Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp629306pxa; Wed, 5 Aug 2020 09:10:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwQ6D0/9hFnfCWqWrfvIZBbR3DQTd3n3VOvfExtYIQJKsCNE3gR3ejP3kKLSSTLhQ7O5qhF X-Received: by 2002:aa7:ccd5:: with SMTP id y21mr3385639edt.91.1596643821049; Wed, 05 Aug 2020 09:10:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596643821; cv=none; d=google.com; s=arc-20160816; b=dCYRjp300qnuI6UZ0poFPydn22U3bZVy9FRsUK1PWEn4o9gVEFC+IXyXKGChYUnc2m iPC+DExVR5FFZdbVgqO0SsukNea4kf2d5ibYG9VisXONOQ7zwW79yDb2K7y4tERwnK23 30dv1x2t5LAjhqNrX4zZN5QcIiphTHl5eyP0KfWT6MV3Lx6dZobGhnYOMfnq8REJIF7/ j3Awcm1uQFNlGOlDTWAQMlS1glPAkOAb3mmgRtx82Afviibm6FdwMdA6QNeQUzoYv9Ng X/nyeYr8vFPML3owIpB5Jc+inlkxAcfdR0k+CoR18MEcR7t1FnqIlYCgV1PrzNIDBIt/ VLKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=/MefcrZx+hPxBX1xwF0yhA24OWiGzhWnY57D/UuARvE=; b=AXRbe+1WghxrPvNQh5c2FVwDQPha4yByaI2qBaPKs8wxK7Plw4y9r5BnFMSti4K4UF iTSYNuEe/sUk9GLkAZtkAJ4L9SUkUom+dQiSi8TDrJjFhO3QbasBd+yUKCZy00CnT17D 7dAXly031fBkL+941k1jXm8F7kDRPaY8vFWcGeV6de+4J/ZVNzAhbirOdM+iyiX0Uhoz wifsehyDloGZQSTaRJTO51vuZE7kKEbP30Npy1Tiy1S5ceJA/MJbTB3gPQm5avAszZg2 atpO9LE5mlOEXC1soQ8GqPN3JK1aaxOuL4fhRJEIXp4+j147s1U9LQ4NKxomBSAPBTXp wuxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cf25si1404647ejb.690.2020.08.05.09.09.24; Wed, 05 Aug 2020 09:10:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726748AbgHEP7U (ORCPT + 99 others); Wed, 5 Aug 2020 11:59:20 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:30028 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726013AbgHEPui (ORCPT ); Wed, 5 Aug 2020 11:50:38 -0400 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 075BXXuJ178180; Wed, 5 Aug 2020 08:00:44 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 32qst1vrkv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 05 Aug 2020 08:00:44 -0400 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 075BZrpK184019; Wed, 5 Aug 2020 08:00:43 -0400 Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com with ESMTP id 32qst1vrj7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 05 Aug 2020 08:00:43 -0400 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 075BuB2d019265; Wed, 5 Aug 2020 12:00:41 GMT Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by ppma02fra.de.ibm.com with ESMTP id 32n018ameg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 05 Aug 2020 12:00:40 +0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 075C0cZX26870164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 5 Aug 2020 12:00:38 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2487D4C05A; Wed, 5 Aug 2020 12:00:38 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7F2D04C050; Wed, 5 Aug 2020 12:00:35 +0000 (GMT) Received: from li-f45666cc-3089-11b2-a85c-c57d1a57929f.ibm.com (unknown [9.160.95.205]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 5 Aug 2020 12:00:35 +0000 (GMT) Message-ID: <1624d016e4110cf903e4b3d22f253edc34c6b39c.camel@linux.ibm.com> Subject: Re: [PATCH v6 0/4] LSM: Measure security module data From: Mimi Zohar To: Lakshmi Ramasubramanian , stephen.smalley.work@gmail.com, casey@schaufler-ca.com Cc: tyhicks@linux.microsoft.com, sashal@kernel.org, jmorris@namei.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 05 Aug 2020 08:00:33 -0400 In-Reply-To: <20200805004331.20652-1-nramas@linux.microsoft.com> References: <20200805004331.20652-1-nramas@linux.microsoft.com> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-12.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687 definitions=2020-08-05_08:2020-08-03,2020-08-05 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=840 impostorscore=0 priorityscore=1501 lowpriorityscore=0 mlxscore=0 adultscore=0 clxscore=1015 suspectscore=0 spamscore=0 malwarescore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008050097 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2020-08-04 at 17:43 -0700, Lakshmi Ramasubramanian wrote: > Critical data structures of security modules are currently not measured. > Therefore an attestation service, for instance, would not be able to > attest whether the security modules are always operating with the policies > and configuration that the system administrator had setup. The policies > and configuration for the security modules could be tampered with by > malware by exploiting kernel vulnerabilities or modified through some > inadvertent actions on the system. Measuring such critical data would > enable an attestation service to better assess the state of the system. From a high level review, "Critical data structures" should be the focus of this patch set. Measuring "critical data structures" should be independent of measuring the "policy" being loaded. The in memory policy hash could be an example of data included in the "critical data structures". Keep this patch set simple. Mimi