From patchwork Mon Aug 17 21:52:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11719253 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 80592739 for ; Mon, 17 Aug 2020 21:52:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5E4D12072E for ; Mon, 17 Aug 2020 21:52:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fCMGloIK" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728684AbgHQVws (ORCPT ); Mon, 17 Aug 2020 17:52:48 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:25005 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727931AbgHQVwr (ORCPT ); Mon, 17 Aug 2020 17:52:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597701166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BMKjbUdhIVST6o3H3+0+skCoVkiZxquiNwTivuQ2ZEc=; b=fCMGloIKHnA15/7kBnnUfiUKNfrFck7A7XzGMNFcTBZSqZN1A7NzX48YDNnb+ITdzcRK6l pWNfiYIM8mT4WbOeydE8KRcrUvI8G32f7yaSMoUu31blgpMn8dNfhXamWdtKoIXC5IJe7+ wIkvK76CBZwExEloOX9yYI6tqnfjQpA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-376-ioYGrboyOSeNDdyxtvOnyw-1; Mon, 17 Aug 2020 17:52:44 -0400 X-MC-Unique: ioYGrboyOSeNDdyxtvOnyw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 03927801AC9; Mon, 17 Aug 2020 21:52:44 +0000 (UTC) Received: from localhost (ovpn-116-138.gru2.redhat.com [10.97.116.138]) by smtp.corp.redhat.com (Postfix) with ESMTP id 53D7E5D9DC; Mon, 17 Aug 2020 21:52:40 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH 1/4] ima: add check for enforced appraise option Date: Mon, 17 Aug 2020 18:52:30 -0300 Message-Id: <20200817215233.95319-2-bmeneg@redhat.com> In-Reply-To: <20200817215233.95319-1-bmeneg@redhat.com> References: <20200817215233.95319-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The "enforce" string is allowed as an option for ima_appraise= kernel paramenter per kernel-paramenters.txt and should be considered on the parameter setup checking as a matter of completeness. Also it allows futher checking on the options being passed by the user. Signed-off-by: Bruno Meneguele --- security/integrity/ima/ima_appraise.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 372d16382960..580b771e3458 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -31,6 +31,8 @@ static int __init default_appraise_setup(char *str) ima_appraise = IMA_APPRAISE_LOG; else if (strncmp(str, "fix", 3) == 0) ima_appraise = IMA_APPRAISE_FIX; + else if (strncmp(str, "enforce", 7) == 0) + ima_appraise = IMA_APPRAISE_ENFORCE; #endif return 1; } From patchwork Mon Aug 17 21:52:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11719255 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 67131739 for ; Mon, 17 Aug 2020 21:52:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4F68420758 for ; Mon, 17 Aug 2020 21:52:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="NUlu741t" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728615AbgHQVwy (ORCPT ); Mon, 17 Aug 2020 17:52:54 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:25899 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727931AbgHQVwx (ORCPT ); Mon, 17 Aug 2020 17:52:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597701171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=srs1y+j1kl1pQztDqt8jA3bnaiDQ/OGv3Q3z1R5jaEI=; b=NUlu741tlaaZBxQ/BfhcmsYk2KnIqnUYeWU5/EGK19/mid9QGrGBHxaWx+m/2LsMOto2Sw AdbTMHr8W3eOeuzxpj+Tlwpg0XliyLAnG0z/KYbNerH8DexlFSGgmWHU0fp4cagXDaY/Lr s30zu+yQ0HWaWEKU04qoIGCgiO1JlUY= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-465-oJsKJaGYOKaxaD2siTW8QA-1; Mon, 17 Aug 2020 17:52:49 -0400 X-MC-Unique: oJsKJaGYOKaxaD2siTW8QA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9DE43425CC; Mon, 17 Aug 2020 21:52:48 +0000 (UTC) Received: from localhost (ovpn-116-138.gru2.redhat.com [10.97.116.138]) by smtp.corp.redhat.com (Postfix) with ESMTP id 66D8565C74; Mon, 17 Aug 2020 21:52:45 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH 2/4] integrity: invalid kernel parameters feedback Date: Mon, 17 Aug 2020 18:52:31 -0300 Message-Id: <20200817215233.95319-3-bmeneg@redhat.com> In-Reply-To: <20200817215233.95319-1-bmeneg@redhat.com> References: <20200817215233.95319-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Prompt a message to kmsg in case the user entered any invalid option to some of the ima_{policy,appraise,hash} and evm kernel parameters. It's already done for ima_template. Signed-off-by: Bruno Meneguele --- security/integrity/evm/evm_main.c | 3 +++ security/integrity/ima/ima_appraise.c | 2 ++ security/integrity/ima/ima_main.c | 13 +++++++++---- security/integrity/ima/ima_policy.c | 2 ++ 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 0d36259b690d..6ae00fee1d34 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -59,6 +59,9 @@ static int __init evm_set_fixmode(char *str) { if (strncmp(str, "fix", 3) == 0) evm_fixmode = 1; + else + pr_err("invalid \"%s\" mode", str); + return 0; } __setup("evm=", evm_set_fixmode); diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 580b771e3458..2193b51c2743 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -33,6 +33,8 @@ static int __init default_appraise_setup(char *str) ima_appraise = IMA_APPRAISE_FIX; else if (strncmp(str, "enforce", 7) == 0) ima_appraise = IMA_APPRAISE_ENFORCE; + else + pr_err("invalid \"%s\" appraise option", str); #endif return 1; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 8a91711ca79b..2b22932b140d 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -50,18 +50,23 @@ static int __init hash_setup(char *str) return 1; if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { - if (strncmp(str, "sha1", 4) == 0) + if (strncmp(str, "sha1", 4) == 0) { ima_hash_algo = HASH_ALGO_SHA1; - else if (strncmp(str, "md5", 3) == 0) + } else if (strncmp(str, "md5", 3) == 0) { ima_hash_algo = HASH_ALGO_MD5; - else + } else { + pr_err("invalid hash algorithm \"%s\" for template \"%s\"", + str, IMA_TEMPLATE_IMA_NAME); return 1; + } goto out; } i = match_string(hash_algo_name, HASH_ALGO__LAST, str); - if (i < 0) + if (i < 0) { + pr_err("invalid hash algorithm \"%s\"", str); return 1; + } ima_hash_algo = i; out: diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 07f033634b27..880d10887de8 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -240,6 +240,8 @@ static int __init policy_setup(char *str) ima_use_secure_boot = true; else if (strcmp(p, "fail_securely") == 0) ima_fail_unverifiable_sigs = true; + else + pr_err("policy \"%s\" not found", p); } return 1; From patchwork Mon Aug 17 21:52:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11719257 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A46F013B1 for ; Mon, 17 Aug 2020 21:52:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8342720758 for ; Mon, 17 Aug 2020 21:52:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ijChbYfE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728555AbgHQVw7 (ORCPT ); Mon, 17 Aug 2020 17:52:59 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:48016 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728562AbgHQVw6 (ORCPT ); Mon, 17 Aug 2020 17:52:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597701177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3lHy2PkWS9dUrHVTyx2t6UBWcHeRAbRKALepRMGwjdE=; b=ijChbYfENjFWwUf//UExnLWJus1RujwALN7Vm2PmtMBi2/4Muh+IYYifuTneJgKe/sRdaX H3FaFkEsVQWO7lvwRCUHF/pOf+k74G9wqdFUfV5Pda4JX6F5kt7J/+VvJNua4ZKsXVwxZ/ 4ykMZ6BBfi1Ak9PePVClt5k11u/Ntv8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-430-4WTCbgEBNXiHiPbpZehrWw-1; Mon, 17 Aug 2020 17:52:54 -0400 X-MC-Unique: 4WTCbgEBNXiHiPbpZehrWw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 145091007B00; Mon, 17 Aug 2020 21:52:53 +0000 (UTC) Received: from localhost (ovpn-116-138.gru2.redhat.com [10.97.116.138]) by smtp.corp.redhat.com (Postfix) with ESMTP id D1750784BB; Mon, 17 Aug 2020 21:52:49 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH 3/4] ima: limit secure boot feedback scope for appraise Date: Mon, 17 Aug 2020 18:52:32 -0300 Message-Id: <20200817215233.95319-4-bmeneg@redhat.com> In-Reply-To: <20200817215233.95319-1-bmeneg@redhat.com> References: <20200817215233.95319-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Instead of print to kmsg any ima_appraise= option passed by the user in case of secure boot being enabled, first check if the state was really changed from its original "enforce" state, otherwise don't print anything. Signed-off-by: Bruno Meneguele --- security/integrity/ima/ima_appraise.