Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp8697497ybi;
        Thu, 6 Jun 2019 17:53:48 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzRUnN8HyqCM7POMublLsStaFwrJGcQ7o/FGQAnbvwMZ2iV5B9orteMXnOdAjNk0a+mwwVa
X-Received: by 2002:a63:fa16:: with SMTP id y22mr520726pgh.15.1559868828373;
        Thu, 06 Jun 2019 17:53:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559868828; cv=none;
        d=google.com; s=arc-20160816;
        b=Hvi+wVJKCMlIQQlayMQjwJ0TJIHpQe0XF18oT7Xnz5sZPVTi+JF5Z7SqWiJSXyOvBt
         ZGuVUAfGZmOO91OD8ywqSPjZWkHGp9r/LpAb3y4JSi8QDV5Uv1cYmx7fzWzSOgEjsmVe
         LxyHhzAiSfjPdenMviyaX8h8z4HMhZk8XJ1qSxLlXPeak0/GKwlisNfArlIv2LqhJw8J
         rukDVDUoGeOeXIIB3AOkWaeCXjCuyI3FjKH8UgwrWsScqIld4c3FRp7w40pMME/mnngp
         v+/XetSjoZ5F5KFaiwlyDMZN9lwtLtYGxF7y/cRK/6QcKoFX4GOCipI1G45nqBHplt3+
         5cIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=7baCNdLYbYtbBAPVnrR79aDif7IQ3JuxKMalrA0cRxA=;
        b=E9HU7Oyy3UNq9uYzO6TwRlJyUKFB9Elo344LRFK5qiXjNkPxUKpXw6yg016sctxnjN
         Mn5R3Mf3JdHZ7ef508X9GfYx2Bs5Rer/YKT63HerbH7ksf+1M7472dhdkYEhtqV/5cRn
         DgqPvg7Sm95g8PnzCgE/g8tdCTpSMHkxa5a+wY3uPtLXD89IU7sC/OF5dhBj3/P3G0ND
         Pib3U5tj8RUd7pwUA0df90+qg1UaAVUIa6eRntLNNUod7vwB0U8wIqc5+/gNI0jHFLHq
         hcE3vq0X1G+EUyUr6KK9GlLsN9Ppu/+ABdKU2WQTfY3/kyzyzkkt50oqmVoazv8cVd65
         eeEw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZbBcKB07;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e9si521409pgb.142.2019.06.06.17.53.31;
        Thu, 06 Jun 2019 17:53:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZbBcKB07;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728187AbfFGAX5 (ORCPT <rfc822;busarih159@gmail.com>
        + 99 others); Thu, 6 Jun 2019 20:23:57 -0400
Received: from mail-pl1-f194.google.com ([209.85.214.194]:40768 "EHLO
        mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728164AbfFGAX5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 6 Jun 2019 20:23:57 -0400
Received: by mail-pl1-f194.google.com with SMTP id a93so99615pla.7;
        Thu, 06 Jun 2019 17:23:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=7baCNdLYbYtbBAPVnrR79aDif7IQ3JuxKMalrA0cRxA=;
        b=ZbBcKB07wsg9y7AD+2DP8kQU5c3rUKUoc0Ed/BLK4KML4KtGql3UPPMpgRb4Wv/hAR
         syKZOuXPtLp3OZDEC1DaJou9faUFDUCzX+BvR4sumhJ0UM4C+Rdo6tKsf/Y/cgKuMKur
         iisQURKAMJC/qmrFsavP0/73UJnmk6NN7EiKJlt1U5n5Gr0kgrZNZTv/S1wtCUgwGu28
         NK57IpeCsxT2rZPD/91layNcGKX+HcTI+5+FxdutgowrZEAYHKhjv6JAUSY3MGfVcROW
         Qn6gPzQ29eywCCfFdjnmG0v90VxleYZk5AF9ZnNJ+CZiCYDeQ3g8SeNCIkGBdZbGBkvm
         m0Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=7baCNdLYbYtbBAPVnrR79aDif7IQ3JuxKMalrA0cRxA=;
        b=GmMyFl9K7/hEGScKrA5fRoWKPyER+Q8zXN6M0cPAgdPB/afGFnOKq6O+L1VDSNfLvF
         zywuH60405WinIh2D+2rBgTe9FfuWFEtrd3xFVSxFTK12CnrnrrdOIa374qjeV3TNMCY
         Uj1POIlaehGfGiYMTdIQzIX481nbS9geHB0dEe/WxQ3+HotWI2shQK/st45MuAlYB1PQ
         /FW4qmn1fChB4dDOOlvNxPRmvF6umOfFkocloyOxfwZKC2H8AIQlltmiytFdb9ctZqws
         h16gMQVRto4J3wLIoVqQ7YHJhFqyQh+zn8kDd5Lg7NYF+b7jjn+Z4KhwZbxlJEdoSFJr
         Cvdw==
X-Gm-Message-State: APjAAAV5/TFpStT13vKACW8D+z/QhsbflG/f8vo8M2dYQ7CIOXNq5yw0
        nb/IP+1uleLxYAghLsGnMqM9bsq+
X-Received: by 2002:a17:902:d701:: with SMTP id w1mr46986994ply.12.1559867036005;
        Thu, 06 Jun 2019 17:23:56 -0700 (PDT)
Received: from localhost.localdomain ([167.220.98.69])
        by smtp.gmail.com with ESMTPSA id o13sm324179pfh.23.2019.06.06.17.23.54
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 06 Jun 2019 17:23:55 -0700 (PDT)
From:   Prakhar Srivastava <prsriva02@gmail.com>
To:     linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     zohar@linux.ibm.com, roberto.sassu@huawei.com, vgoyal@redhat.com,
        Prakhar Srivastava <prsriva02@gmail.com>
Subject: [PATCH v7 0/3] add new ima hook ima_kexec_cmdline to measure kexec boot cmdline args
Date:   Thu,  6 Jun 2019 17:23:27 -0700
Message-Id: <20190607002330.2999-1-prsriva02@gmail.com>
X-Mailer: git-send-email 2.19.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The motive behind the patch series is to measure the boot cmdline args
used for soft reboot/kexec case.

