From patchwork Tue Aug 1 18:19:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 13337139 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E83CC0015E for ; Tue, 1 Aug 2023 18:19:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229605AbjHASTb (ORCPT ); Tue, 1 Aug 2023 14:19:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229678AbjHAST2 (ORCPT ); Tue, 1 Aug 2023 14:19:28 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 750502134 for ; Tue, 1 Aug 2023 11:19:27 -0700 (PDT) Received: from tushar-HP-Pavilion-Laptop-15-eg0xxx.lan (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id 99EEE238AE9C; Tue, 1 Aug 2023 11:19:26 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 99EEE238AE9C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1690913966; bh=8ydQCAOPOcf0m6nyFkBYLJu31rgHvyoufSpVxcSoJOU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nTQs58MKcYI5m8cZi/KfepiNoc+9Qzhe8vHJiHCzwb1zY3l/8Lg/Jrs1O68GhFuAX LAyY8YhGdjR3djBs0Ot+of/N6uUFngUguWtamjN0HGQ05U7AAXOGi29drdHbumARAp FmLnw54tQJmRZEShydnAXu3RUCi6cIsbTLMXHINU= From: Tushar Sugandhi To: zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH 1/6] tpm: implement TPM2 function to get update counter Date: Tue, 1 Aug 2023 11:19:12 -0700 Message-Id: <20230801181917.8535-2-tusharsu@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230801181917.8535-1-tusharsu@linux.microsoft.com> References: <20230801181917.8535-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The TPM2_PCR_Read command returns TPM2_PCR_Read Response struct[1]. It contains pcrUpdateCounter member which contains the current value of TPM PCR update counter. The update counter provides the number of times the PCRs are updated, which is essential for tracking changes and verifying system integrity. Thus, subsystems (like IMA) should measure pcrUpdateCounter value. Although tpm2_pcr_read_out struct is returned by tpm2_pcr_read(), it is not used by it's caller function tpm_pcr_read(). Further, TPM2_PCR_Read Response struct and pcrUpdateCounter is not available in tpm1_pcr_read(). PcrUpdateCounter is only needed in a specific case (IMA for measurements). Changing tpm_pcr_read() and tpm2_pcr_read() function signature to return tpm2_pcr_read_out struct would be a more disruptive change, since these functions are used elsewhere too. Creating separate functions to get pcrUpdateCounter when needed would be a cleaner approach. Add a function, 'tpm2_pcr_get_update_counter()' to retrieve the update counter for a given PCR index and algorithm ID on a TPM2 chip. This function complements existing TPM functionalities such as reading and extending PCRs, and enhances the ability to monitor PCR status in the Linux Kernel. [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_pub.pdf Section 22.4.2, Page 206. Signed-off-by: Tushar Sugandhi --- drivers/char/tpm/tpm.h | 3 +++ drivers/char/tpm/tpm2-cmd.c | 48 +++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 830014a26609..60489f21d3bd 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -288,6 +288,9 @@ static inline void tpm_add_ppi(struct tpm_chip *chip) int tpm2_get_timeouts(struct tpm_chip *chip); int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digest, u16 *digest_size_ptr); +int tpm2_pcr_get_update_counter(struct tpm_chip *chip, + u32 pcr_idx, u16 alg_id, + u32 *update_counter); int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digests); int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 93545be190a5..55f4e102289a 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -216,6 +216,54 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, return rc; } +/** + * tpm2_pcr_get_update_counter() - gets an update counter value for a PCR bank + * @chip: TPM chip to use + * @pcr_idx: PCR index used to retrieve the update counter + * @alg_id: alg id used to retrieve the update counter + * @update_counter: output update counter value + * + * Return: Same as with tpm_transmit_cmd. + */ +int tpm2_pcr_get_update_counter(struct tpm_chip *chip, + u32 pcr_idx, u16 alg_id, u32 *update_counter) +{ + int rc; + struct tpm_buf buf; + struct tpm2_pcr_read_out *read_out; + u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; + + if (pcr_idx >= TPM2_PLATFORM_PCR) + return -EINVAL; + + if (!update_counter) + return -EINVAL; + + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); + if (rc) + return rc; + + pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); + + tpm_buf_append_u32(&buf, 