From patchwork Sat Dec 30 17:58:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Aloni X-Patchwork-Id: 10137867 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1E14460375 for ; Sat, 30 Dec 2017 17:59:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F179287A1 for ; Sat, 30 Dec 2017 17:59:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 03D5D287A3; Sat, 30 Dec 2017 17:59:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID, URIBL_BLACK autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id DE100287A1 for ; Sat, 30 Dec 2017 17:59:09 +0000 (UTC) Received: (qmail 15814 invoked by uid 550); 30 Dec 2017 17:58:30 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 15677 invoked from network); 30 Dec 2017 17:58:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernelim-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=O5aPNzLQAoOgFdNB+VNxvbwH4NUB1BxOkGIIkOh6xCY=; b=IfmJA55lZURKa20FhjwWWpueeWOA7gU0tmvCyNkT7lTwHd9sDMwad04p89upzG7ODh 52acbhtfiwRARJTx63J6q0O4ryFoTquxlDQXWWsK/LyBfP6zpcmUej1s5UKaU81A7two nD4is7gWIqEpajCcHuDJucgzFJIRKJ4acrFzPxSxlRDUFnMjfJBIss550z7HrDUsS6+/ ga0A6y8+69lXtsv9f/GDxis2gygtL+tz3pt4zoYCt90LRFhvQXGGeD6CCbyoQL6phbyT vweguycNIZtjNctwvm3CugqZqin2T8IwhmB3EfMe8mnHw6Vh4Zit0t6hH0JYuH2N/son pOSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=O5aPNzLQAoOgFdNB+VNxvbwH4NUB1BxOkGIIkOh6xCY=; b=nNapvFlTjMZFtTkuqbmM0Hq1c5THpgaLXQyV7Y/ECy67lLqQy+DvJRUwWcH3narzbc LFSxR2OpSTfcxJ+Zdm3QCDdOyd6O26lRvZLxACRrjIgad11s0ANETVUzxWQjUU0sUw4z 9N919iBj6lTsOVSwGdr/VgZM5DXCQUXht/wA4zgymA2xfe8lM86+SzwU9E3EDxhcOC8/ MRrNYmKo+HsKB5bRx5vE0xOlUqHzOmScKqYxBAIkuFWQAfaIxbshLTHGwD3K1meyP0h8 tvDvnTKystZpUgC/B58WoVAx/4y63y/6rNP0AWhLfAGs5/tyORzpxVwNPRcCy5dXQqNn 6XTA== X-Gm-Message-State: AKGB3mI9+4aDJgsfIJvKHj/pbLKcBZkDYu5/VcXYER939H0WhdlwD5uO C5nTEFFf5KooKs1XcUiY73P1PPYK X-Google-Smtp-Source: ACJfBovlBIqv26C7gQVGr2F25dQC9lgB5aZJyj9wetoyhiaHAY3UhzCFKHkD3pZta/fX+94444wTaQ== X-Received: by 10.28.193.139 with SMTP id r133mr32789574wmf.39.1514656696282; Sat, 30 Dec 2017 09:58:16 -0800 (PST) From: Dan Aloni X-Google-Original-From: Dan Aloni To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Cc: Dan Aloni Date: Sat, 30 Dec 2017 19:58:04 +0200 Message-Id: <20171230175804.7354-6-alonid@gmail.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20171230175804.7354-1-alonid@gmail.com> References: <20171230175804.7354-1-alonid@gmail.com> Subject: [kernel-hardening] [PATCH 5/5] docs: add dmesg encryption doc X-Virus-Scanned: ClamAV using ClamSMTP From: Dan Aloni Signed-off-by: Dan Aloni Reviewed-by: Randy Dunlap --- Documentation/admin-guide/dmesg-encryption.rst | 77 ++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 Documentation/admin-guide/dmesg-encryption.rst diff --git a/Documentation/admin-guide/dmesg-encryption.rst b/Documentation/admin-guide/dmesg-encryption.rst new file mode 100644 index 000000000000..4a3d087b7f98 --- /dev/null +++ b/Documentation/admin-guide/dmesg-encryption.rst @@ -0,0 +1,77 @@ +Kernel message encryption +------------------------- + +.. CONTENTS +.. +.. - Overview +.. - Reason for encrypting dmesg +.. - Compile time and run time switches +.. - Limitations +.. - Decrypting dmesg + + +======== +Overview +======== + +Similaly the module signing facility, it is also possible to have the kernel perform public key encryption of the kernel messages that are being generated by printk calls. + +The encryption can be performed for one of the trusted public keys in the kernel keyring, and by default will be performed against the kernel's moduel signing key. + +To prevent a run-time dependency inside printk itself, the encryption takes places upon trying to read ``/dev/kmsg`` which is the mechanism currenly used by ``systemd`` to read kernel messages, and