For secure boot attestation, it is necessary to measure the kernel
command line and the kernel version. For cold boot, the boot loader
can be enhanced to measure these parameters.
(https://mjg59.dreamwidth.org/48897.html)
However, for attestation across soft reboot boundary, these values 
also need to be measured during kexec_file_load.

Currently for Kexec(kexec_file_load)/soft reboot scenario the boot cmdline
args for the next kernel are not measured. For 
normal case of boot/hardreboot the cmdline args are measured into the TPM.
The hash of boot command line is calculated and added to the current 
running kernel's measurement list.
On a soft reboot like kexec, no cmdline arguments measurement takes place.

To achive the above the patch series does the following
  -adds a new ima hook: ima_kexec_cmdline which measures the cmdline args
   into the ima log, behind a new ima policy entry KEXEC_CMDLINE.
  -since the cmldine args cannot be appraised, a new template field(buf) is
   added. The template field contains the buffer passed(cmldine args), which
   can be used to appraise/attest at a later stage.
  -call the ima_kexec_cmdline(...) hook from kexec_file_load call.

The ima logs need to be carried over to the next kernel, which will be followed
up by other patchsets for x86_64 and arm64.

The kexec cmdline hash can be verified using
sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements | 
  grep  kexec-cmdline | cut -d' ' -f 6 | xxd -r -p | sha256sum

Changelog:
V7:
  - rebased to next-queued-testing
  https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/log/?h=next-queued-testing

V6:
  -add a new ima hook and policy to measure the cmdline
    args(ima_kexec_cmdline)
  -add a new template field buf to contain the buffer measured.
  [suggested by Mimi Zohar]
   add new fields to ima_event_data to store/read buffer data.
  [suggested by Roberto]
  -call ima_kexec_cmdline from kexec_file_load path

v5:
  -add a new ima hook and policy to measure the cmdline
    args(ima_kexec_cmdline)
  -add a new template field buf to contain the buffer measured.
    [suggested by Mimi Zohar]
  -call ima_kexec_cmdline from kexec_file_load path

v4:
  - per feedback from LSM community, removed the LSM hook and renamed the
    IMA policy to KEXEC_CMDLINE

v3: (rebase changes to next-general)
  - Add policy checks for buffer[suggested by Mimi Zohar]
  - use the IMA_XATTR to add buffer
  - Add kexec_cmdline used for kexec file load
  - Add an LSM hook to allow usage by other LSM.[suggestd by Mimi Zohar]

v2:
  - Add policy checks for buffer[suggested by Mimi Zohar]
  - Add an LSM hook to allow usage by other LSM.[suggestd by Mimi Zohar]
  - use the IMA_XATTR to add buffer instead of sig template

v1:
  -Add kconfigs to control the ima_buffer_check
  -measure the cmdline args suffixed with the kernel file name
  -add the buffer to the template sig field.

Prakhar Srivastava (3):
  Add a new ima hook ima_kexec_cmdline to measure cmdline args
  add a new ima template field buf
  call ima_kexec_cmdline to measure the cmdline args

 Documentation/ABI/testing/ima_policy      |  1 +
 Documentation/security/IMA-templates.rst  |  2 +-
 include/linux/ima.h                       |  2 +
 kernel/kexec_file.c                       |  8 ++-
 security/integrity/ima/ima.h              |  3 +
 security/integrity/ima/ima_api.c          |  5 +-
 security/integrity/ima/ima_init.c         |  2 +-
 security/integrity/ima/ima_main.c         | 80 +++++++++++++++++++++++
 security/integrity/ima/ima_policy.c       |  9 +++
 security/integrity/ima/ima_template.c     |  2 +
 security/integrity/ima/ima_template_lib.c | 20 ++++++
 security/integrity/ima/ima_template_lib.h |  4 ++
 12 files changed, 131 insertions(+), 7 deletions(-)

-- 
2.17.1