| Message ID | 20200109024359.3410-1-nramas@linux.microsoft.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | IMA: Deferred measurement of keys | expand |
On Wed, 2020-01-08 at 18:43 -0800, Lakshmi Ramasubramanian wrote: > Changelog: > > v8 > > => Rebased the changes to linux-next > => Need to apply the following patch first > https://lore.kernel.org/linux-integrity/20200108160508.5938-1-nramas@linux.microsoft.com/ Unless you made some other changes, the previous version of this patch set is already in next-integrity-testing. There's no reason to re- post these patches again, and definitely not against linux-next. Mimi
On 1/8/20 9:07 PM, Mimi Zohar wrote: > On Wed, 2020-01-08 at 18:43 -0800, Lakshmi Ramasubramanian wrote: > >> Changelog: >> >> v8 >> >> => Rebased the changes to linux-next >> => Need to apply the following patch first >> https://lore.kernel.org/linux-integrity/20200108160508.5938-1-nramas@linux.microsoft.com/ > > Unless you made some other changes, the previous version of this patch > set is already in next-integrity-testing. There's no reason to re- > post these patches again, and definitely not against linux-next. > > Mimi > The change was to integrate the changes from the patch for the CONFIG issue: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?h=next-integrity-testing&id=50a2506e069fc71f4be1bbcc2c5534bf58ed94ab The following commit needs to be updated to use the new config CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS instead of CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?h=next-integrity-testing&id=e164a1695a5705c24c897b0bc7e9b97abb0830c8 Please let me know if I can clone next-integrity-testing and make the above update. I'll post the updated patch today. thanks, -lakshmi
The IMA subsystem supports measuring asymmetric keys when the key is created or updated[1]. But keys created or updated before a custom IMA policy is loaded are currently not measured. This includes keys added, for instance, to either the .ima or .builtin_trusted_keys keyrings, which happens early in the boot process. Measuring the early boot keys, by design, requires loading a custom IMA policy. This change adds support for queuing keys created or updated before a custom IMA policy is loaded. The queued keys are processed when a custom policy is loaded. Keys created or updated after a custom policy is loaded are measured immediately (not queued). In the case when a custom policy is not loaded within 5 minutes of IMA initialization, the queued keys are freed. [1] https://lore.kernel.org/linux-integrity/20191211164707.4698-1-nramas@linux.microsoft.com/ Testing performed: * Ran kernel self-test following the instructions given in https://www.kernel.org/doc/Documentation/kselftest.txt * Ran the lkp-tests using the job script provided by kernel test robot <rong.a.chen@intel.com> * Booted the kernel with this change. * Added .builtin_trusted_keys in "keyrings=" option in the IMA policy and verified the keys added to this keyring are measured. * Specified only func=KEY_CHECK and not "keyrings=" option, and verified the keys added to builtin_trusted_keys keyring are processed. * Added keys at runtime and verified they are measured if the IMA policy permitted. => For example, added keys to .ima keyring and verified. Changelog: v8 => Rebased the changes to linux-next => Need to apply the following patch first https://lore.kernel.org/linux-integrity/20200108160508.5938-1-nramas@linux.microsoft.com/ v7 => Updated cover letter per Mimi's suggestions. => Updated "Reported-by" tag to be specific about the issues fixed in the patch. v6 => Replaced mutex with a spinlock to sychronize access to queued keys. This fixes the problem reported by "kernel test robot <rong.a.chen@intel.com>" https://lore.kernel.org/linux-integrity/2a831fe9-30e5-63b4-af10-a69f327f7fb7@linux.microsoft.com/T/#t => Changed ima_queue_key() to a static function. This fixes the issue reported by "kbuild test robot <lkp@intel.com>" https://lore.kernel.org/linux-integrity/1577370464.4487.10.camel@linux.ibm.com/ => Added the patch to free the queued keys if a custom IMA policy was not loaded to this patch set. v5 => Removed temp keys list in ima_process_queued_keys() v4 => Check and set ima_process_keys flag with mutex held. v3 => Defined ima_process_keys flag to be static. => Set ima_process_keys with ima_keys_mutex held. => Added a comment in ima_process_queued_keys() function to state the use of temporary list for keys. v2 => Rebased the changes to v5.5-rc1 => Updated function names, variable names, and code comments to be less verbose. v1 => Code cleanup v0 => Based changes on v5.4-rc8 => The following patchsets should be applied in that order https://lore.kernel.org/linux-integrity/1572492694-6520-1-git-send-email-zohar@linux.ibm.com https://lore.kernel.org/linux-integrity/20191204224131.3384-1-nramas@linux.microsoft.com/ => Added functions to queue and dequeue keys, and process the queued keys when custom IMA policies are applied. Lakshmi Ramasubramanian (3): IMA: Define workqueue for early boot key measurements IMA: Call workqueue functions to measure queued keys IMA: Defined timer to free queued keys security/integrity/ima/ima.h | 17 ++ security/integrity/ima/ima_asymmetric_keys.c | 159 +++++++++++++++++++ security/integrity/ima/ima_init.c | 8 +- security/integrity/ima/ima_policy.c | 3 + 4 files changed, 186 insertions(+), 1 deletion(-)