Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp200654imm;
        Thu, 10 May 2018 18:39:02 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZo0rJ1UcIHngWsEyUxKeeTK8hf47GHDQW1tSY1SOncDcdIF6laO/Ec2r8d+XW4ne5Pkd9mi
X-Received: by 2002:a17:902:b702:: with SMTP id d2-v6mr3469944pls.228.1526002742245;
        Thu, 10 May 2018 18:39:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526002742; cv=none;
        d=google.com; s=arc-20160816;
        b=DEvFhOkQmrRJsU0ZYScNWiSL1/wJfouh9wnTUY4YDGpOMLkFLLO5zASIZe7SbZHcFs
         XBAzIBDbqT7+gWEdAd+J0QlU14i1nV751MYdu9cALlQCz0eVR6zfWS9CWddKpcrFnalW
         pwzjzSJ03a0nZgChdlskImGmYJ2tNo3c6BI4Wx0gR/+kBMutD7dY1Yss79TTdxLFAhC6
         BaMIXIOfYa3V6618PorfGdc7lZkuL3BenUX+qG273HgtPRtqrUD7ClGmeAmfgG5zO0Jv
         uQ71U3G4Kn6J8aatBN5dcP56uJLwq300K40shTypXx2EeI5kkoCD0DYNHlhzq1MlKxnz
         sxMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=Z+v33TmZqNhek2OYKOaAksj3CWROtyp5LGIL/cKe9z4=;
        b=VQCGbEwVEmuuNNEbwdu1xsVpDnc82nlktcR1MA/fEBJfDc/q3P2VDZnGdlN6Q3U5Qi
         r0cgjqDyeEfExG2W6zF1u4MiZ9ziZiUg3XfAjDsJXRYic+VPP3gSC6MOba9/5yOolxeO
         YmpAVLMYOVDGUHr1KEgvzjzElwzU1cskb08tYQbx/RyP6/Fd68kq9PN/gSx9D1dV7PvZ
         OMe34HlI13ftsryU25N51jqfpK2x1DSD4GWWQY6w17rscPSA8VuMEy4+NF50R6EJZYBn
         2Dzjbgeu7imU8buBA8lwF2NQ1LOrZZKPq1rFtCPilLuZvFFlzaAPt71WdcTaaVsVf9pH
         LBxA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r8-v6si2035990pli.119.2018.05.10.18.38.48;
        Thu, 10 May 2018 18:39:02 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751992AbeEKBhD (ORCPT <rfc822;zxj546700287@gmail.com>
        + 99 others); Thu, 10 May 2018 21:37:03 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:60200 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1750890AbeEKBhB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 May 2018 21:37:01 -0400
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4B1Ympj134886
        for <linux-kernel@vger.kernel.org>; Thu, 10 May 2018 21:37:01 -0400
Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2hw17j8u50-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 10 May 2018 21:37:01 -0400
Received: from localhost
        by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.vnet.ibm.com>;
        Fri, 11 May 2018 02:36:59 +0100
Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196)
        by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Fri, 11 May 2018 02:36:55 +0100
Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61])
        by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4B1askO3146220;
        Fri, 11 May 2018 01:36:54 GMT
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 103B411C04C;
        Fri, 11 May 2018 02:28:18 +0100 (BST)
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 0EDA511C04A;
        Fri, 11 May 2018 02:28:17 +0100 (BST)
Received: from localhost.ibm.com (unknown [9.80.104.201])
        by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Fri, 11 May 2018 02:28:16 +0100 (BST)
From:   Mimi Zohar <zohar@linux.vnet.ibm.com>
To:     linux-integrity@vger.kernel.org
Cc:     Eric Biederman <ebiederm@xmission.com>,
        David Howells <dhowells@redhat.com>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        linux-security-module@vger.kernel.org, kexec@lists.infradead.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH 0/3] kexec: limit kexec_load syscall 
Date:   Thu, 10 May 2018 21:36:45 -0400
X-Mailer: git-send-email 2.7.5
X-TM-AS-GCONF: 00
x-cbid: 18051101-0040-0000-0000-000004585060
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18051101-0041-0000-0000-000020FC62B7
Message-Id: <1526002608-27474-1-git-send-email-zohar@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-11_01:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1805110009
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

IMA-appraisal is mostly being used in the embedded or single purpose
closed system environments.  In these environments, both the Kconfig
options and the userspace tools can be modified appropriately to limit
syscalls.  For stock kernels, userspace applications need to continue to
work with older kernels as well as with newer kernels.

In this environment, the customer needs the ability to define a system
wide IMA runtime policy, such as requiring all kexec'ed images (or
firmware) to be signed, without being dependent on either the Kconfig
options or the userspace tools.

This patch set allows the customer to define a policy which requires
kexec'ed kernels to be signed.

Mimi Zohar (3):
  ima: based on the "secure_boot" policy limit syscalls
  kexec: call LSM hook for kexec_load syscall
  ima: based on policy require signed kexec kernel images

 include/linux/security.h            |  6 ++++++
 kernel/kexec.c                      | 11 +++++++++++
 security/integrity/ima/ima.h        |  1 +
 security/integrity/ima/ima_main.c   |  9 +++++++++
 security/integrity/ima/ima_policy.c | 27 ++++++++++++++++++++-------
 security/security.c                 |  6 ++++++
 6 files changed, 53 insertions(+), 7 deletions(-)

-- 
2.7.5