Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp200654imm; Thu, 10 May 2018 18:39:02 -0700 (PDT) X-Google-Smtp-Source: AB8JxZo0rJ1UcIHngWsEyUxKeeTK8hf47GHDQW1tSY1SOncDcdIF6laO/Ec2r8d+XW4ne5Pkd9mi X-Received: by 2002:a17:902:b702:: with SMTP id d2-v6mr3469944pls.228.1526002742245; Thu, 10 May 2018 18:39:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526002742; cv=none; d=google.com; s=arc-20160816; b=DEvFhOkQmrRJsU0ZYScNWiSL1/wJfouh9wnTUY4YDGpOMLkFLLO5zASIZe7SbZHcFs XBAzIBDbqT7+gWEdAd+J0QlU14i1nV751MYdu9cALlQCz0eVR6zfWS9CWddKpcrFnalW pwzjzSJ03a0nZgChdlskImGmYJ2tNo3c6BI4Wx0gR/+kBMutD7dY1Yss79TTdxLFAhC6 BaMIXIOfYa3V6618PorfGdc7lZkuL3BenUX+qG273HgtPRtqrUD7ClGmeAmfgG5zO0Jv uQ71U3G4Kn6J8aatBN5dcP56uJLwq300K40shTypXx2EeI5kkoCD0DYNHlhzq1MlKxnz sxMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Z+v33TmZqNhek2OYKOaAksj3CWROtyp5LGIL/cKe9z4=; b=VQCGbEwVEmuuNNEbwdu1xsVpDnc82nlktcR1MA/fEBJfDc/q3P2VDZnGdlN6Q3U5Qi r0cgjqDyeEfExG2W6zF1u4MiZ9ziZiUg3XfAjDsJXRYic+VPP3gSC6MOba9/5yOolxeO YmpAVLMYOVDGUHr1KEgvzjzElwzU1cskb08tYQbx/RyP6/Fd68kq9PN/gSx9D1dV7PvZ OMe34HlI13ftsryU25N51jqfpK2x1DSD4GWWQY6w17rscPSA8VuMEy4+NF50R6EJZYBn 2Dzjbgeu7imU8buBA8lwF2NQ1LOrZZKPq1rFtCPilLuZvFFlzaAPt71WdcTaaVsVf9pH LBxA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r8-v6si2035990pli.119.2018.05.10.18.38.48; Thu, 10 May 2018 18:39:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751992AbeEKBhD (ORCPT + 99 others); Thu, 10 May 2018 21:37:03 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:60200 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750890AbeEKBhB (ORCPT ); Thu, 10 May 2018 21:37:01 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4B1Ympj134886 for ; Thu, 10 May 2018 21:37:01 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0a-001b2d01.pphosted.com with ESMTP id 2hw17j8u50-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 10 May 2018 21:37:01 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 11 May 2018 02:36:59 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 11 May 2018 02:36:55 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4B1askO3146220; Fri, 11 May 2018 01:36:54 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 103B411C04C; Fri, 11 May 2018 02:28:18 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0EDA511C04A; Fri, 11 May 2018 02:28:17 +0100 (BST) Received: from localhost.ibm.com (unknown [9.80.104.201]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 11 May 2018 02:28:16 +0100 (BST) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: Eric Biederman , David Howells , Mimi Zohar , linux-security-module@vger.kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/3] kexec: limit kexec_load syscall Date: Thu, 10 May 2018 21:36:45 -0400 X-Mailer: git-send-email 2.7.5 X-TM-AS-GCONF: 00 x-cbid: 18051101-0040-0000-0000-000004585060 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18051101-0041-0000-0000-000020FC62B7 Message-Id: <1526002608-27474-1-git-send-email-zohar@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-11_01:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805110009 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org IMA-appraisal is mostly being used in the embedded or single purpose closed system environments. In these environments, both the Kconfig options and the userspace tools can be modified appropriately to limit syscalls. For stock kernels, userspace applications need to continue to work with older kernels as well as with newer kernels. In this environment, the customer needs the ability to define a system wide IMA runtime policy, such as requiring all kexec'ed images (or firmware) to be signed, without being dependent on either the Kconfig options or the userspace tools. This patch set allows the customer to define a policy which requires kexec'ed kernels to be signed. Mimi Zohar (3): ima: based on the "secure_boot" policy limit syscalls kexec: call LSM hook for kexec_load syscall ima: based on policy require signed kexec kernel images include/linux/security.h | 6 ++++++ kernel/kexec.c | 11 +++++++++++ security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_main.c | 9 +++++++++ security/integrity/ima/ima_policy.c | 27 ++++++++++++++++++++------- security/security.c | 6 ++++++ 6 files changed, 53 insertions(+), 7 deletions(-) -- 2.7.5