Re: [RFC] Kdump with signed images

On Wed, 2012-10-24 at 13:19 -0400, Vivek Goyal wrote: On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote: Matthew Garrett m...@redhat.com writes: On Tue, Oct 23, 2012 at 10:59:20AM -0400, Vivek Goyal wrote: But what about creation of a new program which can call

Re: Kdump with signed images

On Wed, 2012-10-24 at 13:36 -0400, Vivek Goyal wrote: On Tue, Oct 23, 2012 at 09:19:27AM -0700, Eric W. Biederman wrote: Vivek Goyal vgo...@redhat.com writes: On Tue, Oct 23, 2012 at 09:18:54AM -0400, Vivek Goyal wrote: [..] There are 3 options for trusting /sbin/kexec. There

Re: Kdump with signed images

On Thu, 2012-10-25 at 10:10 -0400, Vivek Goyal wrote: On Thu, Oct 25, 2012 at 02:10:01AM -0400, Mimi Zohar wrote: [..] IMA-appraisal verifies the integrity of file data, while EVM verifies the integrity of the file metadata, such as LSM and IMA-appraisal labels. Both 'security.ima

Re: [RFC] Kdump with signed images

On Thu, 2012-10-25 at 09:54 -0400, Vivek Goyal wrote: On Thu, Oct 25, 2012 at 01:43:59AM -0400, Mimi Zohar wrote: On Wed, 2012-10-24 at 13:19 -0400, Vivek Goyal wrote: On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote: Matthew Garrett m...@redhat.com writes

Re: Kdump with signed images

On Thu, 2012-10-25 at 14:55 -0400, Vivek Goyal wrote: On Thu, Oct 25, 2012 at 02:40:21PM -0400, Mimi Zohar wrote: On Thu, 2012-10-25 at 10:10 -0400, Vivek Goyal wrote: On Thu, Oct 25, 2012 at 02:10:01AM -0400, Mimi Zohar wrote: [..] IMA-appraisal verifies the integrity of file

Re: Kdump with signed images

On Fri, 2012-10-26 at 03:39 +0100, Matthew Garrett wrote: On Thu, Oct 25, 2012 at 09:15:58PM -0400, Mimi Zohar wrote: On a running system, the package installer, after verifying the package integrity, would install each file with the associated 'security.ima' extended attribute

Re: Kdump with signed images

On Fri, 2012-10-26 at 19:19 +0100, Matthew Garrett wrote: On Fri, Oct 26, 2012 at 01:59:34PM -0400, Mimi Zohar wrote: On Fri, 2012-10-26 at 03:39 +0100, Matthew Garrett wrote: and it must be impossible for anything other than /sbin/kexec to make the kexec system call. Permission

Re: Kdump with signed images

On Thu, 2012-11-08 at 14:40 -0500, Vivek Goyal wrote: On Tue, Nov 06, 2012 at 03:51:59PM -0800, Eric W. Biederman wrote: [..] Thnking more about executable signature verification, I have another question. While verifyign the signature, we will have to read the whole executable in

Re: Kdump with signed images

On Wed, 2012-11-14 at 21:09 -0800, Eric W. Biederman wrote: Vivek Goyal vgo...@redhat.com writes: On Thu, Nov 08, 2012 at 01:03:17PM -0800, Eric W. Biederman wrote: Vivek Goyal vgo...@redhat.com writes: On Thu, Nov 08, 2012 at 02:40:50PM -0500, Vivek Goyal wrote: On Tue, Nov 06,

Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL

On Wed, 2013-03-20 at 18:12 +, Matthew Garrett wrote: On Wed, 2013-03-20 at 14:01 -0400, Mimi Zohar wrote: Sorry, I'm not sure to which work you're referring. If you're referring to Dmitry's initramfs with digital signature protection patches, then we're speaking about enforcing

Re: [PATCH 04/16] integrity: Allow digital signature verification with a given keyring ptr

On Tue, 2013-09-10 at 17:44 -0400, Vivek Goyal wrote: Currently digital signature verification code assumes that it can be used only with 3 keyrings. IMA, EVM and MODULE keyring. Provide another variant where one can pass in a pointer to keyring (struct key *), and integrity code can try to

[RFC PATCH 5/5] module: replace copy_module_from_fd with kernel version

the security_kernel_module_from_file() function. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 4 +++ include/linux/ima.h | 1 + include/linux/lsm_hooks.h | 8 + include/linux/security.h | 3 +- kernel/mo

[RFC PATCH 2/5] firmware: replace call to fw_read_file_contents() with kernel version

the security_kernel_fw_from_file() function. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/base/firmware_class.c | 51 +-- include/linux/ima.h | 6 - include/linux/security.h | 8 +- security/integrity/ima/ima_main.

