Received: by 2002:a05:7208:13ce:b0:7f:395a:35b6 with SMTP id r14csp4586rbe; Wed, 28 Feb 2024 10:13:49 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX1bdc4bFvGwW/tRmlavdCymE3mFh7VXBQGvWxOF8K+WFI4pD4Zt/9IYaBCFSmaqSjWbJjwopVeJESpU/8DVrrwT3hP05IdIoOWBifXlQ== X-Google-Smtp-Source: AGHT+IE87evrvKXxBOlAs6UfCLaQAYfWtND3Yc4c5ikYnVWwIocsVpf3jET6cSIbCPwnegGK3ttV X-Received: by 2002:a17:90a:7189:b0:299:3511:1554 with SMTP id i9-20020a17090a718900b0029935111554mr408763pjk.40.1709144029248; Wed, 28 Feb 2024 10:13:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709144029; cv=pass; d=google.com; s=arc-20160816; b=DV74ReVOhZ2PZdqQoiXkMbQcJNYVSxqeEOtUTDpVmqQ2SxwzxBwXhiS1ZtmMCnw4Xu LNx3TTpSU1V9MtVaFPhi/z+evoku8meK6W4okldeMSsilJ1LKkdUBZv2sO3UFkorXYZg kZZdPWL7wejMCTTj5fXuiqj1vw/ufGFmL+T8UU2xh8w9B9qzZ52UvDkdnZnNTTByC3Ks 8lT9JUuh/hNwdbfos9jgJN3GmXfvb6KkrrSHy6srUyzA2OXJ6XwlMAsdTw7PTTf0gaJN fmDIz1mUKY32df1OHmimUTMIBglY9TPIfvLFc3CcoYYMAbHYAsJgORxwXbdJ1IYyitcy Dq8w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :user-agent:content-transfer-encoding:references:in-reply-to:date:cc :to:from:subject:message-id; bh=+NnSkIzRxth9kZhZVhZ8UGFPS0cG5mrgbRNwHZRmtIg=; fh=5Wnn359pmbA6Du3U7UCJA/Ok/YGzxdV1WgR9g6LrKIw=; b=Kp/3YHacfXn7CcmYk+zCbVS4BHbhchEO6Uu4qQ6e0KyaBP81oFOw3h6P8MBPlvtxVs pHJTnmx/6u3mnDhAHqigyuf0EOnKQrowIHa+Kt2lLyDExTxsWpoGuNK+UiQjlXiWGQmE BqYKq+HtpP1OcPxdqkH8bnAftcU+vmsPtLTkogxhZ/xgsOIqlwHlJ3VCp3ddG8vN01q6 HyVTEUHUD9pcLBX69b5ayY90jqp4dI9Ai2o912UohoQRQPjWr0bhQS6PGBzJByVxq/L/ uL6DIuPL12YrK9kCWyxIG4217rArzOOFzNroYezXsewSeSyXsxxIrcf7qy/H7nIUtqh2 mDAA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-85490-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-85490-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id p10-20020a17090a868a00b0029a17df3876si1705326pjn.172.2024.02.28.10.13.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Feb 2024 10:13:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-85490-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-85490-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-85490-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 25460B27CA3 for ; Wed, 28 Feb 2024 18:00:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6594F71EA8; Wed, 28 Feb 2024 17:59:11 +0000 (UTC) Received: from frasgout11.his.huawei.com (frasgout11.his.huawei.com [14.137.139.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A6A340848; Wed, 28 Feb 2024 17:59:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=14.137.139.23 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709143150; cv=none; b=XMMy1fNGmho45hODFqMP6I4iO6cCqChvEBLoUDlnl2FNxgRUitKx7GsBG8YhjhJ68gNRjv1rl7pGsSJi40uD+Ofy2IvF9CVjHtCP6O+hB+BO0xgRZ0lMBz2NfVEJij4t11a35XV1clIM0uezwGKzM+iMvmsFD5oACgFWwfFb4c4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709143150; c=relaxed/simple; bh=27q+sAVMCpGXyOO7+Xz/rmsZjZDRkPVkgGNbIybUR0c=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=KlN7AbxzKEtGJkF+WP42vRGdsAcXYPRa38EW5kaGCZ/Hmd0kAT/Lk8Dtbt/zj/TKtRAB3HYt0N470B7c/JH/h8cLcsWjQgfvNUBb1/ziiXF9/qD21FTxrrHouo4eOXawSWHlzpSAYdzjNJpbMpZinnhomjVgycOAKo77OHCcb70= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=14.137.139.23 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.18.186.29]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4TlMCR6PYXz9y4yV; Thu, 29 Feb 2024 01:43:31 +0800 (CST) Received: from mail02.huawei.com (unknown [7.182.16.47]) by mail.maildlp.com (Postfix) with ESMTP id 522CC1407C8; Thu, 29 Feb 2024 01:58:55 +0800 (CST) Received: from [127.0.0.1] (unknown [10.204.63.22]) by APP1 (Coremail) with SMTP id LxC2BwBnXxhJdN9li+FkAw--.41826S2; Wed, 28 Feb 2024 18:58:54 +0100 (CET) Message-ID: Subject: Re: [RFC 6/8] KEYS: PGP data parser From: Roberto Sassu To: Matthew Wilcox Cc: Petr Tesarik , Dave Hansen , Petr =?UTF-8?Q?Tesa=C5=99=C3=ADk?= , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , Andy Lutomirski , Oleg Nesterov , Peter Zijlstra , Xin Li , Arnd Bergmann , Andrew Morton , Rick Edgecombe , Kees Cook , "Masami Hiramatsu (Google)" , Pengfei Xu , Josh Poimboeuf , Ze Gao , "Kirill A. Shutemov" , Kai Huang , David Woodhouse , Brian Gerst , Jason Gunthorpe , Joerg Roedel , "Mike Rapoport (IBM)" , Tina Zhang , Jacob Pan , "open list:DOCUMENTATION" , open list , David Howells , Petr Tesarik Date: Wed, 28 Feb 2024 18:58:30 +0100 In-Reply-To: <5b0ce7ef-3f4e-4c1b-a0b7-bf48e8169c4e@huaweicloud.com> References: <20240216152435.1575-1-petrtesarik@huaweicloud.com> <20240216152435.1575-7-petrtesarik@huaweicloud.com> <5916fa3ac3d0ce2ade71e7ed1c9eb6923e374c1f.camel@huaweicloud.com> <5b0ce7ef-3f4e-4c1b-a0b7-bf48e8169c4e@huaweicloud.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.44.4-0ubuntu2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-CM-TRANSID:LxC2BwBnXxhJdN9li+FkAw--.41826S2 X-Coremail-Antispam: 1UD129KBjvJXoWxXFyfuFyrGFWDKF48Zw15CFg_yoW7Jr4DpF WSka4YkF4qqr1Sk3Wqyw4xuFyFvrs3tF15W3s5JryfA3Z0gF12yryIka1jgF9rCr4kK3W2 yr4jyF9xCa4kA3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUU9Ib4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Cr0_Gr1UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I 0E14v26r4UJVWxJr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8C rVC2j2WlYx0E2Ix0cI8IcVAFwI0_JrI_JrylYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4 IE7xkEbVWUJVW8JwACjcxG0xvEwIxGrwACjI8F5VA0II8E6IAqYI8I648v4I1lFIxGxcIE c7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2 IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v2 6rWY6r4UJwCIccxYrVCFb41lIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCw CI42IY6xIIjxv20xvEc7CjxVAFwI0_Cr0_Gr1UMIIF0xvE42xK8VAvwI8IcIk0rVWrJr0_ WFyUJwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJb IYCTnIWIevJa73UjIFyTuYvjxUUtCzDUUUU X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAHBF1jj5bMogABsJ On Fri, 2024-02-16 at 20:54 +0100, Roberto Sassu wrote: > On 2/16/2024 7:44 PM, Matthew Wilcox wrote: > > On Fri, Feb 16, 2024 at 05:53:01PM +0100, Roberto Sassu wrote: > > > On Fri, 2024-02-16 at 16:44 +0000, Matthew Wilcox wrote: > > > > On Fri, Feb 16, 2024 at 04:24:33PM +0100, Petr Tesarik wrote: > > > > > From: David Howells > > > > >=20 > > > > > Implement a PGP data parser for the crypto key type to use when > > > > > instantiating a key. > > > > >=20 > > > > > This parser attempts to parse the instantiation data as a PGP pac= ket > > > > > sequence (RFC 4880) and if it parses okay, attempts to extract a = public-key > > > > > algorithm key or subkey from it. > > > >=20 > > > > I don't understand why we want to do this in-kernel instead of in > > > > userspace and then pass in the actual key. > > >=20 > > > Sigh, this is a long discussion. > >=20 > > Well, yes. When you don't lay out why this is of value, it turns into = a > > long discussion. This isn't fun for me either. > >=20 > > > PGP keys would be used as a system-wide trust anchor to verify RPM > > > package headers, which already contain file digests that can be used = as > > > reference values for kernel-enforced integrity appraisal. > >=20 > > The one example we have of usage comes in patch 7 of this series and is= : > >=20 > > gpg --dearmor < | keyctl padd asymmetric "" @u > >=20 > > And you're already using two userspace programs there. Why not a third= ? >=20 > I think this is very easy to answer. Why