Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp629306pxa;
        Wed, 5 Aug 2020 09:10:21 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwQ6D0/9hFnfCWqWrfvIZBbR3DQTd3n3VOvfExtYIQJKsCNE3gR3ejP3kKLSSTLhQ7O5qhF
X-Received: by 2002:aa7:ccd5:: with SMTP id y21mr3385639edt.91.1596643821049;
        Wed, 05 Aug 2020 09:10:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1596643821; cv=none;
        d=google.com; s=arc-20160816;
        b=dCYRjp300qnuI6UZ0poFPydn22U3bZVy9FRsUK1PWEn4o9gVEFC+IXyXKGChYUnc2m
         iPC+DExVR5FFZdbVgqO0SsukNea4kf2d5ibYG9VisXONOQ7zwW79yDb2K7y4tERwnK23
         30dv1x2t5LAjhqNrX4zZN5QcIiphTHl5eyP0KfWT6MV3Lx6dZobGhnYOMfnq8REJIF7/
         j3Awcm1uQFNlGOlDTWAQMlS1glPAkOAb3mmgRtx82Afviibm6FdwMdA6QNeQUzoYv9Ng
         X/nyeYr8vFPML3owIpB5Jc+inlkxAcfdR0k+CoR18MEcR7t1FnqIlYCgV1PrzNIDBIt/
         VLKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id;
        bh=/MefcrZx+hPxBX1xwF0yhA24OWiGzhWnY57D/UuARvE=;
        b=AXRbe+1WghxrPvNQh5c2FVwDQPha4yByaI2qBaPKs8wxK7Plw4y9r5BnFMSti4K4UF
         iTSYNuEe/sUk9GLkAZtkAJ4L9SUkUom+dQiSi8TDrJjFhO3QbasBd+yUKCZy00CnT17D
         7dAXly031fBkL+941k1jXm8F7kDRPaY8vFWcGeV6de+4J/ZVNzAhbirOdM+iyiX0Uhoz
         wifsehyDloGZQSTaRJTO51vuZE7kKEbP30Npy1Tiy1S5ceJA/MJbTB3gPQm5avAszZg2
         atpO9LE5mlOEXC1soQ8GqPN3JK1aaxOuL4fhRJEIXp4+j147s1U9LQ4NKxomBSAPBTXp
         wuxg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id cf25si1404647ejb.690.2020.08.05.09.09.24;
        Wed, 05 Aug 2020 09:10:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726748AbgHEP7U (ORCPT <rfc822;ostrlinux@gmail.com> + 99 others);
        Wed, 5 Aug 2020 11:59:20 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:30028 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726013AbgHEPui (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 5 Aug 2020 11:50:38 -0400
Received: from pps.filterd (m0098409.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 075BXXuJ178180;
        Wed, 5 Aug 2020 08:00:44 -0400
Received: from pps.reinject (localhost [127.0.0.1])
        by mx0a-001b2d01.pphosted.com with ESMTP id 32qst1vrkv-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 05 Aug 2020 08:00:44 -0400
Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1])
        by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 075BZrpK184019;
        Wed, 5 Aug 2020 08:00:43 -0400
Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71])
        by mx0a-001b2d01.pphosted.com with ESMTP id 32qst1vrj7-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 05 Aug 2020 08:00:43 -0400
Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1])
        by ppma02fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 075BuB2d019265;
        Wed, 5 Aug 2020 12:00:41 GMT
Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195])
        by ppma02fra.de.ibm.com with ESMTP id 32n018ameg-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 05 Aug 2020 12:00:40 +0000
Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58])
        by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 075C0cZX26870164
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 5 Aug 2020 12:00:38 GMT
Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 2487D4C05A;
        Wed,  5 Aug 2020 12:00:38 +0000 (GMT)
Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 7F2D04C050;
        Wed,  5 Aug 2020 12:00:35 +0000 (GMT)
Received: from li-f45666cc-3089-11b2-a85c-c57d1a57929f.ibm.com (unknown [9.160.95.205])
        by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Wed,  5 Aug 2020 12:00:35 +0000 (GMT)
Message-ID: <1624d016e4110cf903e4b3d22f253edc34c6b39c.camel@linux.ibm.com>
Subject: Re: [PATCH v6 0/4] LSM: Measure security module data
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
        stephen.smalley.work@gmail.com, casey@schaufler-ca.com
Cc:     tyhicks@linux.microsoft.com, sashal@kernel.org, jmorris@namei.org,
        linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Date:   Wed, 05 Aug 2020 08:00:33 -0400
In-Reply-To: <20200805004331.20652-1-nramas@linux.microsoft.com>
References: <20200805004331.20652-1-nramas@linux.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-15"
X-Mailer: Evolution 3.28.5 (3.28.5-12.el8) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687
 definitions=2020-08-05_08:2020-08-03,2020-08-05 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=840
 impostorscore=0 priorityscore=1501 lowpriorityscore=0 mlxscore=0
 adultscore=0 clxscore=1015 suspectscore=0 spamscore=0 malwarescore=0
 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2006250000 definitions=main-2008050097
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2020-08-04 at 17:43 -0700, Lakshmi Ramasubramanian wrote:
> Critical data structures of security modules are currently not measured.
> Therefore an attestation service, for instance, would not be able to
> attest whether the security modules are always operating with the policies
> and configuration that the system administrator had setup. The policies
> and configuration for the security modules could be tampered with by
> malware by exploiting kernel vulnerabilities or modified through some
> inadvertent actions on the system. Measuring such critical data would
> enable an attestation service to better assess the state of the system.

From a high level review, "Critical data structures" should be the
focus of this patch set.  Measuring "critical data structures" should
be independent of measuring the "policy" being loaded.   The in memory
policy hash could be an example of  data included in the "critical data
structures". 

Keep this patch set simple.

Mimi