Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2992976ybt; Mon, 22 Jun 2020 12:06:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzfevOWzlr58CKWcIC98uFxwMQzwVI54X5X/0X9jK2QnbWQqUGI18Vaxz4hW1/1qZmIKSgI X-Received: by 2002:a17:906:abca:: with SMTP id kq10mr16587741ejb.242.1592852781901; Mon, 22 Jun 2020 12:06:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592852781; cv=none; d=google.com; s=arc-20160816; b=PPmejgIlgnvk1X/xK+gDGr3TXAgmvSqzhWOdDcT1sC1KKh1aLI6CxOefHB/CyjObgN LY5A8kXkNTp7Qh1s/SH2eouR4rnEB322y7468BpR8LUx4Ii8ZyPO3f6MtfgElQ1cyIza UUIZNTiKe3+iNIqk3dmuSifnlbeg4Hz+GmPjEMLZCFEOKfYly6jj4va9JpjpsE/Bicw0 zLyQdlNOQw6sHUVt8m1xw+8oL8LxAO06LbvKY/+OZiUbv90BadaIHsEEfGGdPla6QinU ZquajVNfnKMwca1Jo0iPT7Ei18DmIoSH8SyF8rEQQRGm3dHF1OOPCZnCyz4jN9DRAXkP qCuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=DRv4oOE4QAUwn7V2arrxel6wKWvu/Qc86neG7LJNWJU=; b=fUpMF/Vw/ZriaCh4X9BaP6PJNL2uVkSbz4wnu4PETHPaPMr09PosUE+GRHYgH+h/0G ZRT1dMKY9TuKUyeIo97yLCjaxTDeXyEJABU1TJ+v3gfuuLPr1LX8WR5WkFW0wO5n397w b3uIQwIYMCYoYt3n1kHq4wZ0Q9qhO8u2+8xMS6fAOI1/QLvyisUj9c32IRkVrri7cFeJ WWyjLwI7PWpVrVu7TsZCcd8mbif2dDrqB9k+ye1ihabDjFbKueHHNzEar36HPjLaZMpG tUCNkFjj8tZHtH5sHz7GmdWu4shnB/CnbIx4PIEVfIbelxZ7gt72/rN1zVm/eDXEmZjv 7dsQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p26si10542299edx.191.2020.06.22.12.05.58; Mon, 22 Jun 2020 12:06:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730230AbgFVTBe (ORCPT + 99 others); Mon, 22 Jun 2020 15:01:34 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:22622 "EHLO mx0b-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730020AbgFVTBe (ORCPT ); Mon, 22 Jun 2020 15:01:34 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05MIWJxZ122180; Mon, 22 Jun 2020 15:01:32 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 31tyvucp16-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 Jun 2020 15:01:32 -0400 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 05MIWe11122980; Mon, 22 Jun 2020 15:01:32 -0400 Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 31tyvucp0s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 Jun 2020 15:01:32 -0400 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 05MJ046U020167; Mon, 22 Jun 2020 19:01:31 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma05wdc.us.ibm.com with ESMTP id 31sa38htam-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 Jun 2020 19:01:31 +0000 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 05MJ1SlX18350440 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Jun 2020 19:01:28 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 396A1BE054; Mon, 22 Jun 2020 19:01:30 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A52DBBE053; Mon, 22 Jun 2020 19:01:28 +0000 (GMT) Received: from swastik.ibm.com (unknown [9.160.110.135]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 22 Jun 2020 19:01:28 +0000 (GMT) Subject: Re: [PATCH v2] ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime To: Bruno Meneguele Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, erichte@linux.ibm.com, nayna@linux.ibm.com, stable@vger.kernel.org References: <20200622172754.10763-1-bmeneg@redhat.com> From: Nayna Message-ID: <043e52d4-6835-c2c4-bc9d-d36ddb3db0e9@linux.vnet.ibm.com> Date: Mon, 22 Jun 2020 15:01:27 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <20200622172754.10763-1-bmeneg@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216,18.0.687 definitions=2020-06-22_10:2020-06-22,2020-06-22 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 cotscore=-2147483648 clxscore=1011 mlxlogscore=999 spamscore=0 mlxscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0 lowpriorityscore=0 priorityscore=1501 suspectscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006220122 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/22/20 1:27 PM, Bruno Meneguele wrote: > IMA_APPRAISE_BOOTPARAM has been marked as dependent on !IMA_ARCH_POLICY in > compile time, enforcing the appraisal whenever the kernel had the arch > policy option enabled. > > However it breaks systems where the option is actually set but the system > wasn't booted in a "secure boot" platform. In this scenario, anytime the > an appraisal policy (i.e. ima_policy=appraisal_tcb) is used it will be > forced, giving no chance to the user set the 'fix' state (ima_appraise=fix) > to actually measure system's files. > > This patch remove this compile time dependency and move it to a runtime > decision, based on the arch policy loading failure/success. Thanks for looking at this. For arch specific policies, kernel signature verification is enabled based on the secure boot state of the system. Perhaps, enforce the appraisal as well based on if secure boot is enabled. Thanks & Regards,     - Nayna