Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3232807imu; Fri, 18 Jan 2019 07:04:19 -0800 (PST) X-Google-Smtp-Source: ALg8bN7WgCh9DAj2ZLCkmhHvwpAHEj+VEWiFhgLthL5fVzpg/uyO8soXuWOYwnymJXq41rr/FGCf X-Received: by 2002:a63:4f20:: with SMTP id d32mr10953606pgb.47.1547823858949; Fri, 18 Jan 2019 07:04:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547823858; cv=none; d=google.com; s=arc-20160816; b=i1R+uZb6lqM+c/qSys4p5t0rEFfhH/nCe6DYF2/+61qVNen3MVzw8duIEI7CO/hLjD R63bjynX6vs9CcXZN5v+Hee94/yl8VTOyZpTNoaPNnE7esB3IO9bJoKD61gyKFIlO5A7 qZORunWLNICUn+krQQ+zzRz3oLhQ4uGVZURBDPlSgI6moEHHS3XxE7Q00ly9hzFENfRT 8ztrffjkFLaWGBl5QzWrt9bCz2fTEQZ57A10w1IZ4cPbatj5gdceluTy1GIqgE/5RcD6 ZDGjFp1BPXBTrD+mPdzJ/PYN85CPg6E3F21qhKE3/pBd3aHyUEZg+p1ci5bAp3rHybSY cxhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=qpdAAlhA+pBh1vzs4xOSMuaE1OIhf/our8llKb6cg0g=; b=U8qVD5GjKk0e9aJv1tdvaFbqNqD8HbEjuIugJvd1m+jvk00A5hofp072ZhnZYEr2OH UmJP/1OmU3/5HJUGEXHLmygwCjeB2TEylIyUPZzznOPBz5Tz+4DONRpSFE8jV5GtaVXB RL0Hp/aOms0qyL+FdAYfTvMzR7pXfdj3cUBiyure2bemy/fkV0T+4T23jkvObsgZtyGl dULpSoTcfFFByjTw1M6cdQgl65LUo/s7Jwkrrj7mXQfy2jc+AjZrAq0Ubxg0jsBlmwr3 uavfmowEHMa2ZIxH0yR7YTJ3aaPKEnLYcb56IPjHP1CXLkcg8MEvdqs+tZ4egglXitAA /iCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h16si4790715pgj.203.2019.01.18.07.04.00; Fri, 18 Jan 2019 07:04:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727937AbfARPCF (ORCPT + 99 others); Fri, 18 Jan 2019 10:02:05 -0500 Received: from mail-it1-f193.google.com ([209.85.166.193]:54942 "EHLO mail-it1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727357AbfARPCF (ORCPT ); Fri, 18 Jan 2019 10:02:05 -0500 Received: by mail-it1-f193.google.com with SMTP id i145so7060408ita.4 for ; Fri, 18 Jan 2019 07:02:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qpdAAlhA+pBh1vzs4xOSMuaE1OIhf/our8llKb6cg0g=; b=JpAmi59MoOu4F4myy6c1BkrwbXS3OW2ZhdZODs7Nsc8u334C7OjF2yc7MTIwcLEJhf Lj5PrrGQRY18FQ79usU4IbI/ViI33b3BJo7Lrq1P2pIUSHf0mDq0TIHs4swF+xQDF0Fu Kt0Ls5C444SdEJJOYcDGSudWbLs4Tph+7wHr/GfSZerDjNmc3AYB1r2srtWJGRf4OamZ H/CIi22upXTJ31ztTMHIXrkWnushSOe3g16Qss5WDuEMshK4dhnuVfVFxAIP/E3fHHlG MtCqC+t9hUJhbwT18F+Jlf6R1M4kCHaBrDpy8Pe7WmEroPwGysSCIsRO5oq1+uNq0CT+ AdBA== X-Gm-Message-State: AJcUukcD6pWjRulmGFi0lC00H/BH1UFcoLvsJiJuCaE/nLyZqb7BmelU 4GmyUUm3/BMdJEkGkQaJurQdXoq1W0HQkwEqrjxyCA== X-Received: by 2002:a02:93c2:: with SMTP id z60mr10224649jah.51.1547823724112; Fri, 18 Jan 2019 07:02:04 -0800 (PST) MIME-Version: 1.0 References: <20190118091733.29940-1-kasong@redhat.com> <20190118091733.29940-2-kasong@redhat.com> <3c7fa625-e77c-d6b4-35a4-8f8e9af60864@linux.vnet.ibm.com> In-Reply-To: <3c7fa625-e77c-d6b4-35a4-8f8e9af60864@linux.vnet.ibm.com> From: Kairui Song Date: Fri, 18 Jan 2019 23:01:52 +0800 Message-ID: Subject: Re: [PATCH v4 1/2] integrity, KEYS: add a reference to platform keyring To: Nayna Cc: jwboyer@fedoraproject.org, Eric Biggers , Dave Young , nayna@linux.ibm.com, kexec@lists.infradead.org, Linux Kernel Mailing List , Mimi Zohar , jmorris@namei.org, David Howells , keyrings@vger.kernel.org, linux-integrity , David Woodhouse , bauerman@linux.ibm.com, serge@hallyn.