Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp9813ima;
        Thu, 31 Jan 2019 11:30:54 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4KJER2eWCyHBPx4MFBKb1Yf73FrwfDg7Chv0KH8Y2BQbpD+zzhXWkl2mKFkP9iXHYzLYPt
X-Received: by 2002:a62:8096:: with SMTP id j144mr36597489pfd.140.1548963054766;
        Thu, 31 Jan 2019 11:30:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548963054; cv=none;
        d=google.com; s=arc-20160816;
        b=p6tihoRmWjg6KsUewop/9sUzXJC71A5N928HoddnwtJpuMbNGCkjOiezD9iUbpT4Dm
         zza2Texyc1n9uUTHmLRrAb36kNh3U+oj8LsbIfi9YqAjd2MsvdmDSelbY+X4yjDDIi1v
         oBUrSTVodGdckHwlU8unCMcFAQt6cDBMUpKKIL3PwT+EaEHV8J2Wg6jfuc58pFlC+Qpl
         Z2tL7wEHa4N/FsUdz3i4sJUI7bect/Dh1wLjMuenGznA6c+gRruiIGu3JoSJ0NyIJirW
         fRyEYAYMY4R+XUOeWmvZvJC0lHK1P9rnhAsMD9n/1AJoqD2Z7iy2oEi8fM8Jsxy+j4Sm
         McBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=DVUPdCuDbCj/wUq8bIbXOPrA/XEamopt1pED42P/Tjg=;
        b=ZEcpGYsZA48QWjhya/h/eAKhQ7K25EH1Sx4Hre0wKdqt/zofM85BMNIwkoj8c8TbGd
         2VLrwCX9EEkNhLcdOuaBSt9/5J+0scfuF3jqVIwDaV48z6y5JZ1nQkdfeOYqvDYisGs0
         l9xOlU6hfTPxjDRWA3CC3MgyFgx/HuN0V+b3ezyq1bvCXyLqYPT+Sum/r3A7fE2FaNzF
         F4QQbJ7LughR79G6v8S55W2VJHABrHeoykGqgy6wz7jZj8jTEN6+Hvil4mv+dNIyQj2k
         6G62ygc32CI1uYk5Xr56E0NMGy+F9c4/ha7OGlVzlZNdLoiVKXSDNgKtTHE/JrlKR7My
         /UhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v25si5219144pfj.139.2019.01.31.11.30.39;
        Thu, 31 Jan 2019 11:30:54 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728563AbfAaTTy (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Thu, 31 Jan 2019 14:19:54 -0500
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:51778 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728537AbfAaTTu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 31 Jan 2019 14:19:50 -0500
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0VJEJKt070205
        for <linux-kernel@vger.kernel.org>; Thu, 31 Jan 2019 14:19:49 -0500
Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2qc5urm8yt-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 31 Jan 2019 14:19:49 -0500
Received: from localhost
        by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.ibm.com>;
        Thu, 31 Jan 2019 19:19:46 -0000
Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196)
        by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Thu, 31 Jan 2019 19:19:42 -0000
Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60])
        by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x0VJJfXG3146136
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Thu, 31 Jan 2019 19:19:41 GMT
Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 413E642041;
        Thu, 31 Jan 2019 19:19:41 +0000 (GMT)
Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id B07B44203F;
        Thu, 31 Jan 2019 19:19:39 +0000 (GMT)
Received: from localhost.ibm.com (unknown [9.80.107.203])
        by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Thu, 31 Jan 2019 19:19:39 +0000 (GMT)
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     linux-integrity@vger.kernel.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, Jessica Yu <jeyu@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        David Howells <dhowells@redhat.com>,
        Seth Forshee <seth.forshee@canonical.com>,
        Justin Forbes <jforbes@redhat.com>,
        Matthew Garrett <mjg59@google.com>,
        Mimi Zohar <zohar@linux.ibm.com>
Subject: [PATCH] ima: requiring signed kernel modules 
Date:   Thu, 31 Jan 2019 14:18:58 -0500
X-Mailer: git-send-email 2.7.5
X-TM-AS-GCONF: 00
x-cbid: 19013119-4275-0000-0000-0000030881C5
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 19013119-4276-0000-0000-000038168C80
Message-Id: <1548962339-10681-1-git-send-email-zohar@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-31_10:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=753 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1810050000 definitions=main-1901310143
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The kernel can be configured to verify the appended kernel module
signature, the IMA signature stored as an xattr, both types of
signatures, or none.  On systems with secure boot enabled AND the IMA
architecture specific policy enabled, this patch set requires the file
to be signed.

Both methods of loading kernel modules - init_module and finit_module
syscalls - need to either verify the kernel module signature or prevent
the kernel module from being loaded.

"modprobe" first tries loading the kernel module via the finit_module
syscall and falls back to the init_module syscall, making it difficult
to test one syscall and then the other.

Mimi Zohar (1):
  x86/ima: require signed kernel modules

 arch/x86/kernel/ima_arch.c        |  9 ++++++++-
 include/linux/module.h            |  7 ++++++-
 kernel/module.c                   | 15 +++++++++++----
 security/integrity/ima/ima_main.c |  2 +-
 4 files changed, 26 insertions(+), 7 deletions(-)

-- 
2.7.5