[RFC PATCH 1/5] vfs: define a generic function to read a file from the kernel

with the corresponding security post-read hook and function. Changelog: - Add missing Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 56 +++ include/linux/fs.h| 1 + include/linux/lsm_hooks.

[RFC PATCH 0/5] vfs: support for a common kernel file loader (step 1)

st version of these patches can be found in the next-kernel-read branch of: git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git Mimi Zohar (5): vfs: define a generic function to read a file from the kernel firmware: replace call to fw_read_file_contents() with kernel version kexec: re

[RFC PATCH 3/5] kexec: replace call to copy_file_from_fd() with kernel version

This patch defines kernel_read_file_from_fd(), a wrapper for the VFS common kernel_read_file(), and replaces the kexec copy_file_from_fd() calls with the kernel_read_file_from_fd() wrapper. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 15 +++ i

[RFC PATCH 4/5] ima: replace call to integrity_read_file() with kernel version

This patch defines kernel_read_file_from_path(), a wrapper for the VFS common kernel_read_file(), and replaces the integrity_read_file() with a call to the kernel_read_file_from_path() wrapper. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c

Re: [RFC PATCH 1/5] vfs: define a generic function to read a file from the kernel

On Fri, 2016-01-08 at 12:24 -0800, Kees Cook wrote: > On Fri, Jan 8, 2016 at 11:22 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > In order to measure and appraise files being read by the kernel, > > new module and kexec syscalls were defined which include a file > >

Re: [RFC PATCH 0/5] vfs: support for a common kernel file loader (step 1)

On Fri, 2016-01-08 at 14:21 -0500, Mimi Zohar wrote: > For a while it was looked down upon to directly read files from Linux. > These days there exists a few mechanisms in the kernel that do just this > though to load a file into a local buffer. There are minor but important > checks

Re: [RFC PATCH 2/5] firmware: replace call to fw_read_file_contents() with kernel version

On Fri, 2016-01-08 at 12:26 -0800, Kees Cook wrote: > On Fri, Jan 8, 2016 at 11:22 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > Replace fw_read_file_contents() for reading a file with the common VFS > > kernel_read_file() function. Call the existing firmware s

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Fri, 2015-12-25 at 13:33 +0800, Dave Young wrote: > Hi, Mimi > > CCing kexec list, not all kexec people subscribed to IMA list. > I just subscribed to it since Vivek CCed me last time about the V1 of this > series. Thanks! > On 12/23/15 at 06:55pm, Mimi Zohar wrote: >

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Mon, 2015-12-28 at 16:29 +0200, Petko Manolov wrote: > On 15-12-28 07:51:15, Mimi Zohar wrote: > > On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote: > > > On 12/25/15 at 09:45am, Mimi Zohar wrote: > > > > IMA calculates the file hash, in this case, based

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote: > On 12/25/15 at 09:45am, Mimi Zohar wrote: > > IMA calculates the file hash, in this case, based on the buffer > > contents. The hash is calculated once and used for both measurement > > and appraisal. If the file inte

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote: > On 12/25/15 at 09:45am, Mimi Zohar wrote: > > IMA calculates the file hash, in this case, based on the buffer > > contents. The hash is calculated once and used for both measurement > > and appraisal. If the file inte

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Mon, 2015-12-28 at 16:59 +0200, Petko Manolov wrote: > On 15-12-28 09:42:22, Mimi Zohar wrote: > > On Mon, 2015-12-28 at 16:29 +0200, Petko Manolov wrote: > > > > > > I kind of wonder isn't it possible to optimize the file read? If the > > > file > &

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote: > Hi, Mimi > > On 12/28/15 at 07:51am, Mimi Zohar wrote: > > On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote: > > > On 12/25/15 at 09:45am, Mimi Zohar wrote: > > > > IMA calculates the file has

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Tue, 2015-12-29 at 07:06 -0500, Mimi Zohar wrote: > On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote: > This policy flexibility is needed at least until all files come from > software providers with file signatures. (RPM has been modified to > include file signatures.) Even th

[PATCH 2/3] kexec: measure boot command line

This patch defines the buffer identifier "KEXEC_CMDLINE_CHECK" for measuring the boot command line. eg: echo -n -e `cat /proc/cmdline | sed 's/^.*root=/root=/'` | sha256sum Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- Documentation/ABI/testing/ima_policy | 1 + inc

[PATCH 1/3] ima: measure other types of data

, buffer length and a buffer identifier. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- include/linux/ima.h | 11 + security/integrity/ima/Makefile | 2 +- security/integrity/ima/ima.h| 2 + security/integrity/ima/ima_buffer.

