Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp2528056ybg; Fri, 5 Jun 2020 16:33:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4jQfH7E9PFMFWOOecDv8J8qDGDDfb17ba3RaAbQ0VQLEOMvueS8kEs0UbksCLGic+WAtd X-Received: by 2002:a17:906:9381:: with SMTP id l1mr11499699ejx.380.1591400026594; Fri, 05 Jun 2020 16:33:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591400026; cv=none; d=google.com; s=arc-20160816; b=UEWM75Sq66+UBgdSD7fY8PlSVs/64JHCg08SD6gEspwD2Uo7S+zUE3GBj6G59FTYAM Xd/PuTWwIzY903+mX9KbdkZOm2EJXtbbJ5Vqi3hB6A2KeejlwWPRiQB3jmJadvI0ewWh D5QEEdbu0UOF7A9OD7Ui2AbuywM0JM5Kt995xQSvelz88xZ/P5aiWBBjROMZy1n4VAwy Yad5+qjWABEIHi1WJeiFwh/bmQ1sNIO3Nf356FznVJ9QjRDd8d9B7B7fKbJyGVdcL9sd ZbNztJlUmTr9oj3F2dnM4XmfR0aEavaRlBEsBznnPDlBdTcp+XrLAAIAOKSsNCQBpHq1 iKgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=QT3TOfTZM7n8upLOBb9CoT35uLEYwP8QmqKQlYpotu8=; b=MnK9AAS3dJjW/MZ/LF8wKrwgNDXVJ7ksfofVPwkmLUMrmaqxg4nANpY4cDpVFK4AKd ZcVed2yxoaXbkjNY5uQmZ7oaMdWDSa1IuxK2IMgdjFkIZsCESj44Qg0igqeBNiiqsFoa 1NeAXA1QmnNqx6NfS+KzWffuZvxPtJujazDZ8k0r5jtC9yMjcIpc9HkqR07R7PZaiUJz zSJJ3dnKdyRb1YlM3OlnHXt+k15AVRgPHZsKC+id0SeD31tCICgVb+ySl6xfuXrHtFmf sHftAPhzjP1l8VeVY99UjYDzekzbWOsqVZHfypgqXUUk/pQFOuERyHNjd1BAFKR/Zxnw KAQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=aRVd9mVa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e20si4445698ejx.262.2020.06.05.16.33.22; Fri, 05 Jun 2020 16:33:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=aRVd9mVa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728441AbgFEXbV (ORCPT + 99 others); Fri, 5 Jun 2020 19:31:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728405AbgFEXbT (ORCPT ); Fri, 5 Jun 2020 19:31:19 -0400 Received: from mail-pf1-x441.google.com (mail-pf1-x441.google.com [IPv6:2607:f8b0:4864:20::441]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9527C08C5C3 for ; Fri, 5 Jun 2020 16:31:19 -0700 (PDT) Received: by mail-pf1-x441.google.com with SMTP id h185so5670307pfg.2 for ; Fri, 05 Jun 2020 16:31:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=QT3TOfTZM7n8upLOBb9CoT35uLEYwP8QmqKQlYpotu8=; b=aRVd9mVasyOpi3qj6L+9LPZYEZeqaeUcati7cYFOWdqTeHQHVCYu1Mg3TZAEJ+Cemq dfXKAo+Q6UNAFsH/2ZXA/hLBkWgSa0nz4wSjsYb/wFS0rixfFi3JJfcl8n4oR6+Ps1Qy U+/FztKv09P0+eWToCYdTvhCeWQASBbcJYwWw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=QT3TOfTZM7n8upLOBb9CoT35uLEYwP8QmqKQlYpotu8=; b=JI0lLwQyKt/TC+v3X1IYgDS39W5ZmU8p9ASmDwZYsQdoBYErpoQImVk3X6MMr5NQzf InAYMJOwuxhuOZxQ3WPhFmxGWCMxo8sJNPrNHjy6dw5W4Ektbz9AWmBQmp6uZRod3woB vTDaPqJKu5wZZTqZcLqxUiz1HHQLrqeO4ViZSjcoMkqqzCX8M/smEENULOxi6G44ZIH5 WjHAOiqzHK3GLtOZm5Mkgc3XnpdyLkmPVCZGyb/dQsYJmqFJnuLI24vQJbQ9kQesKsQk NDaqmwazEkrQCO4wZBNOL9ER72KCbqgNWLmjSCDe2kv3Ce7PDltWd6+6H3DIlm1uFsp+ UlbA== X-Gm-Message-State: AOAM530A2gJPgT5gARbKeWYhl9mgQiFAF7Gpyrfhyr0Ii+KtktvlglZB EZOOesyPv3GEJiV5J+ZNiS2I4g== X-Received: by 2002:a65:6715:: with SMTP id u21mr12073266pgf.365.1591399879036; Fri, 05 Jun 2020 16:31:19 -0700 (PDT) Received: from [10.136.13.65] ([192.19.228.250]) by smtp.gmail.com with ESMTPSA id 125sm588134pff.130.2020.06.05.16.31.