1); + tpm_buf_append_u16(&buf, alg_id); + tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); + tpm_buf_append(&buf, (const unsigned char *)pcr_select, + sizeof(pcr_select)); + + rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value"); + if (rc) + goto out; + + read_out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; + + *update_counter = be32_to_cpu(read_out->update_cnt); + +out: + tpm_buf_destroy(&buf); + return rc; +} + struct tpm2_null_auth_area { __be32 handle; __be16 nonce_size; From patchwork Tue Aug 1 18:19:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 13337143 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EB10C41513 for ; Tue, 1 Aug 2023 18:19:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229678AbjHASTb (ORCPT ); Tue, 1 Aug 2023 14:19:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229716AbjHAST3 (ORCPT ); Tue, 1 Aug 2023 14:19:29 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0FBDD212D for ; Tue, 1 Aug 2023 11:19:28 -0700 (PDT) Received: from tushar-HP-Pavilion-Laptop-15-eg0xxx.lan (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id 15D8B238AE9F; Tue, 1 Aug 2023 11:19:27 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 15D8B238AE9F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1690913967; bh=YyXNPicdPmDdugeuEdmn5ywOfCLWK1lBOFctYL8C0yQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QGe+IK+ZCUEzGThf5xruHt+zZH8RdEZv3/7bSCd8xRqA+/pPR8a6AugPfo1EYBLJf +BqxUuQ0BEkLxoZYWdYITMc/Ze5dvJNdH72y3w+Yq4q+lrGBKixjSw4u/jlVc8zUn2 vhwcIRUzcCNJYL81VuJ6RcdaspFIf3N3iXC4Izb0= From: Tushar Sugandhi To: zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH 2/6] tpm: provide functionality to get update counter Date: Tue, 1 Aug 2023 11:19:13 -0700 Message-Id: <20230801181917.8535-3-tusharsu@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230801181917.8535-1-tusharsu@linux.microsoft.com> References: <20230801181917.8535-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The IMA subsystem needs to measure pcrUpdateCounter value present in TPM2_PCR_Read Response struct [1]. However,the pcrUpdateCounter value is not exposed outside of the TPM subsystem by any of the existing functions. Implement a new function 'tpm_pcr_get_update_counter()', which provides a way to retrieve the PCR update counter values from subsystems outside of TPM. If the input tpm_chip is not a TPM2 chip, return an error as the functionality is currently only implemented for TPM2 chips. This function improves TPM capabilities in the Linux kernel by facilitating access to the PCR update counter. [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_pub.pdf Section 22.4.2, Page 206. Signed-off-by: Tushar Sugandhi --- drivers/char/tpm/tpm-interface.c | 28 ++++++++++++++++++++++++++++ include/linux/tpm.h | 8 ++++++++ 2 files changed, 36 insertions(+) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 7e513b771832..9a1088914487 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -300,6 +300,34 @@ int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, } EXPORT_SYMBOL_GPL(tpm_pcr_read); +/** + * tpm_pcr_get_update_counter - gets an update counter value for a PCR bank + * @chip: a &struct tpm_chip instance, %NULL for the default chip + * @pcr_idx: PCR index used to retrieve the update counter + * @alg_id: alg id used to retrieve the update counter + * @update_counter: output update counter value + * + * Return: same as with tpm_transmit_cmd() + */ +int tpm_pcr_get_update_counter(struct tpm_chip *chip, u32 pcr_idx, + u16 alg_id, u32 *update_counter) +{ + int rc; + + chip = tpm_find_get_ops(chip); + if (!chip) + return -ENODEV; + + if (chip->flags & TPM_CHIP_FLAG_TPM2) + rc = tpm2_pcr_get_update_counter(chip, pcr_idx, alg_id, + update_counter); + else + rc = -ENODEV; + + tpm_put_ops(chip); + return rc; +} +EXPORT_SYMBOL_GPL(tpm_pcr_get_update_counter); /** * tpm_pcr_extend - extend a PCR value in SHA1 bank. * @chip: a &struct tpm_chip instance, %NULL for the default chip diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 4dc97b9f65fb..3b55218b70fa 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -424,6 +424,8 @@ extern ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf, size_t min_rsp_body_length, const char *desc); extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digest); +extern int tpm_pcr_get_update_counter(struct tpm_chip *chip, u32 pcr_idx, + u16 alg_id, u32 *update_counter); extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digests); extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen); @@ -440,6 +442,12 @@ static inline int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, { return -ENODEV; } +static inline int tpm_pcr_get_update_counter(struct tpm_chip *chip, + u32 pcr_idx, u16 alg_id, + u32 *update_counter) +{ + return -ENODEV; +} static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digests) From patchwork Tue Aug 1 18:19:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 13337141 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98ED4C04A94 for ; Tue, 1 Aug 2023 18:19:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229716AbjHASTb (ORCPT ); Tue, 1 Aug 2023 14:19:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229823AbjHAST3 (ORCPT ); Tue, 1 Aug 2023 14:19:29 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 803F72136 for ; Tue, 1 Aug 2023 11:19:28 -0700 (PDT) Received: from tushar-HP-Pavilion-Laptop-15-eg0xxx.lan (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id B4CF7238AEA2; Tue, 1 Aug 2023 11:19:27 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B4CF7238AEA2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1690913968; bh=XSu/u8+vyhoyKdaPC5jr7V2GlLG5uFfsCE+21U5Fofs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kvgYNT7GmYF5rOZ0k6+hig3x2xbFWxcTxTpYi21DHDFieGhqLlltEKw8FAEJpZLrH 6QxtNqqZU/uXBPLiSHeM2QJZfwNMVRuHhALQR8rUYFT6b4d4QNP8CjPN8j5XFAWJw8 +qurG3UrKDaIX/7Ix/i4zVpJXAStZ2gAtQYp1znI= From: Tushar Sugandhi To: zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH 3/6] ima: get TPM update counter Date: Tue, 1 Aug 2023 11:19:14 -0700 Message-Id: <20230801181917.8535-4-tusharsu@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230801181917.8535-1-tusharsu@linux.microsoft.com> References: <20230801181917.8535-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Measuring the TPM PCR update counter will help the remote attestation service to validate if there are any missing entries in the IMA log, when the system goes through certain important state changes (e.g. kexec soft boot, IMA log snapshotting etc.). Detecting such missing entries would help the remote attestation service functionality to be more robust. It should also help the system administrators with manual investigations when TPM PCR quotes go out of sync with IMA measurements. Implement a new function, 'ima_tpm_get_update_counter()', which uses the 'tpm_pcr_get_update_counter()' function from the TPM driver interface to retrieve the PCR update counter of the TPM chip in use. Signed-off-by: Tushar Sugandhi --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_queue.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c29db699c996..4acd0e5a830f 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -167,6 +167,7 @@ void ima_init_template_list(void); int __init ima_init_digests(void); int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, void *lsm_data); +int ima_tpm_get_update_counter(u32 *cpu_update_counter); /* * used to protect h_table and sha_table diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 532da87ce519..38f5c35b23b2 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -135,6 +135,22 @@ unsigned long ima_get_binary_runtime_size(void) return binary_runtime_size + sizeof(struct ima_kexec_hdr); } +int ima_tpm_get_update_counter(u32 *update_counter) +{ + int result; + + if (!update_counter) + return -EINVAL; + + result = tpm_pcr_get_update_counter(ima_tpm_chip, + CONFIG_IMA_MEASURE_PCR_IDX, TPM_ALG_SHA1, update_counter); + + if (result != 0) + pr_err("Failed to get TPM PCR update counter, result: %d\n", result); + + return result; +} + static int ima_pcr_extend(struct tpm_digest *digests_arg, int pcr) { int result = 0; From patchwork Tue Aug 1 18:19:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 13337140 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 093EBC04E69 for ; Tue, 1 Aug 2023 18:19:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229823AbjHASTc (ORCPT ); Tue, 1 Aug 2023 14:19:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229833AbjHASTa (ORCPT ); Tue, 1 Aug 2023 14:19:30 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 043C02139 for ; Tue, 1 Aug 2023 11:19:29 -0700 (PDT) Received: from tushar-HP-Pavilion-Laptop-15-eg0xxx.lan (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id 33332238AEA4; Tue, 1 Aug 2023 11:19:28 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 