is also used by ``dmesg`` invocations. + +The first line being read by a ``dmesg`` opener will be an artificial line containing an encrypted symmetric encryption session key, in RSA PKCS#1 format. The other lines are messages encrypted under an AES-128-GCM scheme. All binary ciphertext is hex-encoded, so that the ciphertext solely comprises of printable characters. + +=========== +Limitations +=========== + +There are various limitations one need to consider when enabling dmesg encryption: + + * The metadata of kernel messages is not part of the encryption (timestamp, log facility, log severity). + * The seldom accompanying dictionary is also not part of the encryption. + * Any output to any system console, happening when printk() itself is executing, is also not encrypted. A potential attacker can load up ``netconsole`` and have kernel messages being sent as plaintext to other machines. Hopefully, on embedded devices, all system consoles are under strict control of the developers. + * The syslog system call is barred from reading kmsg. Its present users are few, as the system call's interface is mostly a fallback to an inaccessible ``/dev/kmsg``. This is only an implementation limitation and that may be addressed. + * kmsg buffers will still be saved as plaintext inside kdumps. The assumption is that having an access to read a kdump is equivalent to full kernel access anyway. + +=========================== +Reason for encryption dmesg +=========================== + +For years, dmesg has contained data which could be utilized by vulnerability exploiters, allowing for privilege escalations. Developers may leave key data such as pointers, indication of driver bugs, and more. + +The feature is mostly aimed for device manufacturers who are not keen on revealing the full details of kernel execution, bugs, and crashes to their users, but only to their developers, so that local programs running on the devices cannot use the data for 'rooting' and executing exploits. + +================================== +Compile time and run time switches +================================== + +In build time, this feature is controlled via the ``CONFIG_KMSG_ENCRYPTION`` configuration variable. + +In run time, it can be turned off by providing `kmsg.encrypt=0` as a boot time parameter. + +================ +Decrypting dmesg +================ + +A supplied program in the kernel tree named ``dmesg-decipher``, uses the OpenSSL library along with the paired private key of the encryption, in order to decipher an encrypted dmesg. + +An innocuous dmesg invocation will appear as such (with the ciphertexts shortened here for the brevity of this document):: + + [ 0.000000] K:7c7da3617b6f...f4098e2425af00 + [ 0.000000] M:36ae318532e...61686821b3ab,16,12 + [ 0.000000] M:7fca10...154e035,16,12 + .... + +The artificial ``K:`` message is generated per opening of ``/dev/kmsg``. It contains the encrypted session key. The encrypted dmesg lines follows it (prefix ``M:``). + +Provided with the private key, deciphering a dmesg output should be a straight-forward process. + +For example, one can save an encrypted dmesg to ``dmesg.enc`` in one machine, then transfer it to another machine which contains access to the PEM with the decrypting private key, and use the the following command:: + + cat dmesg.enc | ./tools/kmsg/dmesg-decipher certs/signing_key.pem + + [ 0.000000] Linux version 4.15.0-rc5+ (dan@jupiter) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)) #109 SMP Sat Dec 30 18:32:25 IST 2017 + [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.15.0-rc5-dan+ root=UUID=f48b37ec-fcb8-4689-b12e-58703db3cb21 ro rhgb quiet LANG=en_US.UTF-8 + [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' + ...