Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp1349709ybx;
        Thu, 7 Nov 2019 10:44:47 -0800 (PST)
X-Google-Smtp-Source: APXvYqz8HDT/5V5eEiOdI5cgCEhEvJb5KnBCxZQrMVFVZVbaWsJgENgE38JVE4qMGdKXr+Q172sC
X-Received: by 2002:a17:906:6403:: with SMTP id d3mr4595015ejm.258.1573152287089;
        Thu, 07 Nov 2019 10:44:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573152287; cv=none;
        d=google.com; s=arc-20160816;
        b=094Wten3AIdRXKpFVVyFcrVD8S7yz/ILPgY8sU3ahxq2k6V8pm9SguFbOB/ZlRPppc
         2MApVX8qYAHtQk3pWgex3C7WMk0kgqhE4+U8P2CYgjbeekcKtRw85mrpAGo9onhhDx06
         mEa7SRny+4qs/7ZMXie5wvo66mjFVPe9gtKJOl12GUmRdn3dNJoKXOomWOD62r6dsp8o
         XWpChGP7Aiu0cbgCQ2GYqljFS74M8gAdyluWgtrXLyXXjUf7IZR6bku/muh8QBWRawfh
         EWSyS+6SauWr2VwJ6fegMEkgwwf02Y2Ck1dMZpZWR3E3fr/qSd3INX3YoYfh4q2yAOfc
         BBkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:to:subject:dkim-signature:dkim-filter;
        bh=IIgQX9NCafdzdKDo68gnRTo2ABhXlMLZcXZGDGbYSCo=;
        b=Vwafs5QP+SVaeXbkXZRDbo+hE4TnZca0ktdJ25QHQC1redUWod95tcoxIfviWyPKs0
         0Dg7R5LmntSc1Iwpas3FJ8FSyuk+6qG2xT/fL8vY2Xi7ejTWxfNR5wLgbqZQhENmDyo6
         DySzPQBNm53kImVLTf22JoD7gDYMD7ZsAkfo8aNEMoQM4Bf7t2qu6rMZZk7rm/KtlxjJ
         neeiNQy/QSVZXV1o3fVxnStJGh2dNLWafxJK+VX9XMQ8jp+GzbG2+NjIcOjtyuh81orZ
         jMi1wP93pMkzZEt8WrYvBtPcpXAFNCW66kZcYkhqQf8RCI8VBq3wWVJFPb91nVMGK6D7
         RHYw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=kyb8YsJH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id hh19si1874582ejb.209.2019.11.07.10.44.22;
        Thu, 07 Nov 2019 10:44:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=kyb8YsJH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726960AbfKGSmh (ORCPT <rfc822;chenc2371@gmail.com> + 99 others);
        Thu, 7 Nov 2019 13:42:37 -0500
Received: from linux.microsoft.com ([13.77.154.182]:54996 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725883AbfKGSmh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Nov 2019 13:42:37 -0500
Received: from [10.137.112.111] (unknown [131.107.147.111])
        by linux.microsoft.com (Postfix) with ESMTPSA id 0142220B7192;
        Thu,  7 Nov 2019 10:42:35 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0142220B7192
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1573152156;
        bh=IIgQX9NCafdzdKDo68gnRTo2ABhXlMLZcXZGDGbYSCo=;
        h=Subject:To:References:From:Date:In-Reply-To:From;
        b=kyb8YsJHumSyLq3rC7RM6o3mGIu3AVQWDCrlcnyVYtfYPHWkv+eJuLBSFC405C9T3
         7Jk3GCscYZavGCi1Rjs4+R1pLaWhEcUk3LhLrP4fO6jBQylW6mXz4hpORlSCvHVGQw
         RuyPFSx2n2sxVy4qNUTvAnCh4hvVxn6CLoWPg/wI=
Subject: Re: [PATCH v4 01/10] IMA: Defined an IMA hook to measure keys on key
 create or update
To:     Mimi Zohar <zohar@linux.ibm.com>, dhowells@redhat.com,
        matthewgarrett@google.com, sashal@kernel.org,
        jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        linux-kernel@vger.kernel.org
References: <20191106190116.2578-1-nramas@linux.microsoft.com>
 <20191106190116.2578-2-nramas@linux.microsoft.com>
 <1573080189.5028.313.camel@linux.ibm.com>
 <c838a233-28fb-cad2-4694-18366c2643a4@linux.microsoft.com>
 <1573098037.5028.325.camel@linux.ibm.com>
From:   Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Message-ID: <7ce84aa0-729e-c58e-f16a-25490b4e336d@linux.microsoft.com>
Date:   Thu, 7 Nov 2019 10:42:55 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <1573098037.5028.325.camel@linux.ibm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/6/2019 7:40 PM, Mimi Zohar wrote:

>>> I would move the patch that defines the "keyring=" policy option prior
>>> to this one.  Include the call to process_buffer_measurement() in this
>>> patch.  A subsequent patch would add support to defer measuring the
>>> key, by calling a function named something like
>>> ima_queue_key_measurement().
>>>
>>> Mimi
>>
>> As I'd stated in the other response, I wanted to isolate all key related
>> code in a separate C file and build it if and only if all CONFIG
>> dependencies are met.
> 
> The basic measuring of keys shouldn't be any different than any other
> policy rule, other than it is a key and not a file.  This is the
> reason that I keep saying start out with the basics and then add
> support to defer measuring keys on the trusted keyrings.

I'll make the changes, rearrange the patches and send an updated set.

I do have a few questions since I am still not fully understanding the 
requirements you are targeting. Appreciate if you could please clarify.

As you already know, I am using the "public key" of the given asymmetric 
key as the "buffer" to measure in process_buffer_measurement().

The measurement decision is not based on whether the keyring is a 
trusted one or an untrusted one. As long as the IMA policy allows 
(through the "keyrings=" option) the key will be measured.

Do you want only trusted keyrings to be allowed in the measurement?
In my opinion, that decision should be deferred to whoever is setting up 
the IMA policy.

> Only the queueing code needed for measuring keys on the trusted
> keyrings would be in a separate file.
> 
> Mimi

The decision to process key immediately or defer (queue) is based on 
whether IMA has been initialized or not. Keyring is not used for this 
decision.

Could you please clarify how queuing is related to keyring's 
trustworthiness?

The check for whether the key is an asymmetric one or not, and 
extracting the "public key" if it is an asymmetric key needs to be in a 
separate file to handle the CONFIG dependencies in IMA.

thanks,
  -lakshmi