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 2193b51c2743..000df14f198a 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -19,11 +19,7 @@ static int __init default_appraise_setup(char *str) { #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM - if (arch_ima_get_secureboot()) { - pr_info("Secure boot enabled: ignoring ima_appraise=%s boot parameter option", - str); - return 1; - } + bool sb_state = arch_ima_get_secureboot(); if (strncmp(str, "off", 3) == 0) ima_appraise = 0; @@ -35,6 +31,16 @@ static int __init default_appraise_setup(char *str) ima_appraise = IMA_APPRAISE_ENFORCE; else pr_err("invalid \"%s\" appraise option", str); + + /* If appraisal state was changed, but secure boot is enabled, + * reset it to enforced */ + if (sb_state) { + if (!is_ima_appraise_enabled()) { + pr_info("Secure boot enabled: ignoring ima_appraise=%s option", + str); + ima_appraise = IMA_APPRAISE_ENFORCE; + } + } #endif return 1; } From patchwork Mon Aug 17 21:52:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11719259 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 989F5739 for ; Mon, 17 Aug 2020 21:53:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7752A20758 for ; Mon, 17 Aug 2020 21:53:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PAKUPSB7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728644AbgHQVxE (ORCPT ); Mon, 17 Aug 2020 17:53:04 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:33546 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727931AbgHQVxC (ORCPT ); Mon, 17 Aug 2020 17:53:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597701180; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+LfMo0bPH1qwF7NhkKROPvBHvn6aBWYvqMe0We0V1A0=; b=PAKUPSB7LsbSIENi/GNdkzCJDKJJ1HYZyEblTdwTV4opzaEZmzHmghLibCP64KQYZbgeDn lzPCvXm9Q/Mhd//b18sjVwd8dDiVROITkZyIHzzvlA/wz1yeuNE7fKFE8NZxJ1HCH53pAU Hlj0cja8TkcRoBudwz7n1DctXE+22oM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-219-BeejGxuAM8mGM84ziVKYKw-1; Mon, 17 Aug 2020 17:52:58 -0400 X-MC-Unique: BeejGxuAM8mGM84ziVKYKw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E080181F00B; Mon, 17 Aug 2020 21:52:57 +0000 (UTC) Received: from localhost (ovpn-116-138.gru2.redhat.com [10.97.116.138]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7988210021AA; Mon, 17 Aug 2020 21:52:54 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH 4/4] integrity: prompt keyring name for unknown key request Date: Mon, 17 Aug 2020 18:52:33 -0300 Message-Id: <20200817215233.95319-5-bmeneg@redhat.com> In-Reply-To: <20200817215233.95319-1-bmeneg@redhat.com> References: <20200817215233.95319-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Depending on the IMA policy a key can be searched in multiple keyrings (e.g. .ima and .platform) and possibly failing for both. However, for the user not aware of the searching order it's not clear what's the keyring the kernel didn't find the key. With this patch we improve this feedback by printing the keyring "description" (name). Signed-off-by: Bruno Meneguele Reviewed-by: Mimi Zohar --- security/integrity/digsig_asymmetric.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index cfa4127d0518..14de98ef67f6 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -55,8 +55,14 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) } if (IS_ERR(key)) { - pr_err_ratelimited("Request for unknown key '%s' err %ld\n", - name, PTR_ERR(key)); + if (keyring) + pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n", + name, keyring->description, + PTR_ERR(key)); + else + pr_err_ratelimited("Request for unknown key '%s' err %ld\n", + name, PTR_ERR(key)); + switch (PTR_ERR(key)) { /* Hide some search errors */ case -EACCES: