| Message ID | 20250318010448.954-9-chenste@linux.microsoft.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | ima: kexec: measure events between kexec load and execute | expand |
On Mon, 2025-03-17 at 18:04 -0700, steven chen wrote: > The amount of memory allocated at kexec load, even with the extra memory > allocated, might not be large enough for the entire measurement list. The > indeterminate interval between kexec 'load' and 'execute' could exacerbate > this problem. > > Define two new IMA events, 'kexec_load' and 'kexec_execute', to be > measured as critical data at kexec 'load' and 'execute' respectively. > Report the allocated kexec segment size, IMA binary log size and the > runtime measurements count as part of those events. > > These events, and the values reported through them, serve as markers in > the IMA log to verify the IMA events are captured during kexec soft > reboot. The presence of a 'kexec_load' event in between the last two > 'boot_aggregate' events in the IMA log implies this is a kexec soft > reboot, and not a cold-boot. And the absence of 'kexec_execute' event > after kexec soft reboot implies missing events in that window which > results in inconsistency with TPM PCR quotes, necessitating a cold boot > for a successful remote attestation. > > These critical data events are displayed as hex encoded ascii in the > ascii_runtime_measurement_list. Verifying the critical data hash requires > calculating the hash of the decoded ascii string. > > For example, to verify the 'kexec_load' data hash: > > sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements > > grep kexec_load | cut -d' ' -f 6 | xxd -r -p | sha256sum > > > To verify the 'kexec_execute' data hash: > > sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements > > grep kexec_execute | cut -d' ' -f 6 | xxd -r -p | sha256sum > > Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> > Signed-off-by: steven chen <chenste@linux.microsoft.com> > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > --- > security/integrity/ima/ima.h | 6 ++++++ > security/integrity/ima/ima_kexec.c | 21 +++++++++++++++++++++ > security/integrity/ima/ima_queue.c | 5 +++++ > 3 files changed, 32 insertions(+) > > diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h > index 24d09ea91b87..34815baf5e21 100644 > --- a/security/integrity/ima/ima.h > +++ b/security/integrity/ima/ima.h > @@ -240,6 +240,12 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, > unsigned long flags, bool create); > #endif > > +#ifdef CONFIG_IMA_KEXEC > +void ima_measure_kexec_event(const char *event_name); > +#else > +static inline void ima_measure_kexec_event(const char *event_name) {} > +#endif > + > /* > * The default binary_runtime_measurements list format is defined as the > * platform native format. The canonical format is defined as little-endian. > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c > index 0f214e41dd33..43223eb99046 100644 > --- a/security/integrity/ima/ima_kexec.c > +++ b/security/integrity/ima/ima_kexec.c > @@ -17,6 +17,8 @@ > #include "ima.h" > > #ifdef CONFIG_IMA_KEXEC > +#define IMA_KEXEC_EVENT_LEN 256 > + > static bool ima_kexec_update_registered; > static struct seq_file ima_kexec_file; > static size_t kexec_segment_size; > @@ -36,6 +38,24 @@ static void ima_free_kexec_file_buf(struct seq_file *sf) > ima_reset_kexec_file(sf); > } > > +void ima_measure_kexec_event(const char *event_name) > +{ > + char ima_kexec_event[IMA_KEXEC_EVENT_LEN]; > + size_t buf_size = 0; > + long len; > + int n; > + > + buf_size = ima_get_binary_runtime_size(); > + len = atomic_long_read(&ima_htable.len); > + > + n = scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN, > + "kexec_segment_size=%lu;ima_binary_runtime_size=%lu;" > + "ima_runtime_measurements_count=%ld;", > + kexec_segment_size, buf_size, len); > + > + ima_measure_critical_data("ima_kexec", event_name, ima_kexec_event, n, false, NULL, 0); > +} > + > static int ima_alloc_kexec_file_buf(size_t segment_size) > { > /* > @@ -58,6 +78,7 @@ static int ima_alloc_kexec_file_buf(size_t segment_size) > out: > ima_kexec_file.read_pos = 0; > ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved space */ > + ima_measure_kexec_event("kexec_load"); > > return 0; > } > diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c > index 83d53824aa98..590637e81ad1 100644 > --- a/security/integrity/ima/ima_queue.c > +++ b/security/integrity/ima/ima_queue.c > @@ -241,6 +241,11 @@ static int ima_reboot_notifier(struct notifier_block *nb, > unsigned long action, > void *data) > { > +#ifdef CONFIG_IMA_KEXEC > + if (action == SYS_RESTART && data && !strcmp(data, "kexec reboot")) > + ima_measure_kexec_event("kexec_execute"); > +#endif After a kexec execute, the measurement list does not verify properly and the "kexec_execute" critical data does not appear in the measurement list. This makes me think the critical data IS being extended into the TPM, but the measurement list is being copied before the "kexec_execute" critical data is called. This actually makes sense since the reboot notifier ima_update_kexec_buffer() priority is higher than ima_reboot_notifier(). INT_MIN: runs the callback late INT_MAX: runs the callback early Either reverse the callback priorities or revert moving the "kexec_execute" critical data to ima_reboot_notifier(). thanks, Mimi > + > ima_measurements_suspend(); > > return NOTIFY_DONE;
On 3/19/2025 7:59 PM, Mimi Zohar wrote: > On Mon, 2025-03-17 at 18:04 -0700, steven chen wrote: >> The amount of memory allocated at kexec load, even with the extra memory >> allocated, might not be large enough for the entire measurement list. The >> indeterminate interval between kexec 'load' and 'execute' could exacerbate >> this problem. >> >> Define two new IMA events, 'kexec_load' and 'kexec_execute', to be >> measured as critical data at kexec 'load' and 'execute' respectively. >> Report the allocated kexec segment size, IMA binary log size and the >> runtime measurements count as part of those events. >> >> These events, and the values reported through them, serve as markers in >> the IMA log to verify the IMA events are captured during kexec soft >> reboot. The presence of a 'kexec_load' event in between the last two >> 'boot_aggregate' events in the IMA log implies this is a kexec soft >> reboot, and not a cold-boot. And the absence of 'kexec_execute' event >> after kexec soft reboot implies missing events in that window which >> results in inconsistency with TPM PCR quotes, necessitating a cold boot >> for a successful remote attestation. >> >> These critical data events are displayed as hex encoded ascii in the >> ascii_runtime_measurement_list. Verifying the critical data hash requires >> calculating the hash of the decoded ascii string. >> >> For example, to verify the 'kexec_load' data hash: >> >> sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements >>> grep kexec_load | cut -d' ' -f 6 | xxd -r -p | sha256sum >> >> To verify the 'kexec_execute' data hash: >> >> sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements >>> grep kexec_execute | cut -d' ' -f 6 | xxd -r -p | sha256sum >> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> >> Signed-off-by: steven chen <chenste@linux.microsoft.com> >> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> >> --- >> security/integrity/ima/ima.h | 6 ++++++ >> security/integrity/ima/ima_kexec.c | 21 +++++++++++++++++++++ >> security/integrity/ima/ima_queue.c | 5 +++++ >> 3 files changed, 32 insertions(+) >> >> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h >> index 24d09ea91b87..34815baf5e21 100644 >> --- a/security/integrity/ima/ima.h >> +++ b/security/integrity/ima/ima.h >> @@ -240,6 +240,12 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, >> unsigned long flags, bool create); >> #endif >> >> +#ifdef CONFIG_IMA_KEXEC >> +void ima_measure_kexec_event(const char *event_name); >> +#else >> +static inline void ima_measure_kexec_event(const char *event_name) {} >> +#endif >> + >> /* >> * The default binary_runtime_measurements list format is defined as the >> * platform native format. The canonical format is defined as little-endian. >> diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c >> index 0f214e41dd33..43223eb99046 100644 >> --- a/security/integrity/ima/ima_kexec.c >> +++ b/security/integrity/ima/ima_kexec.c >> @@ -17,6 +17,8 @@ >> #include "ima.h" >> >> #ifdef CONFIG_IMA_KEXEC >> +#define IMA_KEXEC_EVENT_LEN 256 >> + >> static bool ima_kexec_update_registered; >> static struct seq_file ima_kexec_file; >> static size_t kexec_segment_size; >> @@ -36,6 +38,24 @@ static void ima_free_kexec_file_buf(struct seq_file *sf) >> ima_reset_kexec_file(sf); >> } >> >> +void ima_measure_kexec_event(const char *event_name) >> +{ >> + char ima_kexec_event[IMA_KEXEC_EVENT_LEN]; >> + size_t buf_size = 0; >> + long len; >> + int n; >> + >> + buf_size = ima_get_binary_runtime_size(); >> + len = atomic_long_read(&ima_htable.len); >> + >> + n = scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN, >> + "kexec_segment_size=%lu;ima_binary_runtime_size=%lu;" >> + "ima_runtime_measurements_count=%ld;", >> + kexec_segment_size, buf_size, len); >> + >> + ima_measure_critical_data("ima_kexec", event_name, ima_kexec_event, n, false, NULL, 0); >> +} >> + >> static int ima_alloc_kexec_file_buf(size_t segment_size) >> { >> /* >> @@ -58,6 +78,7 @@ static int ima_alloc_kexec_file_buf(size_t segment_size) >> out: >> ima_kexec_file.read_pos = 0; >> ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved space */ >> + ima_measure_kexec_event("kexec_load"); >> >> return 0; >> } >> diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c >> index 83d53824aa98..590637e81ad1 100644 >> --- a/security/integrity/ima/ima_queue.c >> +++ b/security/integrity/ima/ima_queue.c >> @@ -241,6 +241,11 @@ static int ima_reboot_notifier(struct notifier_block *nb, >> unsigned long action, >> void *data) >> { >> +#ifdef CONFIG_IMA_KEXEC >> + if (action == SYS_RESTART && data && !strcmp(data, "kexec reboot")) >> + ima_measure_kexec_event("kexec_execute"); >> +#endif > After a kexec execute, the measurement list does not verify properly and the > "kexec_execute" critical data does not appear in the measurement list. This > makes me think the critical data IS being extended into the TPM, but the > measurement list is being copied before the "kexec_execute" critical data is > called. > > This actually makes sense since the reboot notifier ima_update_kexec_buffer() > priority is higher than ima_reboot_notifier(). > > INT_MIN: runs the callback late > INT_MAX: runs the callback early > > Either reverse the callback priorities or revert moving the "kexec_execute" > critical data to ima_reboot_notifier(). > > thanks, > > Mimi Hi Mimi, I will reverse the callback priority. Thanks, Steven >> + >> ima_measurements_suspend(); >> >> return NOTIFY_DONE;
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 24d09ea91b87..34815baf5e21 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -240,6 +240,12 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, unsigned long flags, bool create); #endif +#ifdef CONFIG_IMA_KEXEC +void ima_measure_kexec_event(const char *event_name); +#else +static inline void ima_measure_kexec_event(const char *event_name) {} +#endif + /* * The default binary_runtime_measurements list format is defined as the * platform native format. The canonical format is defined as little-endian. diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 0f214e41dd33..43223eb99046 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -17,6 +17,8 @@ #include "ima.h" #ifdef CONFIG_IMA_KEXEC +#define IMA_KEXEC_EVENT_LEN 256 + static bool ima_kexec_update_registered; static struct seq_file ima_kexec_file; static size_t kexec_segment_size; @@ -36,6 +38,24 @@ static void ima_free_kexec_file_buf(struct seq_file *sf) ima_reset_kexec_file(sf); } +void ima_measure_kexec_event(const char *event_name) +{ + char ima_kexec_event[IMA_KEXEC_EVENT_LEN]; + size_t buf_size = 0; + long len; + int n; + + buf_size = ima_get_binary_runtime_size(); + len = atomic_long_read(&ima_htable.len); + + n = scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN, + "kexec_segment_size=%lu;ima_binary_runtime_size=%lu;" + "ima_runtime_measurements_count=%ld;", + kexec_segment_size, buf_size, len); + + ima_measure_critical_data("ima_kexec", event_name, ima_kexec_event, n, false, NULL, 0); +} + static int ima_alloc_kexec_file_buf(size_t segment_size) { /* @@ -58,6 +78,7 @@ static int ima_alloc_kexec_file_buf(size_t segment_size) out: ima_kexec_file.read_pos = 0; ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved space */ + ima_measure_kexec_event("kexec_load"); return 0; } diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 83d53824aa98..590637e81ad1 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -241,6 +241,11 @@ static int ima_reboot_notifier(struct notifier_block *nb, unsigned long action, void *data) { +#ifdef CONFIG_IMA_KEXEC + if (action == SYS_RESTART && data && !strcmp(data, "kexec reboot")) + ima_measure_kexec_event("kexec_execute"); +#endif + ima_measurements_suspend(); return NOTIFY_DONE;