| Message ID | 20250203184558.61367-1-chenste@linux.microsoft.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | ima: kexec: measure events between kexec load and excute | expand |
On 2/3/25 1:45 PM, steven chen wrote: It looks like 5/7 is missing. Does it apply to 6.13?
On 2/3/2025 10:45 AM, steven chen wrote: > The current kernel behavior is IMA measurements snapshot is taken at > kexec 'load' and not at kexec 'execute'. IMA log is then carried > over to the new kernel after kexec 'execute'. > > New events can be measured during/after the IMA log snapshot at kexec > 'load' and before the system boots to the new kernel. In this scenario, > the TPM PCRs are extended with these events, but they are not carried > over to the new kernel after kexec soft reboot since the snapshot is > already taken. This results in mismatch between TPM PCR quotes and the > actual IMA measurements list after kexec soft reboot, which in turn > results in remote attestation failure. > > To solve this problem - > - allocate the necessary buffer at kexec 'load' time, > - populate the buffer with the IMA measurements at kexec 'execute' time, > - and measure two new IMA events 'kexec_load' and 'kexec_execute' as > critical data to help detect missing events after kexec soft reboot. > > The solution details include: > - refactoring the existing code to allocate a buffer to hold IMA > measurements at kexec 'load', and dump the measurements at kexec > 'execute' > > - IMA functionality to suspend and resume measurements as needed during > buffer copy at kexec 'execute', > > - kexec functionality for mapping the segments from the current kernel > to the subsequent one, > > - necessary changes to the kexec_file_load syscall, enabling it to call > the ima functions, > > - registering a reboot notifier which gets called during kexec > 'execute', > > - introducing a new Kconfig option to configure the extra memory to be > allocated for passing IMA log from the current Kernel to the next, > > - introducing two new events to be measured by IMA during kexec, to > help diagnose if the IMA log was copied fully or partially, from the > current Kernel to the next, > > - excluding IMA segment while calculating and storing digest in function > kexec_calculate_store_digests(), since IMA segment can be modified > after the digest is computed during kexec 'load'. This will ensure > that the segment is not added to the 'purgatory_sha_regions', and thus > not verified by verify_sha256_digest(). > > The changes proposed in this series ensure the integrity of the IMA > measurements is preserved across kexec soft reboots, thus significantly > improving the security of the kernel post kexec soft reboots. > > There were previous attempts to fix this issue [1], [2], [3]. But they > were not merged into the mainline kernel. > > We took inspiration from the past work [1] and [2] while working on this > patch series. > > V4 of this series is available here[6] for reference. > > V5 of this series is available here[7] for reference. > > V6 of this series is available here[8] for reference. > > References: > ----------- > > [1] [PATHC v2 5/9] ima: on soft reboot, save the measurement list > https://lore.kernel.org/lkml/1472596811-9596-6-git-send-email-zohar@linux.vnet.ibm.com/ > > [2] PATCH v2 4/6] kexec_file: Add mechanism to update kexec segments. > https://lkml.org/lkml/2016/8/16/577 > > [3] [PATCH 1/6] kexec_file: Add buffer hand-over support > https://lore.kernel.org/linuxppc-dev/1466473476-10104-6-git-send-email-bauerman@linux.vnet.ibm.com/T/ > > [4] [PATCH v2 0/7] ima: kexec: measure events between kexec load and execute > https://lore.kernel.org/all/20231005182602.634615-1-tusharsu@linux.microsoft.com/ > > [5] [PATCH v3 0/7] ima: kexec: measure events between kexec load and execute > https://lore.kernel.org/all/20231216010729.2904751-1-tusharsu@linux.microsoft.com/ > > [6] [PATCH v4 0/7] ima: kexec: measure events between kexec load and execute > https://lore.kernel.org/all/20240122183804.3293904-1-tusharsu@linux.microsoft.com/ > > [7] [PATCH v5 0/8] ima: kexec: measure events between kexec load and execute > https://lore.kernel.org/all/20240214153827.1087657-1-tusharsu@linux.microsoft.com/ > > [8] [PATCH v6 0/7] ima: kexec: measure events between kexec load and execute > https://lore.kernel.org/all/20250124225547.22684-1-chenste@linux.microsoft.com/ > > Change Log v7: > - Incorporated feedback from the community (Stefan Berger, Tyler Hicks) > on v6 of this series[8]. > - Verified all the patches are bisect-safe by booting into each > patch and verifying multiple kexec 'load' operations work, > and also verifying kexec soft reboot works, and IMA log gets > carried over for each patch. > > Change Log v6: > - Incorporated feedback from the community (Stefan Berger, Mimi Zohar, > and Petr Tesařík) on v5 of this series[7]. > - Rebased the patch series to mainline 6.12.0. > - Verified all the patches are bisect-safe by booting into each > patch and verifying multiple kexec 'load' operations work, > and also verifying kexec soft reboot works, and IMA log gets > carried over for each patch. > - Compared the memory size allocated with memory size of the entire > measurement record. If there is not enough memory, it will copy as many > IMA measurement records as possible, and this situation will result > in a failure of remote attestation. > - [PATCH V5 6/8] was removed. Per petr comment on [PATCH V5 6/8], during > the handover, other CPUs are taken offline (look for > migrate_to_reboot_cpu() in kernel/kexec_core.c) and even the reboot CPU > will be sufficiently shut down as not to be able to add any more > measurements. > > Change Log v5: > - Incorporated feedback from the community (Stefan Berger and > Mimi Zohar) on v4 of this series[6]. > - Rebased the patch series to mainline 6.8.0-rc1. > - Verified all the patches are bisect-safe by booting into each > patch and verifying multiple kexec 'load' operations work, > and also verifying kexec soft reboot works, and IMA log gets > carried over for each patch. > - Divided the patch #4 in the v4 of the series[6] into two separate > patches. One to setup the infrastructure/stub functions to prepare > the IMA log copy from Kexec 'load' to 'execute', and another one > to actually copy the log. > - Updated the config description for IMA_KEXEC_EXTRA_MEMORY_KB > to remove unnecessary references related to backwards compatibility. > - Fixed a typo in log message/removed an extra line etc. > - Updated patch descriptions as necessary. > > Change Log v4: > - Incorporated feedback from the community (Stefan Berger and > Mimi Zohar) on v3 of this series[5]. > - Rearranged patches so that they remain bisect-safe i.e. the > system can go through kexec soft reboot, and IMA log is carried > over after each patch. > - Verified all the patches are bisect-safe by booting into each > patch and verifying kexec soft reboot works, and IMA log gets > carried over. > - Suspend-resume measurements is now a separate patch (patch #5) > and all the relevant code is part of the same patch. > - Excluding IMA segment from segment digest verification is now a > separate patch. (patch #3). > - Registering reboot notifier and functions related to move ima > log copy from kexec load to execute are now part of the same > patch (patch #4) to protect bisect-safeness of the series. > - Updated the title of patch #6 as per the feedback. > - The default value of kexec extra memory for IMA measurements > is set to half the PAGESIZE to maintain backwards compatibility. > - Added number of IMA measurement records as part of 'kexec_load' > and 'kexec_execute' IMA critical data events. > - Updated patch descriptions as necessary. > > Change Log v3: > - Incorporated feedback from the community (Stefan Berger and > Mimi Zohar) on v2 of this series[4]. > - Renamed functions and removed extraneous checks and code comments. > - Updated patch descriptions and titles as necessary. > - Updated kexec_calculate_store_digests() in patch 2/7 to exclude ima > segment from calculating and storing digest. > - Updated patch 3/7 to use kmalloc_array instead of kmalloc and freed > memory early to avoid potential memory leak. > - Updated patch 6/7 to change Kconfig option IMA_KEXEC_EXTRA_PAGES to > IMA_KEXEC_EXTRA_MEMORY_KB to allocate the memory in kb rather than > in number of pages. > - Optimized patch 7/7 not to free and alloc memory if the buffer size > hasn't changed during multiple kexec 'load' operations. > - Fixed a bug in patch 7/7 to measure multiple 'kexec_load' events even > if buffer size hasn't changed. > - Verified the patches are bisect-safe by compiling and booting into > each patch individually. > > > Change Log v2: > - Incorporated feedback from the community on v1 series. > - Refactored the existing ima_dump_measurement_list to move buffer > allocation functionality to ima_alloc_kexec_buf() function. > - Introduced a new Kconfig option to configure the memory. > - Updated the logic to copy the IMA log only in case of kexec soft > reboot, and not on kexec crash. > - Updated the logic to copy as many IMA events as possible in case of > memory constraint, rather than just bailing out. > - Introduced two new events to be measured by IMA during kexec, to > help diagnose if the IMA log was copied fully or partially from the > current Kernel to the next. > - Refactored patches to ensure no warnings during individual patch > compilation. > - Used virt_to_page instead of phys_to_page. > - Updated patch descriptions as necessary. > > steven chen (7): > ima: define and call ima_alloc_kexec_file_buf > kexec: define functions to map and unmap segments > ima: kexec: skip IMA segment validation after kexec soft reboot > ima: kexec: define functions to copy IMA log at soft boot > ima: kexec: move IMA log copy from kexec load to execute > ima: make the kexec extra memory configurable > ima: measure kexec load and exec events as critical data > > include/linux/ima.h | 3 + > include/linux/kexec.h | 10 ++ > kernel/kexec_core.c | 54 ++++++++ > kernel/kexec_file.c | 31 +++++ > security/integrity/ima/Kconfig | 10 ++ > security/integrity/ima/ima.h | 1 + > security/integrity/ima/ima_kexec.c | 208 ++++++++++++++++++++++++----- > security/integrity/ima/ima_queue.c | 4 +- > 8 files changed, 284 insertions(+), 37 deletions(-) > Hi all, The below is the correct version for review. [PATCH v7 0/7] ima: kexec: measure events between kexec load and excute <https://lore.kernel.org/linux-integrity/20250203232033.64123-1-chenste@linux.microsoft.com/T/#t> Please ignore the this version because patch 5 is missing. I am really sorry to have troubled you. Steven
On Mon, 2025-02-03 at 15:25 -0800, steven chen wrote: > Hi all, > > The below is the correct version for review. > > [PATCH v7 0/7] ima: kexec: measure events between kexec load and excute > < > https://lore.kernel.org/linux-integrity/20250203232033.64123-1-chenste@linux.microso > ft.com/T/#t> > > Please ignore the this version because patch 5 is missing. > > I am really sorry to have troubled you. Thanks, Steven. I was able to apply the patch set to v6.13. For some reason, b4 downloads a duplicate 4/7 patch. Mimi
On 2/3/2025 4:50 PM, Mimi Zohar wrote: > On Mon, 2025-02-03 at 15:25 -0800, steven chen wrote: >> Hi all, >> >> The below is the correct version for review. >> >> [PATCH v7 0/7] ima: kexec: measure events between kexec load and excute >> < >> https://lore.kernel.org/linux-integrity/20250203232033.64123-1-chenste@linux.microso >> ft.com/T/#t> >> >> Please ignore the this version because patch 5 is missing. >> >> I am really sorry to have troubled you. > Thanks, Steven. I was able to apply the patch set to v6.13. For some reason, b4 > downloads a duplicate 4/7 patch. > > Mimi Hi Mimi, Please use the one below [PATCH v7 0/7] ima: kexec: measure events between kexec load and excute <https://lore.kernel.org/linux-integrity/20250203232033.64123-1-chenste@linux.microsoft.com/T/#t> Please ignore the this version because patch 5 is missing. I am really sorry. Steven