From patchwork Sat Jan 13 21:34:41 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dan Aloni <dan@kernelim.com>
X-Patchwork-Id: 10162451
Return-Path: 
 <kernel-hardening-return-11270-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	862226029B for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sat, 13 Jan 2018 21:37:45 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 789B228AFA
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sat, 13 Jan 2018 21:37:45 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6C5CB28B2B; Sat, 13 Jan 2018 21:37:45 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED, T_DKIM_INVALID,
	URIBL_BLACK autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 1816D28AFA
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sat, 13 Jan 2018 21:37:43 +0000 (UTC)
Received: (qmail 12107 invoked by uid 550); 13 Jan 2018 21:36:40 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 11949 invoked from network); 13 Jan 2018 21:36:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=kernelim-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=Dylk/AftCfXrqWwj6bPgjfEIZ6sO1+bCCZsy3X6+RV8=;
	b=mdO5lFZUhHA41W9WjpXyjC5clDABd/TDyNStNScjHELopHwuf1Hit3I6i7wSn1u+xH
	NN7+407Fd4CzxZOWYdHTVedSCt4j9f/ZsODSw7pxewAv/peqXpdKYULdVnkCsOb2S569
	xjui3uLe0Xittkye3+lgnwC7GdwiNjIkjP90SAjUupeDhDhepGeXULP3FcRUFSAbjtsB
	abnwoIRpMmTEMOFrieqWo5nXq+0do1cV4OHHrsMJqwYNPBynrMZalnZq4IToC77uq1zm
	yfcIbzt0TRtkD2jp1SL2DKFrkDsL7LX6Qd9zFAht7Un10Z+dASk2I/ptzpA4WpbJBiKo
	PEbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=Dylk/AftCfXrqWwj6bPgjfEIZ6sO1+bCCZsy3X6+RV8=;
	b=ieJiMNH97X3ONRVgcQflGcwRjGYJ1j3aFokOMAgbt66HNFIjoLMy+WMHqCnDXnYMmV
	/Boq1tQgnC9dYPYLGYVzCVdpZaWoQSJc6QAA1sUDFr64yoAY0bdI8CdDXwvdRbT20HhH
	ZdjkM42EUkRSPUOkHc1OyRjw0OZy49fOtn5vdMUzGFcQ/wIXjkKPkA46Mq6d1KMeTE/B
	TS9pSe+v8wG+CMWaPMvZpOKYQXyCJjk6EGMclTce4EuHK2lX8x8rEyv1rhQdIiP96GF4
	uJRuY9WiyOHew+gd+8EjoZbdYy0mZBUaFjL58xW07OQU3GleaW8BzsrU6MxRkkfzu7RZ
	DJsQ==
X-Gm-Message-State: AKwxytdAkMhCCg2W+cD2f2ah2wewyg9wdQiDPzJjBvVHrBBhiwyRbb+K
	oX02SOE89uenCL3VP03zK4TDaWnQ
X-Google-Smtp-Source: 
 ACJfBouzN4mrOr5g4s1PagC2e1/QlQKgTTiOHS2Qq5MZ362s+L+oYCe105KHOnNnlfMGNoFePBWPYQ==
X-Received: by 10.28.157.206 with SMTP id g197mr2240885wme.96.1515879384513;
	Sat, 13 Jan 2018 13:36:24 -0800 (PST)
From: Dan Aloni <dan@kernelim.com>
To: linux-kernel@vger.kernel.org,
	kernel-hardening@lists.openwall.com
Date: Sat, 13 Jan 2018 23:34:41 +0200
Message-Id: <20180113213441.52047-8-dan@kernelim.com>
X-Mailer: git-send-email 2.14.3
In-Reply-To: <20180113213441.52047-1-dan@kernelim.com>
References: <20180113213441.52047-1-dan@kernelim.com>
Subject: [kernel-hardening] [PATCHv2 7/7] docs: add dmesg encryption doc
X-Virus-Scanned: ClamAV using ClamSMTP

Reviewed-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Dan Aloni <dan@kernelim.com>
---
 Documentation/admin-guide/dmesg-encryption.rst | 118 +++++++++++++++++++++++++
 Documentation/admin-guide/index.rst            |   1 +
 2 files changed, 119 insertions(+)
 create mode 100644 Documentation/admin-guide/dmesg-encryption.rst

diff --git a/Documentation/admin-guide/dmesg-encryption.rst b/Documentation/admin-guide/dmesg-encryption.rst
new file mode 100644
index 000000000000..5aedb8db3a7c
--- /dev/null
+++ b/Documentation/admin-guide/dmesg-encryption.rst
@@ -0,0 +1,118 @@
+Kernel message encryption
+-------------------------
+
+.. CONTENTS
+..
+.. - Overview
+.. - Reason for encrypting dmesg
+.. - Compile time and run time switches
+.. - Limitations
+.. - Decrypting dmesg
+
+
+========
+Overview
+========
+
+Similar to the module signing facility, it is also possible to have the kernel
+perform public key encryption of the kernel messages that are being generated
+by printk calls.
+
+The encryption can be performed for one of the trusted public keys in the
+kernel keyring, and by default will be performed against the kernel's module
+signing key.
+
+To prevent a run-time dependency inside printk itself, the encryption takes
+place upon trying to read ``/dev/kmsg`` which is the mechanism currently used
+by ``systemd`` to read kernel messages, and is also used by ``dmesg``
+invocations.
+
+The first line being read by a ``dmesg`` opener will be an artificial line
+containing an encrypted symmetric encryption session key, in RSA PKCS#1 format.
+The other lines are messages encrypted under an AES-128-GCM scheme. All binary
+ciphertext is base64-encoded, so that the ciphertext solely comprises of
+printable characters.
+
+===========
+Limitations
+===========
+
+There are various limitations one need to consider when enabling dmesg
+encryption:
+
+  * The metadata of kernel messages is not part of the encryption (timestamp,
+    log facility, log severity).
+
+  * The seldom accompanying dictionary is also not part of the encryption.
+
+  * Any output to any system console, happening when printk() itself is
+    executing, is also not encrypted. A potential attacker can load up
+    ``netconsole`` and have kernel messages being sent as plaintext to other
+    machines. Hopefully, on embedded devices, all system consoles are under
+    strict control of the developers.
+
+  * The syslog system call is barred from reading kmsg. Its present users are
+    few, as the system call's interface is mostly a fallback to an inaccessible
+    ``/dev/kmsg``. This is only an implementation limitation and that may be
+    addressed.
+
+  * kmsg buffers will still be saved as plaintext inside kdumps. The assumption
+    is that having an access to read a kdump is equivalent to full kernel
+    access anyway.
+
+===========================
+Reason for encryption dmesg
+===========================
+
+For years, dmesg has contained data which could be utilized by vulnerability
+exploiters, allowing for privilege escalations. Developers may leave key data
+such as pointers, indication of driver bugs, and more.
+
+The feature is mostly aimed for device manufacturers who are not keen on
+revealing the full details of kernel execution, bugs, and crashes to their
+users, but only to their developers, so that local programs running on the
+devices cannot use the data for 'rooting' and executing exploits.
+
+==================================
+Compile time and run time switches
+==================================
+
+In build time, this feature is controlled via the ``CONFIG_KMSG_ENCRYPTION``
+configuration variable.
+
+In run time, it can be turned off by providing `kmsg_encrypt=0` as a boot time
+parameter.
+
+================
+Decrypting dmesg
+================
+
+A supplied program in the kernel tree named ``dmesg-decipher`` uses the OpenSSL
+library along with the paired private key of the encryption in order to
+decipher an encrypted dmesg.
+
+An innocuous dmesg invocation will appear as such (with the ciphertexts
+shortened here for the brevity of this document)::
+
+    [    0.000000] K:Zzgt0ovlRvwH....fQgbQ2tdjOzgYFwrzHU00XO4=
+    [    0.000000] M:ogoKk3kCb6q5....1z8BVLr903/w==,16,12
+    [    0.000000] M:CcxUnMRIHrjD....o+c1Zes=,16,12
+    ....
+
+The artificial ``K:`` message is generated per opening of ``/dev/kmsg``. It
+contains the encrypted session key. The encrypted dmesg lines follows it
+(prefix ``M:``).
+
+Provided with the private key, deciphering a dmesg output should be a
+straightforward process.
+
+For example, one can save an encrypted dmesg to ``dmesg.enc`` in one machine,
+then transfer it to another machine which contains access to the PEM with the
+decrypting private key, and use the the following command::
+
+    cat dmesg.enc | ./tools/kmsg/dmesg-decipher certs/signing_key.pem
+
+    [    0.000000] Linux version 4.15.0-rc5+ (dan@jupiter) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)) #109 SMP Sat Dec 30 18:32:25 IST 2017
+    [    0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.15.0-rc5-dan+ root=UUID=f48b37ec-fcb8-4689-b12e-58703db3cb21 ro rhgb quiet LANG=en_US.UTF-8
+    [    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
+    ...
diff --git a/Documentation/admin-guide/index.rst b/Documentation/admin-guide/index.rst
index 5bb9161dbe6a..3b0cd49c75d4 100644
--- a/Documentation/admin-guide/index.rst
+++ b/Documentation/admin-guide/index.rst
@@ -63,6 +63,7 @@ configure specific aspects of kernel behavior to your liking.
    pm/index
    thunderbolt
    LSM/index
+   dmesg-encryption
 
 .. only::  subproject and html