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Jun 2020 16:31:17 -0700 (PDT) Subject: Re: [PATCH v6 8/8] ima: add FIRMWARE_PARTIAL_READ support To: Mimi Zohar , Luis Chamberlain , Greg Kroah-Hartman , David Brown , Alexander Viro , Shuah Khan , bjorn.andersson@linaro.org, Shuah Khan , Arnd Bergmann Cc: "Rafael J . Wysocki" , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-fsdevel@vger.kernel.org, BCM Kernel Feedback , Olof Johansson , Andrew Morton , Dan Carpenter , Colin Ian King , Kees Cook , Takashi Iwai , linux-kselftest@vger.kernel.org, Andy Gross , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org References: <20200605225959.12424-1-scott.branden@broadcom.com> <20200605225959.12424-9-scott.branden@broadcom.com> <1591399166.4615.37.camel@linux.ibm.com> From: Scott Branden Message-ID: <824407ae-8ab8-0fe3-bd72-270fce960ac5@broadcom.com> Date: Fri, 5 Jun 2020 16:31:14 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <1591399166.4615.37.camel@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mimi, On 2020-06-05 4:19 p.m., Mimi Zohar wrote: > Hi Scott, > > On Fri, 2020-06-05 at 15:59 -0700, Scott Branden wrote: >> @@ -648,6 +667,9 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, >> enum ima_hooks func; >> u32 secid; >> >> + if (!file && read_id == READING_FIRMWARE_PARTIAL_READ) >> + return 0; > The file should be measured on the pre security hook, not here on the > post security hook.  Here, whether "file" is defined or not, is > irrelevant.  The test should just check "read_id". OK, will remove the !file from here. > > Have you tested measuring the firmware by booting a system with > "ima_policy=tcb" specified on the boot command line and compared the > measurement entry in the IMA measurement list with the file hash (eg. > sha1sum, sha256sum)? Yes, I enabled IMA in my kernel and added ima_policy=tsb to the boot command line, Here are the entries from /sys/kernel/security/ima/ascii_runtime_measurements of the files I am accessing. Please let me know if I am doing anything incorrectly. 10 4612bce355b2dbc45ecd95e17001636be8832c7f ima-ng sha1:fddd9a28c2b15acf3b0fc9ec0cf187cb2153d7f2 /lib/firmware/vk-boot1-bcm958401m2.ecdsa.bin 10 4c0eb0fc30eb7ac3a30a27f05c1d2a8d28d6a9ec ima-ng sha1:b16d343dd63352d10309690c71b110762a9444c3 /lib/firmware/vk-boot2-bcm958401m2_a72.ecdsn The sha1 sum matches: root@genericx86-64:/sys/kernel/security/ima# sha1sum /lib/firmware/vk-boot1-bcm958401m2.ecdsa.bin fddd9a28c2b15acf3b0fc9ec0cf187cb2153d7f2 /lib/firmware/vk-boot1-bcm958401m2.ecdsa.bin root@genericx86-64:/sys/kernel/security/ima# sha1sum /lib/firmware/vk-boot2-bcm958401m2_a72.ecdsa.bin b16d343dd63352d10309690c71b110762a9444c3 /lib/firmware/vk-boot2-bcm958401m2_a72.ecdsa.bin > > Mimi > >> + >> if (!file && read_id == READING_FIRMWARE) { >> if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && >> (ima_appraise & IMA_APPRAISE_ENFORCE)) {