[RFC,v1,0/7] ima: get rid of hard dependency on SHA-1

Message ID	20250313173339.3815589-1-nstange@suse.de (mailing list archive)
Headers	show Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 801771684B4 for <linux-security-module@vger.kernel.org>; Thu, 13 Mar 2025 17:34:50 +0000 (UTC) From: Nicolai Stange <nstange@suse.de> To: Mimi Zohar <zohar@linux.ibm.com>, Roberto Sassu <roberto.sassu@huawei.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: Eric Snowberg <eric.snowberg@oracle.com>, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Nicolai Stange <nstange@suse.de> Subject: [RFC PATCH v1 0/7] ima: get rid of hard dependency on SHA-1 Date: Thu, 13 Mar 2025 18:33:32 +0100 Message-ID: <20250313173339.3815589-1-nstange@suse.de> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	ima: get rid of hard dependency on SHA-1 \| expand [RFC,v1,0/7] ima: get rid of hard dependency on SHA-1 [RFC,v1,1/7] ima: don't expose runtime_measurements for unsupported hashes [RFC,v1,2/7] ima: always create runtime_measurements sysfs file for ima_hash [RFC,v1,3/7] ima: move INVALID_PCR() to ima.h [RFC,v1,4/7] ima: track the set of PCRs ever extended [RFC,v1,5/7] tpm: enable bank selection for PCR extend [RFC,v1,6/7] ima: invalidate unsupported PCR banks once at first use [RFC,v1,7/7] ima: make SHA1 non-mandatory

Message ID

20250313173339.3815589-1-nstange@suse.de (mailing list archive)

Headers

From: Nicolai Stange <nstange@suse.de>
To: Mimi Zohar <zohar@linux.ibm.com>,
	Roberto Sassu <roberto.sassu@huawei.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: Eric Snowberg <eric.snowberg@oracle.com>,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Nicolai Stange <nstange@suse.de>
Subject: [RFC PATCH v1 0/7] ima: get rid of hard dependency on SHA-1
Date: Thu, 13 Mar 2025 18:33:32 +0100
Message-ID: <20250313173339.3815589-1-nstange@suse.de>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

ima: get rid of hard dependency on SHA-1 | expand

Message

Nicolai Stange March 13, 2025, 5:33 p.m. UTC

Hi all,

if no SHA-1 implementation was available to the kernel, IMA init would
currently fail, rendering the whole subsystem unusable.

This patch series is an attempt to make SHA-1 availability non-mandatory
for IMA. The main motivation is that NIST announced to sunset SHA-1 by
2030 ([1]), whereby any attempt to instantiate it when booted in FIPS mode
would have to be made to fail with -ENOENT. As this does potentially have
an impact on lifetimes for FIPS certifications issued today, distros might
be interested in disabling SHA-1 downstream soon already.

Anyway, making IMA to work without a SHA-1 implementation available is not
so straightforward, mainly due to that established scheme to substitute
padded SHA-1 template hashes for PCR banks with unmapped/unavailable algos.
There is some userspace around expecting that existing behavior, e.g. the
ima_measurement command from ([2]), and breaking that in certain scenarios
is inevitable.

I tried to make it the least painful possible, and I think I arrived at
a not completely unreasonable solution in the end, but wouldn't be too
surprised if you had a different stance on that. So I would be curious
about your feedback on whether this is a route worth pursuing any further.
FWIW, the most controversial parts are probably
 - [1/7] ima: don't expose runtime_measurements for unsupported hashes
 - [6/7] ima: invalidate unsupported PCR banks once at first use

Note that I haven't tested this series thoroughly yet -- for the time being
I only ran a couple of brief smoke tests in a VM w/o a TPM  (w/ and w/o
SHA-1 disabled of course).

Many thanks!

Nicolai

[1] https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
[2] https://github.com/linux-integrity/ima-evm-utils.git

Nicolai Stange (7):
  ima: don't expose runtime_measurements for unsupported hashes
  ima: always create runtime_measurements sysfs file for ima_hash
  ima: move INVALID_PCR() to ima.h
  ima: track the set of PCRs ever extended
  tpm: enable bank selection for PCR extend
  ima: invalidate unsupported PCR banks once at first use
  ima: make SHA1 non-mandatory

 drivers/char/tpm/tpm-interface.c      | 29 +++++++++-
 drivers/char/tpm/tpm.h                |  3 +-
 drivers/char/tpm/tpm2-cmd.c           | 29 +++++++++-
 include/linux/tpm.h                   |  3 +
 security/integrity/ima/Kconfig        | 14 +++++
 security/integrity/ima/ima.h          |  9 +++
 security/integrity/ima/ima_crypto.c   | 83 ++++++++++++++++-----------
 security/integrity/ima/ima_fs.c       | 41 +++++++------
 security/integrity/ima/ima_policy.c   |  5 +-
 security/integrity/ima/ima_queue.c    | 26 ++++++++-
 security/integrity/ima/ima_template.c |  7 +++
 11 files changed, 190 insertions(+), 59 deletions(-)