| Message ID | 20220126000658.138345-1-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | ima: support fs-verity digests and signatures | expand |
On Tue, Jan 25, 2022 at 07:06:50PM -0500, Mimi Zohar wrote: > Support including fs-verity file digests in the 'd-ng' template field > based on a new policy rule option named 'digest_type=hash|verity'. Perhaps it should be full_hash or verity? verity is a type of hash. - Eric
On Mon, 2022-01-31 at 16:36 -0800, Eric Biggers wrote: > On Tue, Jan 25, 2022 at 07:06:50PM -0500, Mimi Zohar wrote: > > > Support including fs-verity file digests in the 'd-ng' template field > > based on a new policy rule option named 'digest_type=hash|verity'. > > Perhaps it should be full_hash or verity? verity is a type of hash. Ok, but instead of "full_hash", let's rename it to "ima" or "verity". thanks, Mimi
Support for including fs-verity file digests and signatures in the IMA measurement list as well as verifying the fs-verity file digest based signatures, all based on IMA policy rules, was discussed from the beginning, prior to fs-verity being upstreamed[1,2]. Support including fs-verity file digests in the 'd-ng' template field based on a new policy rule option named 'digest_type=hash|verity'. Also support verifying fs-verity file digest based signatures based on policy. A new template field named 'd-type' as well as a new template named 'ima-ngv2' are defined to differentiate betweeen file hashes and fs-verity file digests, when file signatures are not included in the IMA measurement list. To disambiguate the type of file signature, define IMA_VERITY_SIG xattr type and a new signature format version, which is a hash of the new ima_file_id structure. [1] https://events19.linuxfoundation.org/wp-content/uploads/2017/11/fs-verify_Mike-Halcrow_Eric-Biggers.pdf [2] Documentation/filesystems/fsverity.rst Changelog v3: - Addressed Eric Bigger's comments: included Ack, incremented the signature format version, the crypto issues are generic and will be addressed by him separately. - Addressed Vitaly Chikunov's comments: hard coded maximum digest size rather than using a flexible array, removed unnecessary assignment, and fixed comment to match variable name. - Defined new "ima_max_digest_size" struct to avoid wrapping the "ima_digest_data" struct inside a function local structure or having to dynamically allocate it with enough memory for the specific hash algo size. Changelog v2: - Addressed Eric Bigger's comments: sign the hash of fsverity's digest and the digest's metadata, use match_string, use preferred function name fsverity_get_digest(), support including unsigned fs-verity's digests in the IMA measurement list. - Remove signatures requirement for including fs-verity's file digests in the 'd-ng' field of the measurement list. Changelog v1: - Updated both fsverity and IMA documentation. - Addressed both Eric Bigger's and Lakshmi's comments. Mimi Zohar (8): ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS ima: define ima_max_digest_data struct without a flexible array variable fs-verity: define a function to return the integrity protected file digest ima: define a new template field 'd-type' and a new template 'ima-ngv2' ima: include fsverity's file digests in the IMA measurement list ima: define signature version 3 ima: support fs-verity file digest based version 3 signatures fsverity: update the documentation Documentation/ABI/testing/ima_policy | 17 +++++ Documentation/filesystems/fsverity.rst | 22 +++--- Documentation/security/IMA-templates.rst | 10 ++- fs/verity/Kconfig | 1 + fs/verity/fsverity_private.h | 7 -- fs/verity/measure.c | 39 +++++++++++ include/linux/fsverity.h | 18 +++++ security/integrity/digsig.c | 3 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_api.c | 29 +++++++- security/integrity/ima/ima_appraise.c | 83 ++++++++++++++++++++++- security/integrity/ima/ima_crypto.c | 2 +- security/integrity/ima/ima_init.c | 9 +-- security/integrity/ima/ima_main.c | 2 +- security/integrity/ima/ima_policy.c | 40 ++++++++++- security/integrity/ima/ima_template.c | 3 + security/integrity/ima/ima_template_lib.c | 26 ++++++- security/integrity/ima/ima_template_lib.h | 2 + security/integrity/integrity.h | 53 +++++++++++++-- 19 files changed, 329 insertions(+), 39 deletions(-)