[PATCH 0/3] support other types of measurements

to measure the kexec boot command line, while the latter could be used for including asymmetric key id information. Mimi Zohar (3): ima: measure other types of data kexec: measure boot command line ima: add pre-calculated measurements (experimental) Documentation/ABI/testing/ima_policy | 1

Re: [PATCH 0/6] kexec_file: Add buffer hand-over for the next kernel

Hi Dave, On Wed, 2016-06-22 at 09:20 +0800, Dave Young wrote: > On 06/20/16 at 10:44pm, Thiago Jung Bauermann wrote: > > Hello, > > > > This patch series implements a mechanism which allows the kernel to pass on > > a buffer to the kernel that will be kexec'd. This buffer is passed as a > >

[PATCH 3/3] ima: add pre-calculated measurements (experimental)

This patch defines a new IMA hook named ima_add_measurement_check() for including pre-calculated measurements in the IMA measurement list. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- Documentation/ABI/testing/ima_policy | 2 +- include/linux/ima.h

[RFC PATCH v2 03/11] ima: provide buffer hash calculation function

From: Dmitry Kasatkin <d.kasat...@samsung.com> This patch provides convenient buffer hash calculation function. Changelog: - rewrite to support loff_t sized buffers - Mimi (based on Fenguang Wu's testing) Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com> Signed-off-by: Mi

[RFC PATCH v2 04/11] ima: calculate the hash of a buffer using aynchronous hash(ahash)

Setting up ahash has some overhead. Only use ahash to calculate the hash of a buffer, if the buffer is larger than ima_ahash_minsize. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima_crypto.c | 75 - 1 file chang

[RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

h algo to the ima_collect_measurement(). Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 15 +++ security/integrity/ima/ima_api.c | 15 +++ secu

[RFC PATCH v2 09/11] ima: load policy using path

path() (Mimi) Changelog v2: - Patch description re-written by Luis R. Rodriguez Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 21 include/linux/fs.h |

[RFC PATCH v2 06/11] kexec: replace call to copy_file_from_fd() with kernel version

- Instead of ima_read_and_process_file() allocating memory, the caller allocates and frees the memory. - Moved the kexec measurement/appraisal call to copy_file_from_fd(). The same call now measures and appraises both the kexec image and initramfs. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- Documenta

[RFC PATCH v2 08/11] module: replace copy_module_from_fd with kernel version

the security_kernel_module_from_file() function. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 4 +++ include/linux/ima.h | 1 + include/linux/lsm_hooks.h | 8 + include/linux/security.h | 3 +- kernel/mo

[RFC PATCH v2 05/11] ima: define a new hook to measure and appraise a file already in memory

tains just the IMA changes. The kexec and initramfs changes are with the rest of the kexec changes in "kexec: replace call to copy_file_from_fd() with kernel version". Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c |

[RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() with kernel version

into memory. This patch retains the kernel_fw_from_file() hook, which is called from security_kernel_post_read_file(), but removes the sercurity_kernel_fw_from_file() function. Changelog: - reordered and squashed firmware patches - fix MAX firmware size (Kees Cook) Signed-off-by: Mimi Zohar <

[RFC PATCH v2 00/11] vfss: support for a common kernel file loader

[1] Taken from Luis Rodriguez's wiki - http://kernelnewbies.org/KernelProjects/common-kernel-loader Mimi Dmitry Kasatkin (3): ima: separate 'security.ima' reading functionality from collect ima: provide buffer hash calculation function ima: load policy using path Mimi Zohar (8): vfs: defin

[RFC PATCH v2 02/11] vfs: define a generic function to read a file from the kernel

some of these differences. This patch introduces a common function for reading files from the kernel with the corresponding security post-read hook and function. Changelog v1: - To simplify patch review, re-ordered patches Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/

[RFC PATCH v2 11/11] ima: require signed IMA policy

Require the IMA policy to be signed when additional rules can be added. Changelog v2: - add union name "hooks" to fix sparse warning v1: - initialize the policy flag - include IMA_APPRAISE_POLICY in the policy flag Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- securi

