From patchwork Fri Sep 4 19:40:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11758439 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 21758925 for ; Fri, 4 Sep 2020 19:41:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 05565208DB for ; Fri, 4 Sep 2020 19:41:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="MAWYt6V7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726618AbgIDTlR (ORCPT ); Fri, 4 Sep 2020 15:41:17 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:20422 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727998AbgIDTlQ (ORCPT ); Fri, 4 Sep 2020 15:41:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599248474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BMKjbUdhIVST6o3H3+0+skCoVkiZxquiNwTivuQ2ZEc=; b=MAWYt6V7cHlx95EmZgfH3tZqB7almJXtvUHIMTczz4sjsJjHRDMFeIgwZG61KM0EaZZnIq C/tX0rPmRtPUu8obEOMZGCklY6Jou/nDwD/wDtcWA0CG9a2cnj8ajopKDi5tCDMIRdEtgk 9IM7/9R9zm2W1xqkkNDWHibq1NVc7Zw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-356-zLBI8lbqNiKbUAemSP9glQ-1; Fri, 04 Sep 2020 15:41:12 -0400 X-MC-Unique: zLBI8lbqNiKbUAemSP9glQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A0945425E1; Fri, 4 Sep 2020 19:41:11 +0000 (UTC) Received: from localhost (ovpn-116-173.gru2.redhat.com [10.97.116.173]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4EA2610027A6; Fri, 4 Sep 2020 19:41:08 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH v2 1/4] ima: add check for enforced appraise option Date: Fri, 4 Sep 2020 16:40:57 -0300 Message-Id: <20200904194100.761848-2-bmeneg@redhat.com> In-Reply-To: <20200904194100.761848-1-bmeneg@redhat.com> References: <20200904194100.761848-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The "enforce" string is allowed as an option for ima_appraise= kernel paramenter per kernel-paramenters.txt and should be considered on the parameter setup checking as a matter of completeness. Also it allows futher checking on the options being passed by the user. Signed-off-by: Bruno Meneguele --- security/integrity/ima/ima_appraise.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 372d16382960..580b771e3458 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -31,6 +31,8 @@ static int __init default_appraise_setup(char *str) ima_appraise = IMA_APPRAISE_LOG; else if (strncmp(str, "fix", 3) == 0) ima_appraise = IMA_APPRAISE_FIX; + else if (strncmp(str, "enforce", 7) == 0) + ima_appraise = IMA_APPRAISE_ENFORCE; #endif return 1; } From patchwork Fri Sep 4 19:40:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11758441 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 63287925 for ; Fri, 4 Sep 2020 19:41:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 47BF9208FE for ; Fri, 4 Sep 2020 19:41:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="JDo+NWqO" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726265AbgIDTlY (ORCPT ); Fri, 4 Sep 2020 15:41:24 -0400 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:20295 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727995AbgIDTlV (ORCPT ); Fri, 4 Sep 2020 15:41:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599248480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jVRPKhuJMAmDmKem2C3GSgT3lk7ReRE/AfXa4Qh7ZFw=; b=JDo+NWqOOE9vx3ROyWWdYe0xXKdT1ZcZO2Jv+4KVUXrWkCH0Ai0ggAG+Tc83T7ethkOsQT 8GhDof0hgj4tEYcg4wQlliD/spBH/4ZlCSmKG/XJJFXkNkIkpz2qV2RpalWW8u6XUUVivq 8U6CFCA/Ous9Sfr/MaDH5ZIMQ47qNZE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-441-1OnbtpRZPc6NBPW4AQgWHg-1; Fri, 04 Sep 2020 15:41:18 -0400 X-MC-Unique: 1OnbtpRZPc6NBPW4AQgWHg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4335D8015FA; Fri, 4 Sep 2020 19:41:17 +0000 (UTC) Received: from localhost (ovpn-116-173.gru2.redhat.com [10.97.116.173]) by smtp.corp.redhat.com (Postfix) with ESMTP id B4A4B74E33; Fri, 4 Sep 2020 19:41:13 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH v2 2/4] integrity: invalid kernel parameters feedback Date: Fri, 4 Sep 2020 16:40:58 -0300 Message-Id: <20200904194100.761848-3-bmeneg@redhat.com> In-Reply-To: <20200904194100.761848-1-bmeneg@redhat.com> References: <20200904194100.761848-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Don't silently ignore