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 18, 2019 at 10:36 PM Nayna wrote: > On 01/18/2019 04:17 AM, Kairui Song wrote: > > commit 9dc92c45177a ('integrity: Define a trusted platform keyring') > > introduced a .platform keyring for storing preboot keys, used for > > verifying kernel images' signature. Currently only IMA-appraisal is able > > to use the keyring to verify kernel images that have their signature > > stored in xattr. > > > > This patch exposes the .platform keyring, making it accessible for > > verifying PE signed kernel images as well. > > > > Suggested-by: Mimi Zohar > > Signed-off-by: Kairui Song > > Reviewed-by: Mimi Zohar > > Tested-by: Mimi Zohar > > --- > > certs/system_keyring.c | 9 +++++++++ > > include/keys/system_keyring.h | 5 +++++ > > security/integrity/digsig.c | 6 ++++++ > > 3 files changed, 20 insertions(+) > > > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > > index 81728717523d..4690ef9cda8a 100644 > > --- a/certs/system_keyring.c > > +++ b/certs/system_keyring.c > > @@ -24,6 +24,9 @@ static struct key *builtin_trusted_keys; > > #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING > > static struct key *secondary_trusted_keys; > > #endif > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > > +static struct key *platform_trusted_keys; > > +#endif > > > > extern __initconst const u8 system_certificate_list[]; > > extern __initconst const unsigned long system_certificate_list_size; > > @@ -265,4 +268,10 @@ int verify_pkcs7_signature(const void *data, size_t len, > > } > > EXPORT_SYMBOL_GPL(verify_pkcs7_signature); > > > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > > +void __init set_platform_trusted_keys(struct key *keyring) { > > + platform_trusted_keys = keyring; > > +} > > +#endif > > + > > #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ > > diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h > > index 359c2f936004..9e1b7849b6aa 100644 > > --- a/include/keys/system_keyring.h > > +++ b/include/keys/system_keyring.h > > @@ -61,5 +61,10 @@ static inline struct key *get_ima_blacklist_keyring(void) > > } > > #endif /* CONFIG_IMA_BLACKLIST_KEYRING */ > > > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > > + > > +extern void __init set_platform_trusted_keys(struct key* keyring); > > + > > +#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */ > > > > #endif /* _KEYS_SYSTEM_KEYRING_H */ > > diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c > > index f45d6edecf99..bfabc2a8111d 100644 > > --- a/security/integrity/digsig.c > > +++ b/security/integrity/digsig.c > > @@ -89,6 +89,12 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm, > > keyring[id] = NULL; > > } > > > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > > + if (id == INTEGRITY_KEYRING_PLATFORM) { > > Shouldn't it also check that keyring[id] is not NULL ? Good catch, if it's NULL then platform_trusted_keyring will be set to NULL as well, which will work just fine as in this case platform_trusted_keyring is still considered not initialized. I'll add a sanity check here to check err value just in case. Thanks for your suggestion! > > Thanks & Regards, > - Nayna > > > + set_platform_trusted_keys(keyring[id]); > > + } > > +#endif > > + > > return err; > > } > > > > > _______________________________________________ > kexec mailing list > kexec@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/kexec -- Best Regards, Kairui Song