33332238AEA4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1690913968; bh=MpKvOwQMNEthm2QKriOvs4GtmxKmM80/6fFiBHzjinA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B2ixVQ8WDavWmb+L174cjCs5Oh4eGgvJ8wIlmbnuQzZNuZpNBga2zJvkWBJ3C4IYX ng1eik6dzuZAS5s8CGmo4wnjJswaoxangJ51BJQ8Y2NZ3uQY30kEp53c29LMT7VH3Y u/59mDYN34L+bPtgD/CYnB/doawJcGKAJZTahS1M= From: Tushar Sugandhi To: zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH 4/6] ima: implement functionality to measure TPM update counter Date: Tue, 1 Aug 2023 11:19:15 -0700 Message-Id: <20230801181917.8535-5-tusharsu@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230801181917.8535-1-tusharsu@linux.microsoft.com> References: <20230801181917.8535-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Currently TPM update counter is not available external to the system, for instance, a remote attestation service. It is a problem because the service cannot easily determine if the IMA log entries are missing. The IMA functionality needs to be extended to measure the TPM update counter from various subsystems in Linux kernel to help detect if the IMA log entries are missing. Implement a function, 'ima_measure_update_counter()' which would retrieve the TPM update counter using the previously defined function 'ima_tpm_get_update_counter()'. Format it as a string with the value "update_counter=;", and measure it using the function 'ima_measure_critical_data()'. The function takes an event name as input, and the update counter value is measured as part of this event. Signed-off-by: Tushar Sugandhi --- include/linux/ima.h | 1 + security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_main.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 30 insertions(+) diff --git a/include/linux/ima.h b/include/linux/ima.h index 86b57757c7b1..f15f3a6a4c72 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -40,6 +40,7 @@ extern int ima_measure_critical_data(const char *event_label, const char *event_name, const void *buf, size_t buf_len, bool hash, u8 *digest, size_t digest_len); +int ima_measure_update_counter(const char *event_name); #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM extern void ima_appraise_parse_cmdline(void); diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 4acd0e5a830f..5484bd362237 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -168,6 +168,7 @@ int __init ima_init_digests(void); int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, void *lsm_data); int ima_tpm_get_update_counter(u32 *cpu_update_counter); +int ima_measure_update_counter(const char *event_name); /* * used to protect h_table and sha_table diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index d66a0a36415e..1bcd45cc5a6a 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1071,6 +1071,34 @@ int ima_measure_critical_data(const char *event_label, } EXPORT_SYMBOL_GPL(ima_measure_critical_data); +#define IMA_TPM_UPDATE_CTR_BUF_SIZE 128 +int ima_measure_update_counter(const char *event_name) +{ + int result; + u32 update_counter = 0; + char buf[IMA_TPM_UPDATE_CTR_BUF_SIZE]; + int buf_len; + + if (!event_name) + return -ENOPARAM; + + result = ima_tpm_get_update_counter(&update_counter); + + if (result != 0) + return result; + + scnprintf(buf, IMA_TPM_UPDATE_CTR_BUF_SIZE, "update_counter=%u;", + update_counter); + + buf_len = strlen(buf); + + result = ima_measure_critical_data("tpm_pcr_update_counter", event_name, + buf, buf_len, false, NULL, 0); + + return result; +} +EXPORT_SYMBOL_GPL(ima_measure_update_counter); + static int __init init_ima(void) { int error; From patchwork Tue Aug 1 18:19:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 13337144 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA611C001DF for ; Tue, 1 Aug 2023 18:19:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230093AbjHASTd (ORCPT ); Tue, 1 Aug 2023 14:19:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229883AbjHASTa (ORCPT ); Tue, 1 Aug 2023 14:19:30 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 81E8C2130 for ; Tue, 1 Aug 2023 11:19:29 -0700 (PDT) Received: from tushar-HP-Pavilion-Laptop-15-eg0xxx.lan (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id A88C7238AEA6; Tue, 1 Aug 2023 11:19:28 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com A88C7238AEA6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1690913969; bh=UMsa/6D6amNcXhqqKgULTQeVgWNbTSj6Vc9o3LqSmOA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=egYnxmFXUmAUrYzaMvhqMd5SZj4sz+H5N9yFX1xKDQkZxON3lo0KA07sHiGzJXMUM