unknown or invalid ima_{policy,appraise,hash} and evm kernel boot command line options. Signed-off-by: Bruno Meneguele --- Changelog: v2: update commit message (Mimi) security/integrity/evm/evm_main.c | 3 +++ security/integrity/ima/ima_appraise.c | 2 ++ security/integrity/ima/ima_main.c | 13 +++++++++---- security/integrity/ima/ima_policy.c | 2 ++ 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 0d36259b690d..6ae00fee1d34 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -59,6 +59,9 @@ static int __init evm_set_fixmode(char *str) { if (strncmp(str, "fix", 3) == 0) evm_fixmode = 1; + else + pr_err("invalid \"%s\" mode", str); + return 0; } __setup("evm=", evm_set_fixmode); diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 580b771e3458..2193b51c2743 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -33,6 +33,8 @@ static int __init default_appraise_setup(char *str) ima_appraise = IMA_APPRAISE_FIX; else if (strncmp(str, "enforce", 7) == 0) ima_appraise = IMA_APPRAISE_ENFORCE; + else + pr_err("invalid \"%s\" appraise option", str); #endif return 1; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 8a91711ca79b..2b22932b140d 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -50,18 +50,23 @@ static int __init hash_setup(char *str) return 1; if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { - if (strncmp(str, "sha1", 4) == 0) + if (strncmp(str, "sha1", 4) == 0) { ima_hash_algo = HASH_ALGO_SHA1; - else if (strncmp(str, "md5", 3) == 0) + } else if (strncmp(str, "md5", 3) == 0) { ima_hash_algo = HASH_ALGO_MD5; - else + } else { + pr_err("invalid hash algorithm \"%s\" for template \"%s\"", + str, IMA_TEMPLATE_IMA_NAME); return 1; + } goto out; } i = match_string(hash_algo_name, HASH_ALGO__LAST, str); - if (i < 0) + if (i < 0) { + pr_err("invalid hash algorithm \"%s\"", str); return 1; + } ima_hash_algo = i; out: diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 07f033634b27..880d10887de8 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -240,6 +240,8 @@ static int __init policy_setup(char *str) ima_use_secure_boot = true; else if (strcmp(p, "fail_securely") == 0) ima_fail_unverifiable_sigs = true; + else + pr_err("policy \"%s\" not found", p); } return 1; From patchwork Fri Sep 4 19:40:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11758443 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E632B14F9 for ; Fri, 4 Sep 2020 19:41:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB6B7208FE for ; Fri, 4 Sep 2020 19:41:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="BRmc6Daf" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728035AbgIDTl3 (ORCPT ); Fri, 4 Sep 2020 15:41:29 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:26765 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728020AbgIDTl0 (ORCPT ); Fri, 4 Sep 2020 15:41:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599248485; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nPCP2biH+LQKhFnXIrAGByYYznE/N+VoqKCeeQjbOnA=; b=BRmc6DafUENQaiDwDC/ebWd8qTqZmRGFoelsF3vAdYjwKH4AHli5FEproqDA4ue8flJQFt o5PoHW/9Gk8TzilaJ8MCbw3Q5JUYZ0MmXNHJGvIe2f/16TdrqFb0weYo8q8vWYMqhGU4Vi Rjt8oSLw/ilUp5nYS2L5ovxqIvlXAYc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-93-Spg73A2LOoG49vCwZQfE0w-1; Fri, 04 Sep 2020 15:41:24 -0400 X-MC-Unique: Spg73A2LOoG49vCwZQfE0w-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F3138801AB8; Fri, 4 Sep 2020 19:41:22 +0000 (UTC) Received: from localhost (ovpn-116-173.gru2.redhat.com [10.97.116.173]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4BC2C5D9CC; Fri, 4 Sep 2020 19:41:19 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH v2 3/4] ima: limit secure boot feedback scope for appraise Date: Fri, 4 Sep 2020 16:40:59 -0300 Message-Id: <20200904194100.761848-4-bmeneg@redhat.com> In-Reply-To: <20200904194100.761848-1-bmeneg@redhat.com> References: <20200904194100.761848-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Only prompt the unknown/invalid appraisal option if secureboot is enabled and if the current state differentiates from the original one. Signed-off-by: Bruno Meneguele --- Changelog: v2: - update commit message (Mimi) - work with a temporary var instead of directly with ima_appraise (Mimi) security/integrity/ima/ima_appraise.