[RFC PATCH v2 10/11] ima: measure and appraise the IMA policy itself

This patch adds support for measuring and appraising the IMA policy itself. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h| 1 + security/integrity/ima/ima_fs.c | 9 - security/integrity/ima/ima_policy.c | 14 -- 3

Re: [PATCH v3 20/22] ima: load policy using path

On Mon, 2016-02-08 at 10:45 +, Dmitry Kasatkin wrote: > > > @@ -286,9 +322,12 @@ static ssize_t ima_write_policy(struct file *file, > > > const char __user *buf, > > > result = mutex_lock_interruptible(_write_mutex); > > > if (result < 0) > > > goto out_free; > > >

Re: [PATCH v3 16/22] module: replace copy_module_from_fd with kernel version

On Thu, 2016-02-04 at 20:56 +0100, Luis R. Rodriguez wrote: > On Wed, Feb 03, 2016 at 02:06:24PM -0500, Mimi Zohar wrote: > > Replace copy_module_from_fd() with kernel_read_file_from_fd(). > > > > Although none of the upstreamed LSMs define a kernel_module_from_file > >

Re: [PATCH v3 00/22] vfs: support for a common kernel file loader

On Thu, 2016-02-04 at 10:15 -0800, Kees Cook wrote: > On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > For a while it was looked down upon to directly read files from Linux. > > These days there exists a few mechanisms in the kernel that do

Re: [PATCH v3.1] firmware: clean up filesystem load exit path

;keesc...@chromium.org> > > Cc: Josh Boyer <jwbo...@fedoraproject.org> > > Cc: David Howells <dhowe...@redhat.com> > > Cc: Luis R. Rodriguez <mcg...@kernel.org> > > Cc: Mimi Zohar <zo...@linux.vnet.ibm.com> > > Thanks, > > Acked-by: Luis

[PATCH v4 05/19] vfs: define kernel_read_file_id enumeration

. Changelog v3: - Replace the IMA specific enumeration with a generic one. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Kees Cook <keesc...@chromium.org> Acked-by: Luis R. Rodriguez <mcg...@kernel.org> Cc: Al Viro <v...@zeniv.linux.org.uk> --- fs/ex

[PATCH v4 00/19] vfs: support for a common kernel file loader

ash calculation function ima: load policy using path Kees Cook (1): firmware: clean up filesystem load exit path Luis R. Rodriguez (2): firmware: simplify dev_*() print messages for generic helpers firmware: move completing fw into a helper Mimi Zohar (14): vfs: define a generic function

[PATCH v4 06/19] ima: provide buffer hash calculation function

satkin <dmitry.kasat...@huawei.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_crypto.c | 47 + 2 files changed, 49 insertions(+) diff --git a/security/integrity/ima/ima.h b/

[PATCH v4 07/19] ima: calculate the hash of a buffer using aynchronous hash(ahash)

Setting up ahash has some overhead. Only use ahash to calculate the hash of a buffer, if the buffer is larger than ima_ahash_minsize. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com> --- security/integrity/ima/ima_c

[PATCH v4 15/19] kexec: replace call to copy_file_from_fd() with kernel version

, moving copy_file_from_fd() to a separate patch - split patch, moving IMA changes to a separate patch v0: - use kstat file size type loff_t, not size_t - Calculate the file hash from the in memory buffer - Dave Young Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Kees Cook

[PATCH v4 04/19] vfs: define a generic function to read a file from the kernel

some of these differences. This patch introduces a common function for reading files from the kernel with the corresponding security post-read hook and function. Changelog v3: - additional bounds checking - Luis v2: - To simplify patch review, re-ordered patches Signed-off-by: Mimi Zohar <

[PATCH v4 08/19] ima: define a new hook to measure and appraise a file already in memory

ima_hash_and_process_file() to ima_post_read_file() v1: - split patch Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com> --- include/linux/ima.h | 8 +++ include/linux/security.h | 1 + security/integri

[PATCH v4 16/19] ima: support for kexec image and initramfs

: - replaced switch statement with a kernel_read_file_id to an ima_hooks id mapping array - Dmitry - renamed ima_hook tokens KEXEC_CHECK and INITRAMFS_CHECK to KEXEC_KERNEL_CHECK and KEXEC_INITRAMFS_CHECK respectively - Dave Young Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by:

