Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp4131554ybg; Fri, 25 Oct 2019 13:50:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqweetLN276NxU9O6Rm0aNWboJVo0blv9syfA55GfGrut10ZTTGt0gAVsYF7E7Mcp1DhfRVY X-Received: by 2002:a17:906:1942:: with SMTP id b2mr5440778eje.36.1572036608054; Fri, 25 Oct 2019 13:50:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572036608; cv=none; d=google.com; s=arc-20160816; b=zr8oV1hdpkdhzJ8K6q2jK1yQ5ZEmmVSTq4/K9CEg0zrMo4JrNl22fxVHZ1tb+GAGLk +6h9ga+kbiuICzASeLWQS+lR8fFxagZAzXNOcTuA/VgBc54rM5CmxirFuWX8WNkHY5kJ 8t3fxAiokImDuQnzEp82sMa09N/ShlqFZYePkfyl3b0q86cOOXWbCZuHgbdOZizCMsw1 mIM2HBCrtMv1fe2FgjYZgOcRKQqjKehod1acRr+1knomRyEyTxj7ax/KQ8Ngi8KQeTuI wPKVSrDF4Tkb1IxpDpNgqzuzjYP3kprB3DNiz+ybaUWoQT2JEXnYWclXgdHy+zVBvs2W YQ+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=TkHjlXg9hYSHoYzUJciJVERYm9pYPrv0vDtfuZJCZA8=; b=BYOMjm/oTNqfGgACzX+QZ9EE2RtHpCpqRDhvhjRlDM86E9BKe/ps4rR19ixtvyYfe+ vGJawl95j4sXhfpxnIbmjyjcSLPFjMkfa2/IMmFXqa9Z7aRXgNQOSgN3FFfMohVyb4QK JaBJaVOSzv1+KixQS8iszZZYoe0VrNi0KNbk4kipK2mQXawRRm7Z172FUNf5gmSSsEze F20MXhHkOVS5YGjNcJUXCWPmtbq0EtPYC7msnaZ8+efjNRMOsGLO70EZxcP5h+pJiXUz zsuJh2b4kkoq2bOyx2T7xlPH2eNK/UzoZYLK1MrhTXmibi5W/E4wVeIOn8Jx0axuDVmY vZLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o8si2537876edi.34.2019.10.25.13.49.44; Fri, 25 Oct 2019 13:50:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2505917AbfJYRjz (ORCPT + 99 others); Fri, 25 Oct 2019 13:39:55 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:39472 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1731004AbfJYRjz (ORCPT ); Fri, 25 Oct 2019 13:39:55 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x9PHam1e121755 for ; Fri, 25 Oct 2019 13:39:54 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2vv5fw89pq-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Oct 2019 13:39:53 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 25 Oct 2019 18:39:51 +0100 Received: from b06avi18878370.portsmouth.uk.ibm.com (9.149.26.194) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 25 Oct 2019 18:39:46 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x9PHdj5W21102994 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 25 Oct 2019 17:39:45 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9B407AE045; Fri, 25 Oct 2019 17:39:45 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D8A1AAE053; Fri, 25 Oct 2019 17:39:43 +0000 (GMT) Received: from dhcp-9-31-103-196.watson.ibm.com (unknown [9.31.103.196]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 25 Oct 2019 17:39:43 +0000 (GMT) Subject: Re: [PATCH V4 0/2] Add support for arm64 to carry ima measurement From: Mimi Zohar To: James Morse Cc: prsriva , Thiago Jung Bauermann , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, mark.rutland@arm.com, jean-philippe@linaro.org, arnd@arndb.de, takahiro.akashi@linaro.org, sboyd@kernel.org, catalin.marinas@arm.com, yamada.masahiro@socionext.com, duwe@lst.de, tglx@linutronix.de, allison@lohutok.net, ard.biesheuvel@linaro.org Date: Fri, 25 Oct 2019 13:39:43 -0400 In-Reply-To: <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> References: <20191011003600.22090-1-prsriva@linux.microsoft.com> <87d92514-e5e4-a79f-467f-f24a4ed279b6@arm.com> <0053eb68-0905-4679-c97a-00c5cb6f1abb@arm.com> <1571190256.5250.200.camel@linux.ibm.com> <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19102517-0020-0000-0000-0000037EA105 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19102517-0021-0000-0000-000021D4EF22 Message-Id: <1572025183.4532.34.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-10-25_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910250161 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2019-10-25 at 18:07 +0100, James Morse wrote: > Hi Mimi, > > On 16/10/2019 02:44, Mimi Zohar wrote: > > On Tue, 2019-10-15 at 18:39 +0100, James Morse wrote: > >> If SecureBoot isn't relevant, I'm confused as to why kexec_file_load() is. > >> > >> I thought kexec_file_load() only existed because SecureBoot systems need to validate the > >> new OS images's signature before loading it, and we can't trust user-space calling Kexec > >> to do this. > >> > >> If there is no secure boot, why does this thing only work with kexec_file_load()? > >> (good news! With the UEFI memreseve table, it should work transparently with regular kexec > >> too) > > > I'm so sorry for the confusion.  IMA was originally limited to > > extending trusted boot concepts to the OS.  As of Linux 3.10, IMA > > added support for extending secure boot concepts and auditing file > > hashes (commit e7c568e0fd0cf). > > > > True, kexec_file_load is required for verifying the kexec kernel > > image, but it is also required for measuring the kexec kernel image as > > well. > > > > After reading the kernel image into memory (kernel_read_file_from_fd), > > the hash is calculated and then added to the IMA measurement list and > > used to extend the TPM.  All of this is based on the IMA policy, > > including the TPM PCR. > > Don't we get a set of segments with the regular kexec syscall? These could equally be > hashed and measured, and logged via IMA and/or extending the TPMs measurements. IMA works at the file level.  I'm not sure what it would mean to measure "segments". Originally, kexec_file_load read the KEXEC kernel image twice, once to calculate the file hash, and again to verify the signature.  Now kexec_file_load calls kernel_read_file_from_fd, which reads the file into memory, before IMA calculates the file buffer hash. > > (obviously this would include the command-line and maybe purgatory, which makes it less > predictable, but these are still the binary blobs that were given privileged access to the > system). > > > >>> I am not sure if i addressed all your concerns, please let me know > >>> if i missed anything. To me most concerns look to be towards the kexec case and dependency > >>> on hardware(ACPI/TPM) during boot and early boot services, where as carrying the logs is > >>> only during the kexec_file_load sys call and does not interfere with that code path. > >>> IMA documentation: https://sourceforge.net/p/linux-ima/wiki/Home/ > >> > >> Supporting ACPI in the same way is something we need to do from day one. kexec_file_load() > >> already does this. I'm not sure "only kexec_file_load()" is a justifiable restriction... > > > The TPM PCRs are not reset on a soft reboot.  As a result, in order to > > validate the IMA measurement list against the TPM PCRs, the IMA > > measurement list is saved on kexec load, restored on boot, and then > > the memory allocated for carrying the measurement list across kexec is > > freed. > > Hmm, this is why the reserved memory gets freed. Yes > > What happens to stuff that happens between kexec-load and boot? > There is a comment: > | /* segment size can't change between kexec load and execute */ Right, the original version addressed this, but was nixed by Eric, saying it was unnecessary.  The current version allocates more memory than needed to hopefully compensate.  > > But I can't see anywhere that enforces that. I guess those measurements will go missing, > and the TPM value will not match after kexec. No, the kexec load will succeed, but if there isn't enough memory to store the measurement list, the exec should fail. Mimi