not extracting the public key= =20 > from an x509 certificate in user space, sending it to the kernel, and=20 > using it for kernel module verification? >=20 > > gpg --dearmor < | ./scripts/parse-pgp-packets | keyctl padd a= symmetric "" @u > >=20 > > > With the assumptions that: > > >=20 > > > - In a locked-down system the kernel has more privileges than root > > > - The kernel cannot offload this task to an user space process due to > > > insufficient isolation > > >=20 > > > the only available option is to do it in the kernel (that is what I g= ot > > > as suggestion). > >=20 > > This sounds like there's some other way of getting the key into the > > kernel which doesn't rely on userspace. Or are you assuming that nobod= y > > bothered to trojan 'cat'? >=20 > Apologies for not providing the full information at once. I'm worried=20 > that would be too long, and pieces can be lost in the way. If it is not= =20 > a problem, I'm going to clarify on request. >=20 > Ok, so, I'm not going to use cat to upload the PGP keys. These will be= =20 > embedded in the kernel image, when the Linux distribution vendors build= =20 > their kernel. >=20 > This works for both secure boot and trusted boot, since the kernel image= =20 > can be measured/verified by the boot loader. >=20 > Another source for keys is the MOK database, since users might want the= =20 > ability to verify their own software, which does not come from the Linux= =20 > distribution. >=20 > I briefly anticipated the full picture, but I will tell it more explicitl= y. >=20 > The kernel, with the embedded PGP keys, will be able to verify the=20 > signature of the RPM package headers. >=20 > A component that I recently developed, the digest_cache LSM, has the=20 > ability to extract file digests from RPM headers and provide a simple=20 > interface for IMA, IPE, BPF LSM and any other component to query the=20 > calculated digest of files being accessed, and allow/deny access to them= =20 > depending on whether the query is successful or not. Not the proper thread, but since we talked about it... I finally put together the PGP key and signature parser, the digest_cache LSM and the IMA integration patch sets, and built three openSUSE Tumbleweed packages (kernel, digest-cache-tools, dracut), which basically enable the integrity features that the kernel (IMA) supports: - IMA measurement list with RPM headers and (eventually) unknown files=20 that are not from Tumbleweed; - Ability to obtain a deterministic TPM PCR value, suitable for sealing of TPM keys - Out of the box integrity enforcement on executable code, based on the provenance from openSUSE Tumbleweed; nothing else is required other than those three packages An introduction and a guide with configuration steps can be found at: https://github.com/linux-integrity/digest-cache-tools I would also appreciate your comments. Thanks Roberto > I already anticipate the question, if you have the problem parsing PGP= =20 > keys, why don't you have the problem parsing RPM package headers? >=20 > I started finding a solution before this became available, and the only= =20 > alternative I found was to formally verify my code. So, I took Frama-C,= =20 > wrote the assertions, and verified that not only the code is=20 > functionally correct for correct sequences of bytes, but that there is= =20 > no illegal memory access for any arbitrary sequence (unfortunately, I=20 > can prove for a small buffer size). >=20 > So, I'm probably going to do the same for the PGP parser, if this does= =20 > not fly. But, we were very optimistic that this could be a valid=20 > alternative! >=20 > Roberto