From patchwork Tue Jul 7 02:26:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 11647353 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9A9A0618 for ; Tue, 7 Jul 2020 02:26:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8A638206F6 for ; Tue, 7 Jul 2020 02:26:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728053AbgGGC0v (ORCPT ); Mon, 6 Jul 2020 22:26:51 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:35018 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727120AbgGGC0u (ORCPT ); Mon, 6 Jul 2020 22:26:50 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06721uBZ186810; Mon, 6 Jul 2020 22:26:45 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 322nunhqnm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Jul 2020 22:26:45 -0400 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 06722YWS189963; Mon, 6 Jul 2020 22:26:45 -0400 Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com with ESMTP id 322nunhqmv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Jul 2020 22:26:45 -0400 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0672QgqA022428; Tue, 7 Jul 2020 02:26:42 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma06ams.nl.ibm.com with ESMTP id 322h1h2uju-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 07 Jul 2020 02:26:42 +0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0672PJGm24707546 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 7 Jul 2020 02:25:19 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5415D4C040; Tue, 7 Jul 2020 02:26:40 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A81FC4C04A; Tue, 7 Jul 2020 02:26:39 +0000 (GMT) Received: from localhost.localdomain (unknown [9.85.174.194]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 7 Jul 2020 02:26:39 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: Mimi Zohar , Petr Vorel , Bruno Meneguele , Vitaly Chikunov Subject: [PATCH 3/6] ima-evm-utils: don't hardcode validating the IMA measurement list Date: Mon, 6 Jul 2020 22:26:28 -0400 Message-Id: <1594088791-27370-4-git-send-email-zohar@linux.ibm.com> X-Mailer: git-send-email 2.7.5 In-Reply-To: <1594088791-27370-1-git-send-email-zohar@linux.ibm.com> References: <1594088791-27370-1-git-send-email-zohar@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687 definitions=2020-07-06_20:2020-07-06,2020-07-06 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 cotscore=-2147483648 lowpriorityscore=0 clxscore=1015 suspectscore=1 priorityscore=1501 impostorscore=0 mlxlogscore=999 bulkscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2007070010 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org File time of measure, time of use (ToMToU) violations are annotated in the measurement list by including a template data digest of zeroes, but extending the TPM with 0xFF's. This causes validating the measurement against the TPM PCRs to fail. To validate the measurement list against the PCRs requires replacing the zero template data digest with OxFF's. The default behavior, unless specifically requested, should be to fail the measurement list verification. Support validating the measurement list based on a "--validate" option. Signed-off-by: Mimi Zohar --- src/evmctl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 71712d91703a..3c4483ef2b0e 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -1412,7 +1412,7 @@ struct template_entry { static uint8_t zero[MAX_DIGEST_SIZE]; static uint8_t fox[MAX_DIGEST_SIZE]; -int validate = 1; +static int validate = 0; static int ima_verify_template_hash(struct template_entry *entry) { @@ -2156,7 +2156,7 @@ struct command cmds[] = { {"ima_verify", cmd_verify_ima, 0, "file", "Verify IMA signature (for debugging).\n"}, {"ima_setxattr", cmd_setxattr_ima, 0, "[--sigfile file]", "Set IMA signature from sigfile\n"}, {"ima_hash", cmd_hash_ima, 0, "file", "Make file content hash.\n"}, - {"ima_measurement", cmd_ima_measurement, 0, "file", "Verify measurement list (experimental).\n"}, + {"ima_measurement", cmd_ima_measurement, 0, "[--validate] file", "Verify measurement list (experimental).\n"}, {"ima_boot_aggregate", cmd_ima_bootaggr, 0, "", "Calculate per TPM bank boot_aggregate digests\n"}, {"ima_fix", cmd_ima_fix, 0, "[-t fdsxm] path", "Recursively fix IMA/EVM xattrs in fix mode.\n"}, {"ima_clear", cmd_ima_clear, 0, "[-t fdsxm] path", "Recursively remove IMA/EVM xattrs.\n"}, @@ -2195,6 +2195,7 @@ static struct option opts[] = { {"list", 0, 0, 138}, {"engine", 1, 0, 139}, {"xattr-user", 0, 0, 140}, + {"validate", 0, 0, 141}, {} }; @@ -2373,6 +2374,9 @@ int main(int argc, char *argv[]) xattr_ima = "user.ima"; xattr_evm = "user.evm"; break; + case 141: /* --validate */ + validate = 1; + break; case '?': exit(1); break;