58.1525182707015; Tue, 01 May 2018 06:51:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525182706; cv=none; d=google.com; s=arc-20160816; b=KTY+PLbSbFBBf6t1iPN2AA1K/W/MrmcXSeUG+H8OQ5ND2/5q7y0q7Bar2szQbJVRPg ixh0319okE4axg3lmjprJh5x6w5JUNhtHGpUH/KfikvnhFUb+0g/Xzsfa4duA4ElpL1G I5rXSByg+BhgaA88LoA2DFuNNBFhuvwt/X3OYbR7B1QlEgwtyaiphHVawMdAomuqw+8u VBhaFDPLKKLtgNfgDoYM49rU8pFt3hcUNnsHdtqMfxP9I2yjeNfA0fvjy/Iq3OX/KLPE ChOiOX5nTw4tzFnAwkr5gNI5ixYPcZpb/VaFNI0HU0cCzYndY9TcQ6YdGNAKm0pQuRTd sZQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=v5WAIC2U51dCytWBxqTcrEBB5LX7PF1sCIjVA7xd8dQ=; b=lce5jCj9pUK5eKVHc0SAoKWLU0D50wbleHqeea804FVzZ2gJV3LAPKCHCVIl5+OXBs 72Ayk2+zvOv43euxq3j69FLWQsxEz13AszOpZGTz7jAhSuGR5b+80nHS/NEnx136nRDt VOQJElNvKgyV1lgA2Lnen2mJnKg3q4NELbfIPkkW6iGOwf5F2v+yM4y89JWCMA6fIXgY jfjaZYGNESbFGcsNghhvNsMB+moiDNyNk+V5c60FQIsZQpsmdZEgFQ5n7VkGVWH9ODcO WVCXOFZtI73KmNQ1jF7A5wrSR/VOoeAWMxXGVrU8/PXMi0EDNqxNxpSmo08iQNqpEqQe vofw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f66-v6si6770498pgc.391.2018.05.01.06.51.32; Tue, 01 May 2018 06:51:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755402AbeEANsj (ORCPT + 99 others); Tue, 1 May 2018 09:48:39 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:40170 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754340AbeEANsh (ORCPT ); Tue, 1 May 2018 09:48:37 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w41DmBWP098155 for ; Tue, 1 May 2018 09:48:37 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0a-001b2d01.pphosted.com with ESMTP id 2hprf52fhk-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 01 May 2018 09:48:37 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 1 May 2018 14:48:34 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 1 May 2018 14:48:32 +0100 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w41DmVUJ10551762; Tue, 1 May 2018 13:48:31 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D1B0C42047; Tue, 1 May 2018 14:39:44 +0100 (BST) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3DD7C4203F; Tue, 1 May 2018 14:39:43 +0100 (BST) Received: from localhost.ibm.com (unknown [9.80.105.194]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 1 May 2018 14:39:43 +0100 (BST) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: Hans de Goede , Ard Biesheuvel , Peter Jones , Mimi Zohar , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , "Luis R . Rodriguez" Subject: [PATCH 0/6] firmware: kernel signature verification Date: Tue, 1 May 2018 09:48:17 -0400 X-Mailer: git-send-email 2.7.5 X-TM-AS-GCONF: 00 x-cbid: 18050113-0040-0000-0000-00000453CC11 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18050113-0041-0000-0000-000020F7E72E Message-Id: <1525182503-13849-1-git-send-email-zohar@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-01_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805010138 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Allow LSMs and IMA to differentiate between different methods of firmware loading (eg. direct loading, sysfs fallback) and to differentiate/coordinate between signature verification methods (eg. regdb, IMA-appraisal). In addition, the last two patches address the pre-allocated buffer. The first of these patches doesn't differentiate between reading the firmware first into kernel memory and verifying the kernel signature, versus reading the firmware directly into a pre-allocated buffer. The last patch, which is posted as an RFC, questions whether the device can access the pre-allocated buffer before the kernel signature has been verified. Mimi Zohar (6): firmware: permit LSMs and IMA to fail firmware sysfs fallback loading ima: prevent sysfs fallback firmware loading firmware: differentiate between signed regulatory.db and other firmware ima: coordinate with signed regulatory.db ima: verify kernel firmware signatures when using a preallocated buffer ima: prevent loading firmware into a pre-allocated buffer drivers/base/firmware_loader/fallback.c | 7 +++++++ drivers/base/firmware_loader/main.c | 5 +++++ include/linux/fs.h | 2 ++ security/integrity/ima/ima_main.c | 29 +++++++++++++++++++++++++++-- 4 files changed, 41 insertions(+), 2 deletions(-) -- 2.7.5