Received: by 10.192.165.148 with SMTP id m20csp173062imm; Thu, 3 May 2018 17:25:03 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrAg6BJvFcjQFkKuRsKRbLSS8twUZAwTZ32SD4426NS8mpmPtyRO4JyC1AfQFcIQHiIVVwS X-Received: by 2002:a17:902:5502:: with SMTP id f2-v6mr25734042pli.108.1525393503048; Thu, 03 May 2018 17:25:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525393503; cv=none; d=google.com; s=arc-20160816; b=K4mu5B7a1iZg8MPtG47R80paLnrrFMNnSZuSHdafJmObxh/wTRUMwQZ/q2hRtcuyJs uNbG8L82PDlq1o+r9AO1Y+HDT1fEO4g5oX8RAgvuKeONy3B3ytUEpW0R/R/QpH1dA4o4 YxVxtwFCsnhoAHR8tkS7jxyhBGM3WrlMKhvc3wnoiMMkvqPAbmwnuXJHe5PR1aGtqBNL iHMLYEr6qhrUIz1N+GXMw+AHLE7c6rqohZ16uap2gKDy47BDmY36f7HnMlk8lIcuZNkr PFVJDJLQW9zNOP6RncQqAsL2LN0RVj4TnpOy7UCqRFqzArZ/Kftg96OcWKnFiekGeuaR wJrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject :arc-authentication-results; bh=yFukvqKnvgbch/y9l4T+Fi4lTGgP7USGygruQTfP/nE=; b=nci+OLNQOPp7jGW8g/+h2kKm3i8uO/76+swDfCeYQvvEgPtaNsh+6aMfhbP3AO+2TC i2VwMyoKAidee5fm8rmA+iRRA3dmKKkrHIYQk3UPTC2aI3JZyPdk0dXd81dy3eHJXMdt AQ7qFwdwtc3s0cBDKLZXMrUWm3OpgNwgeHJ616YPDyjGmVdb9UqgwRdTxn5KSTD/N1FL k67WlrWM8lnpu/HhlM06wilwMeMweuikfxRwvm2kxxPQaRx9/jwaevbGBU78B+oIPICn RoGiosWpO9BF2hycVs63lOtYCGMByfSbFwUvw1nDSgVMz4fOVxyayGS4suevCHoGGY5a NEJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y5-v6si14231586plt.357.2018.05.03.17.24.48; Thu, 03 May 2018 17:25:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751188AbeEDAYi (ORCPT + 99 others); Thu, 3 May 2018 20:24:38 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:42050 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750911AbeEDAYg (ORCPT ); Thu, 3 May 2018 20:24:36 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w440MwEJ072277 for ; Thu, 3 May 2018 20:24:35 -0400 Received: from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111]) by mx0a-001b2d01.pphosted.com with ESMTP id 2hrc3v1kja-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 03 May 2018 20:24:35 -0400 Received: from localhost by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 4 May 2018 01:24:32 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 4 May 2018 01:24:29 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w440OSAo65732786; Fri, 4 May 2018 00:24:28 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C6CEF11C054; Fri, 4 May 2018 01:16:01 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3959A11C04C; Fri, 4 May 2018 01:16:00 +0100 (BST) Received: from localhost.localdomain (unknown [9.80.107.24]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 4 May 2018 01:16:00 +0100 (BST) Subject: Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware From: Mimi Zohar To: "Luis R. Rodriguez" Cc: linux-integrity@vger.kernel.org, Hans de Goede , Ard Biesheuvel , Peter Jones , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Kees Cook , Seth Forshee , Johannes Berg , Greg Kroah-Hartman , Andres Rodriguez Date: Thu, 03 May 2018 20:24:26 -0400 In-Reply-To: <20180504000743.GR27853@wotan.suse.de> References: <1525182503-13849-1-git-send-email-zohar@linux.vnet.ibm.com> <1525182503-13849-4-git-send-email-zohar@linux.vnet.ibm.com> <20180504000743.GR27853@wotan.suse.de> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18050400-0020-0000-0000-00000418C1BB X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18050400-0021-0000-0000-000042ADE60F Message-Id: <1525393466.3539.133.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-03_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805040002 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2018-05-04 at 00:07 +0000, Luis R. Rodriguez wrote: > On Tue, May 01, 2018 at 09:48:20AM -0400, Mimi Zohar wrote: > > Allow LSMs and IMA to differentiate between signed regulatory.db and > > other firmware. > > > > Signed-off-by: Mimi Zohar > > Cc: Luis R. Rodriguez > > Cc: David Howells > > Cc: Kees Cook > > Cc: Seth Forshee > > Cc: Johannes Berg > > --- > > drivers/base/firmware_loader/main.c | 5 +++++ > > include/linux/fs.h | 1 + > > 2 files changed, 6 insertions(+) > > > > diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c > > index eb34089e4299..d7cdf04a8681 100644 > > --- a/drivers/base/firmware_loader/main.c > > +++ b/drivers/base/firmware_loader/main.c > > @@ -318,6 +318,11 @@ fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv) > > break; > > } > > > > +#ifdef CONFIG_CFG80211_REQUIRE_SIGNED_REGDB > > + if ((strcmp(fw_priv->fw_name, "regulatory.db") == 0) || > > + (strcmp(fw_priv->fw_name, "regulatory.db.p7s") == 0)) > > + id = READING_FIRMWARE_REGULATORY_DB; > > +#endif > > Whoa, no way. There are two methods for the kernel to verify firmware signatures.  If both are enabled, do we require both signatures or is one enough. Assigning a different id for regdb signed firmware allows LSMs and IMA to handle regdb files differently. > > > fw_priv->size = 0; > > rc = kernel_read_file_from_path(path, &fw_priv->data, &size, > > msize, id); > > diff --git a/include/linux/fs.h b/include/linux/fs.h > > index dc16a73c3d38..d1153c2884b9 100644 > > --- a/include/linux/fs.h > > +++ b/include/linux/fs.h > > @@ -2811,6 +2811,7 @@ extern int do_pipe_flags(int *, int); > > id(FIRMWARE, firmware) \ > > id(FIRMWARE_PREALLOC_BUFFER, firmware) \ > > id(FIRMWARE_FALLBACK, firmware) \ > > + id(FIRMWARE_REGULATORY_DB, firmware) \ > > Why could IMA not appriase these files? They are part of the standard path. The subsequent patch attempts to verify the IMA-appraisal signature, but on failure it falls back to allowing regdb signatures.  For systems that only want to load firmware based on IMA-appraisal, then regdb wouldn't be enabled. Mimi > > > id(MODULE, kernel-module) \ > > id(KEXEC_IMAGE, kexec-image) \ > > id(KEXEC_INITRAMFS, kexec-initramfs) \ > > -- > > 2.7.5 > > > > >