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 2193b51c2743..d17808245592 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -19,22 +19,29 @@ static int __init default_appraise_setup(char *str) { #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM - if (arch_ima_get_secureboot()) { - pr_info("Secure boot enabled: ignoring ima_appraise=%s boot parameter option", - str); - return 1; - } + bool sb_state = arch_ima_get_secureboot(); + int appraisal_state = ima_appraise; if (strncmp(str, "off", 3) == 0) - ima_appraise = 0; + appraisal_state = 0; else if (strncmp(str, "log", 3) == 0) - ima_appraise = IMA_APPRAISE_LOG; + appraisal_state = IMA_APPRAISE_LOG; else if (strncmp(str, "fix", 3) == 0) - ima_appraise = IMA_APPRAISE_FIX; + appraisal_state = IMA_APPRAISE_FIX; else if (strncmp(str, "enforce", 7) == 0) - ima_appraise = IMA_APPRAISE_ENFORCE; + appraisal_state = IMA_APPRAISE_ENFORCE; else pr_err("invalid \"%s\" appraise option", str); + + /* If appraisal state was changed, but secure boot is enabled, + * keep its default */ + if (sb_state) { + if (!(appraisal_state & IMA_APPRAISE_ENFORCE)) + pr_info("Secure boot enabled: ignoring ima_appraise=%s option", + str); + else + ima_appraise = appraisal_state; + } #endif return 1; } From patchwork Fri Sep 4 19:41:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Meneguele X-Patchwork-Id: 11758445 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C24E3925 for ; Fri, 4 Sep 2020 19:41:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A24102098B for ; Fri, 4 Sep 2020 19:41:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Vmr0wn0b" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728071AbgIDTlf (ORCPT ); Fri, 4 Sep 2020 15:41:35 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:24925 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728057AbgIDTle (ORCPT ); Fri, 4 Sep 2020 15:41:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599248493; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+LfMo0bPH1qwF7NhkKROPvBHvn6aBWYvqMe0We0V1A0=; b=Vmr0wn0bbUI/+XmiK19sWEZZKfFyj6oQeerQ4w5Ff9S79jbr5UQ8M0oQ622e3CZIopyoxG 9DApe9fdxUiiLr/vOWPiW/qogr/FMErTO2NQ6UcOONFgdw8q5cenFSKldwpQjqEKTPWxiG EMZ529aMn/sEWWkl/nMEqkvBPGgz5is= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-256-6gBDPg3gMXel9fFtSjWU5g-1; Fri, 04 Sep 2020 15:41:29 -0400 X-MC-Unique: 6gBDPg3gMXel9fFtSjWU5g-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 968D71DE13; Fri, 4 Sep 2020 19:41:28 +0000 (UTC) Received: from localhost (ovpn-116-173.gru2.redhat.com [10.97.116.173]) by smtp.corp.redhat.com (Postfix) with ESMTP id D74735C1D0; Fri, 4 Sep 2020 19:41:24 +0000 (UTC) From: Bruno Meneguele To: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Cc: zohar@linux.ibm.com, Bruno Meneguele Subject: [PATCH v2 4/4] integrity: prompt keyring name for unknown key request Date: Fri, 4 Sep 2020 16:41:00 -0300 Message-Id: <20200904194100.761848-5-bmeneg@redhat.com> In-Reply-To: <20200904194100.761848-1-bmeneg@redhat.com> References: <20200904194100.761848-1-bmeneg@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Depending on the IMA policy a key can be searched in multiple keyrings (e.g. .ima and .platform) and possibly failing for both. However, for the user not aware of the searching order it's not clear what's the keyring the kernel didn't find the key. With this patch we improve this feedback by printing the keyring "description" (name). Signed-off-by: Bruno Meneguele --- security/integrity/digsig_asymmetric.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index cfa4127d0518..14de98ef67f6 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -55,8 +55,14 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) } if (IS_ERR(key)) { - pr_err_ratelimited("Request for unknown key '%s' err %ld\n", - name, PTR_ERR(key)); + if (keyring) + pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n", + name, keyring->description, + PTR_ERR(key)); + else + pr_err_ratelimited("Request for unknown key '%s' err %ld\n", + name, PTR_ERR(key)); + switch (PTR_ERR(key)) { /* Hide some search errors */ case -EACCES: