Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp9813ima; Thu, 31 Jan 2019 11:30:54 -0800 (PST) X-Google-Smtp-Source: ALg8bN4KJER2eWCyHBPx4MFBKb1Yf73FrwfDg7Chv0KH8Y2BQbpD+zzhXWkl2mKFkP9iXHYzLYPt X-Received: by 2002:a62:8096:: with SMTP id j144mr36597489pfd.140.1548963054766; Thu, 31 Jan 2019 11:30:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548963054; cv=none; d=google.com; s=arc-20160816; b=p6tihoRmWjg6KsUewop/9sUzXJC71A5N928HoddnwtJpuMbNGCkjOiezD9iUbpT4Dm zza2Texyc1n9uUTHmLRrAb36kNh3U+oj8LsbIfi9YqAjd2MsvdmDSelbY+X4yjDDIi1v oBUrSTVodGdckHwlU8unCMcFAQt6cDBMUpKKIL3PwT+EaEHV8J2Wg6jfuc58pFlC+Qpl Z2tL7wEHa4N/FsUdz3i4sJUI7bect/Dh1wLjMuenGznA6c+gRruiIGu3JoSJ0NyIJirW fRyEYAYMY4R+XUOeWmvZvJC0lHK1P9rnhAsMD9n/1AJoqD2Z7iy2oEi8fM8Jsxy+j4Sm McBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=DVUPdCuDbCj/wUq8bIbXOPrA/XEamopt1pED42P/Tjg=; b=ZEcpGYsZA48QWjhya/h/eAKhQ7K25EH1Sx4Hre0wKdqt/zofM85BMNIwkoj8c8TbGd 2VLrwCX9EEkNhLcdOuaBSt9/5J+0scfuF3jqVIwDaV48z6y5JZ1nQkdfeOYqvDYisGs0 l9xOlU6hfTPxjDRWA3CC3MgyFgx/HuN0V+b3ezyq1bvCXyLqYPT+Sum/r3A7fE2FaNzF F4QQbJ7LughR79G6v8S55W2VJHABrHeoykGqgy6wz7jZj8jTEN6+Hvil4mv+dNIyQj2k 6G62ygc32CI1uYk5Xr56E0NMGy+F9c4/ha7OGlVzlZNdLoiVKXSDNgKtTHE/JrlKR7My /UhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v25si5219144pfj.139.2019.01.31.11.30.39; Thu, 31 Jan 2019 11:30:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728563AbfAaTTy (ORCPT + 99 others); Thu, 31 Jan 2019 14:19:54 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:51778 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728537AbfAaTTu (ORCPT ); Thu, 31 Jan 2019 14:19:50 -0500 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0VJEJKt070205 for ; Thu, 31 Jan 2019 14:19:49 -0500 Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97]) by mx0a-001b2d01.pphosted.com with ESMTP id 2qc5urm8yt-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 31 Jan 2019 14:19:49 -0500 Received: from localhost by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 31 Jan 2019 19:19:46 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 31 Jan 2019 19:19:42 -0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x0VJJfXG3146136 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 31 Jan 2019 19:19:41 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 413E642041; Thu, 31 Jan 2019 19:19:41 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B07B44203F; Thu, 31 Jan 2019 19:19:39 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.107.203]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 31 Jan 2019 19:19:39 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Jessica Yu , Luis Chamberlain , David Howells , Seth Forshee , Justin Forbes , Matthew Garrett , Mimi Zohar Subject: [PATCH] ima: requiring signed kernel modules Date: Thu, 31 Jan 2019 14:18:58 -0500 X-Mailer: git-send-email 2.7.5 X-TM-AS-GCONF: 00 x-cbid: 19013119-4275-0000-0000-0000030881C5 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19013119-4276-0000-0000-000038168C80 Message-Id: <1548962339-10681-1-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-31_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=753 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901310143 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The kernel can be configured to verify the appended kernel module signature, the IMA signature stored as an xattr, both types of signatures, or none. On systems with secure boot enabled AND the IMA architecture specific policy enabled, this patch set requires the file to be signed. Both methods of loading kernel modules - init_module and finit_module syscalls - need to either verify the kernel module signature or prevent the kernel module from being loaded. "modprobe" first tries loading the kernel module via the finit_module syscall and falls back to the init_module syscall, making it difficult to test one syscall and then the other. Mimi Zohar (1): x86/ima: require signed kernel modules arch/x86/kernel/ima_arch.c | 9 ++++++++- include/linux/module.h | 7 ++++++- kernel/module.c | 15 +++++++++++---- security/integrity/ima/ima_main.c | 2 +- 4 files changed, 26 insertions(+), 7 deletions(-) -- 2.7.5