Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp16487imu; Thu, 6 Dec 2018 15:10:28 -0800 (PST) X-Google-Smtp-Source: AFSGD/W1dZs5Yqv4SisqzKPJmFqVTOINzFPk+/35vqElo/rMw9bvXdiJuchgjT6LZ9o/bLKT12J3 X-Received: by 2002:a62:1e45:: with SMTP id e66mr30148601pfe.152.1544137828203; Thu, 06 Dec 2018 15:10:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544137828; cv=none; d=google.com; s=arc-20160816; b=m3KxeH9C8hJaQ3dz8Z56zgCPm8V+gq3DB7A4NNN00g0wzf9YZAaUxU/8GYhxT0M9tc JuZK8xeGn3kzgRGJ4GFhaWxOgVcndNiN+t1BWLlqCWtc2QpPgpt7hOTQZOtedBPThA/v j0NNkCNgA7+x0yXvRtvd5WervxiovmJC89HLdwWDQqEOuFgnobJkEmYf0zCjts/gYa4K JAJiQ/6WnIuVB2ugbkb2wpvwacpFTLoC29kCeAG/xsZVhPqLycE0vTOUbQfAZfRFZlCy Dzcbu8RX01G6IfJR7Rh2y7UfrcctRK3//Y0/lIzG2D9d83qBP8+c8y77xpAFKFz38/Qy uRKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=w4tigFEokMQmVKpoUJcCcnDjnACEJ761k1VxDW9c6w0=; b=jtj+37YzhkkMry75H08LgpKbY+EUvdIY0YCkGK2iXLs4aNAJNSjTk9tc9HxDZrUHC1 4IJ+iSe6eQN6ecMA4T5vJXtDVIWX3oCahUVNXWCFr5OhmmCeXGsgPlk0NecdBmeFtAve Wdx3HY4JG5SmNDJCWhX3IW2mTS5k1bW1mwFtfCGbCBQeBTTTruMISIeLMoYUWriN/JZX sUEeuxsWxEHC24c+escQ9jWcy8SqTxmgjv0cAMjG6oOa3v1cOnFQc5MpERjaR3tcqNy1 QkwN/VnMAkB5MOWgm5sXkDHrXMVQQ2pim7wxBB6Z9BVdgOdFveMwUX/qWHpxW8/NgcVB 0xTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o3si1228913pgm.441.2018.12.06.15.10.12; Thu, 06 Dec 2018 15:10:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726265AbeLFXJV (ORCPT + 99 others); Thu, 6 Dec 2018 18:09:21 -0500 Received: from mail.hallyn.com ([178.63.66.53]:54170 "EHLO mail.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726166AbeLFXJT (ORCPT ); Thu, 6 Dec 2018 18:09:19 -0500 Received: by mail.hallyn.com (Postfix, from userid 1001) id 450B28B8; Thu, 6 Dec 2018 17:09:16 -0600 (CST) Date: Thu, 6 Dec 2018 17:09:16 -0600 From: "Serge E. Hallyn" To: Nayna Jain Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, dhowells@redhat.com, jforbes@redhat.com, seth.forshee@canonical.com, kexec@lists.infradead.org, keyrings@vger.kernel.org, vgoyal@redhat.com, ebiederm@xmission.com, mpe@ellerman.id.au Subject: Re: [PATCH 7/7] ima: Support platform keyring for kernel appraisal Message-ID: <20181206230916.GA10203@mail.hallyn.com> References: <20181125151500.8298-1-nayna@linux.ibm.com> <20181125151500.8298-8-nayna@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181125151500.8298-8-nayna@linux.ibm.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Nov 25, 2018 at 08:45:00PM +0530, Nayna Jain wrote: > On secure boot enabled systems, the bootloader verifies the kernel > image and possibly the initramfs signatures based on a set of keys. A > soft reboot(kexec) of the system, with the same kernel image and > initramfs, requires access to the original keys to verify the > signatures. > > This patch allows IMA-appraisal access to those original keys, now > loaded on the platform keyring, needed for verifying the kernel image > and initramfs signatures. > > Signed-off-by: Nayna Jain > Reviewed-by: Mimi Zohar The overall set seems sensible to me, and I see no errors here, Acked-by: Serge Hallyn I do think that replacing the 'rc' with xattr_len in the previous line might help future readers save a few cycles. > --- > security/integrity/ima/ima_appraise.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c > index deec1804a00a..9c13585e7d3e 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -294,7 +294,16 @@ int ima_appraise_measurement(enum ima_hooks func, > iint->ima_hash->length); > if (rc == -EOPNOTSUPP) { > status = INTEGRITY_UNKNOWN; > - } else if (rc) { > + break; > + } > + if (rc && func == KEXEC_KERNEL_CHECK) > + rc = integrity_digsig_verify( > + INTEGRITY_KEYRING_PLATFORM, > + (const char *)xattr_value, > + xattr_len, > + iint->ima_hash->digest, > + iint->ima_hash->length); > + if (rc) { > cause = "invalid-signature"; > status = INTEGRITY_FAIL; > } else { > -- > 2.13.6 >