xJaFYoGEKAw36wRXfIQnm3yIIuNViqGHzFkt0DWFWpq0ZI6fJd+3jXCb4ubf/lUyma vAEhPC0vytGW551wjUAsccwqN44SHlAvINfeKrtc= From: Tushar Sugandhi To: zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH 5/6] ima: measure TPM update counter at ima_init Date: Tue, 1 Aug 2023 11:19:16 -0700 Message-Id: <20230801181917.8535-6-tusharsu@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230801181917.8535-1-tusharsu@linux.microsoft.com> References: <20230801181917.8535-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org IMA log entries can be lost due to a variety of causes, such as code bugs or error conditions, leading to a mismatch between TPM PCRs and the IMA log. Measuring TPM PCR update counter during ima_init would provide a baseline counter for the number of times the TPM PCRs are updated. The remote attestation service can compare this baseline counter with a subsequent measured one (e.g., post-kexec soft-boot) to identify if there are any lost IMA log events. Measure the TPM update counter at ima init. Signed-off-by: Tushar Sugandhi --- security/integrity/ima/ima_init.c | 3 +++ security/integrity/ima/ima_main.c | 1 + 2 files changed, 4 insertions(+) diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 63979aefc95f..9bb18d6c2fd6 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -154,5 +154,8 @@ int __init ima_init(void) UTS_RELEASE, strlen(UTS_RELEASE), false, NULL, 0); + /* Measures TPM update counter at ima_init */ + ima_measure_update_counter("ima_init_tpm_update_counter"); + return rc; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1bcd45cc5a6a..93357c245e82 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1035,6 +1035,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0, NULL, false, NULL, 0); fdput(f); + } /** From patchwork Tue Aug 1 18:19:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 13337142 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A5BEC04FE1 for ; Tue, 1 Aug 2023 18:19:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229833AbjHASTd (ORCPT ); Tue, 1 Aug 2023 14:19:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229996AbjHASTa (ORCPT ); Tue, 1 Aug 2023 14:19:30 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C75AE2682 for ; Tue, 1 Aug 2023 11:19:29 -0700 (PDT) Received: from tushar-HP-Pavilion-Laptop-15-eg0xxx.lan (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id 359E5238AEA9; Tue, 1 Aug 2023 11:19:29 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 359E5238AEA9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1690913969; bh=wudBVQFohkkzXxCbB2YMhOCNd/qTfMjxbpTBbqY9dK0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PfaY43aUZRm8DwP24QcvpHl3eVWh3GmSYwFS/W0vNbyTGX5CwEmejnSwQ1M8NolHn KaXAqV6CkHLBVlWThL4p+EqN2M8bBxXM2n6vJFinHjJRhhMihb7do9qxe/ly7y4MN4 VVideAkJST33sRJmHVBaLZ9/gG0MTPGTgyleEA6s= From: Tushar Sugandhi To: zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH 6/6] kexec: measure TPM update counter in ima log at kexec load Date: Tue, 1 Aug 2023 11:19:17 -0700 Message-Id: <20230801181917.8535-7-tusharsu@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230801181917.8535-1-tusharsu@linux.microsoft.com> References: <20230801181917.8535-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org IMA measurements snapshot occurs at kexec 'load', but any additional measurements between 'load' and kexec 'execute' aren't carried over post kexec soft-reboot.[1] This may lead to TPM PCRs extending with events that are not reflected in the new Kernel's IMA log. By measuring the TPM update counter at kexec 'load' and at ima_init after the kexec soft-reboot, the remote attestation service can identify potentially lost events by comparing the log event count with the counter difference. Measure the TPM update counter at kexec image load. [1] https://lore.kernel.org/all/20230703215709.1195644-1-tusharsu@linux.microsoft.com/ ima: measure events between kexec load and execute Signed-off-by: Tushar Sugandhi --- kernel/kexec_file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index f1a0e4e3fb5c..4b6391b02c5a 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -246,6 +246,9 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, image->cmdline_buf_len - 1); } + /* Measures TPM update counter at kexec load. */ + ima_measure_update_counter("kexec_load_tpm_update_counter"); + /* IMA needs to pass the measurement list to the next kernel. */ ima_add_kexec_buffer(image);