Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2022743imu; Sat, 8 Dec 2018 12:32:48 -0800 (PST) X-Google-Smtp-Source: AFSGD/XaOC/kUGK7gMnMfheWDu4ZUO+jVn7VSoVVt9RHYb0KsBPcKZKW9OJBKKv20iarSswAaEJg X-Received: by 2002:a17:902:ba89:: with SMTP id k9mr6879708pls.189.1544301168178; Sat, 08 Dec 2018 12:32:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544301168; cv=none; d=google.com; s=arc-20160816; b=VbNIC1apoIOuhC18P2l4tPmxRChgNLhwSA/gYf4dqvj4H/TKgou078QQ9KTGBy2puD xDssktqX7slhoOaqAwxzg4OO0p0j6YaA7DIFEcflg7bo6kOfjS7NBeKU4VvLU6fhaioY GnJ/LYqOFefrE/4RtzKKzK4jodfxF+BjeqI/janIYgFDUq2sYtAUekXKG6+HhcdP0WG/ m9rx/1BJsd5cxwUBRdJkfTm6nr0aKwEdAykiBo48c5wXLnHauuTHmXPlHZ02S1r4Zv9V 3UjXnHywipK9o+3gvigNu0A3AnshhwVZwbSenkF50xE/q/IgF/eJ/gg9jRZ6u0Qkgxwn 9Sbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from; bh=TEg5smtfB+HlP+SXe+1V0cK9q9y0eI4ZBQ71ily+Iu0=; b=Nr9WWolMzvufDh6o4RHkZ2Dp+0hZyzf1mJQhdc94EElSdAVSbW7ae1wTTpTzPvgSz8 hblKccHYvq+HH48p586CbN11BjWM9OFUf3NzBba+scgp6PgGEo7zkEarnjJDlePebG3R RuzOKylu27X5JS0AwhJCWcg/CPTZeuFtvKpVpPxqvv6R4u08VfR+yY8fg3FOpn0DYKqh EDJheLZzmuOJY1vl43wR8mABLGOwWaygNjSi8/UHO/CzcNji06KgO+XD55+8QLmCObAB jultKYG3pNpMtv/7fsg9cLWg/0Yo+4XshZTKEj8YJdabLAytci3+3A5n90rh255gsLbV L1gg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3si5937754pgi.443.2018.12.08.12.32.33; Sat, 08 Dec 2018 12:32:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726382AbeLHUbW (ORCPT + 99 others); Sat, 8 Dec 2018 15:31:22 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:54632 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726372AbeLHUbV (ORCPT ); Sat, 8 Dec 2018 15:31:21 -0500 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wB8KT5fP130958 for ; Sat, 8 Dec 2018 15:31:20 -0500 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2p8m73s9ey-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sat, 08 Dec 2018 15:31:20 -0500 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sat, 8 Dec 2018 20:31:17 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Sat, 8 Dec 2018 20:31:14 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wB8KVDhE42139806 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sat, 8 Dec 2018 20:31:13 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C97794C04A; Sat, 8 Dec 2018 20:31:12 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 839014C044; Sat, 8 Dec 2018 20:31:09 +0000 (GMT) Received: from swastik.ibmuc.com (unknown [9.85.68.82]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Sat, 8 Dec 2018 20:31:09 +0000 (GMT) From: Nayna Jain To: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, dhowells@redhat.com, jforbes@redhat.com, seth.forshee@canonical.com, kexec@lists.infradead.org, keyrings@vger.kernel.org, vgoyal@redhat.com, ebiederm@xmission.com, mpe@ellerman.id.au, Nayna Jain Subject: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal Date: Sun, 9 Dec 2018 01:57:05 +0530 X-Mailer: git-send-email 2.13.6 In-Reply-To: <20181208202705.18673-1-nayna@linux.ibm.com> References: <20181208202705.18673-1-nayna@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18120820-0020-0000-0000-000002F46E43 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18120820-0021-0000-0000-00002144896C Message-Id: <20181208202705.18673-8-nayna@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-08_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812080192 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On secure boot enabled systems, the bootloader verifies the kernel image and possibly the initramfs signatures based on a set of keys. A soft reboot(kexec) of the system, with the same kernel image and initramfs, requires access to the original keys to verify the signatures. This patch allows IMA-appraisal access to those original keys, now loaded on the platform keyring, needed for verifying the kernel image and initramfs signatures. Signed-off-by: Nayna Jain Reviewed-by: Mimi Zohar Acked-by: Serge Hallyn - replace 'rc' with 'xattr_len' when calling integrity_digsig_verify() with INTEGRITY_KEYRING_IMA for readability Suggested-by: Serge Hallyn --- Changelog: v2: - replace 'rc' with 'xattr_len' when calling integrity_digsig_verify() with INTEGRITY_KEYRING_IMA for readability security/integrity/ima/ima_appraise.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index deec1804a00a..e8f520450895 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -289,12 +289,21 @@ int ima_appraise_measurement(enum ima_hooks func, case EVM_IMA_XATTR_DIGSIG: set_bit(IMA_DIGSIG, &iint->atomic_flags); rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, - (const char *)xattr_value, rc, + (const char *)xattr_value, + xattr_len, iint->ima_hash->digest, iint->ima_hash->length); if (rc == -EOPNOTSUPP) { status = INTEGRITY_UNKNOWN; - } else if (rc) { + break; + } + if (rc && func == KEXEC_KERNEL_CHECK) + rc = integrity_digsig_verify(INTEGRITY_KEYRING_PLATFORM, + (const char *)xattr_value, + xattr_len, + iint->ima_hash->digest, + iint->ima_hash->length); + if (rc) { cause = "invalid-signature"; status = INTEGRITY_FAIL; } else { -- 2.13.6