[PATCH v4 12/19] vfs: define kernel_copy_file_from_fd()

uk> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 16 include/linux/fs.h | 2 ++ 2 files changed, 18 insertions(+) diff --git a/fs/exec.c b/fs/exec.c index 78dfdf3..604f669 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -910,6 +910,22 @@ int kernel_

[PATCH v4 09/19] vfs: define kernel_read_file_from_path

This patch defines kernel_read_file_from_path(), a wrapper for the VFS common kernel_read_file(). Changelog: - Separated from the IMA patch Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Kees Cook <keesc...@chromium.org> Acked-by: Luis R. Rodriguez <mcg...@kernel.o

[PATCH v4 13/19] module: replace copy_module_from_fd with kernel version

module twice, once for measuring/appraising and again for loading the kernel module, the signature validation is moved to the kernel_post_read_file() security hook. This patch removes the security_kernel_module_from_file() hook and security call. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.

[PATCH v4 11/19] security: define kernel_read_file hook

The kernel_read_file security hook is called prior to reading the file into memory. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Kees Cook <keesc...@chromium.org> Acked-by: Luis R. Rodriguez <mcg...@kernel.org> Acked-by: Casey Schaufler <ca...@schaufler-c

[PATCH v4 14/19] ima: remove firmware and module specific cached status info

simplifies adding support for other files read by the kernel. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Petko Manolov <pet...@mip-labs.com> Acked-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com> --- security/integrity/iint.c | 4 ++-- security/i

[PATCH v4 17/19] ima: load policy using path

v3: - moved kernel_read_file_from_path() to a separate patch v2: - after re-ordering the patches, replace calling integrity_kernel_read() to read the file with kernel_read_file_from_path() (Mimi) - Patch description re-written by Luis R. Rodriguez Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com> S

[PATCH v4 19/19] ima: require signed IMA policy

Require the IMA policy to be signed when additional rules can be added. v1: - initialize the policy flag - include IMA_APPRAISE_POLICY in the policy flag Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Petko Manolov <pet...@mip-labs.com> Acked-by: Dmitry Kasatkin &

[PATCH v4 10/19] firmware: replace call to fw_read_file_contents() with kernel version

kernel_fw_from_file() hook and security call. Changelog v3: - remove kernel_fw_from_file hook - use kernel_file_read_from_path() - requested by Luis v2: - reordered and squashed firmware patches - fix MAX firmware size (Kees Cook) Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Kees Cook

[PATCH v4 02/19] firmware: move completing fw into a helper

From: "Luis R. Rodriguez" <mcg...@kernel.org> This will be re-used later through a new extensible interface. Reviewed-by: Josh Boyer <jwbo...@fedoraproject.org> Signed-off-by: Luis R. Rodriguez <mcg...@kernel.org> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.

[PATCH v4 18/19] ima: measure and appraise the IMA policy itself

Add support for measuring and appraising the IMA policy itself. Changelog v4: - use braces on both if/else branches, even if single line on one of the branches - Dmitry - Use the id mapping - Dmitry Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: Petko Manolov <pet...@mip

[PATCH v4 03/19] firmware: clean up filesystem load exit path

com> Acked-by: Luis R. Rodriguez <mcg...@kernel.org> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/base/firmware_class.c | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_c

[PATCH v4 01/19] firmware: simplify dev_*() print messages for generic helpers

chaufler <ca...@schaufler-ca.com> Cc: Ming Lei <ming@canonical.com> Cc: Takashi Iwai <ti...@suse.de> Cc: Vojtěch Pavlík <vojt...@suse.cz> Cc: Kyle McMartin <k...@kernel.org> Cc: Matthew Garrett <mj...@srcf.ucam.org> Cc: linux-ker...@vger.kernel.org

Re: [PATCH v3 14/22] security: define kernel_read_file hook

On Thu, 2016-02-11 at 08:54 -0800, Casey Schaufler wrote: > On 2/3/2016 11:06 AM, Mimi Zohar wrote: > > The kernel_read_file security hook is called prior to reading the file > > into memory. > > > > Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> &

Re: [PATCH v3 19/22] ima: support for kexec image and initramfs

On Thu, 2016-02-11 at 10:47 +0200, Dmitry Kasatkin wrote: > On Thu, Feb 11, 2016 at 4:08 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > static int idmap[] = { > [READING_FIRMWARE] = FIRMWARE_CHECK, > [READING_MODULE] = MODULE_CHECK, > ... &g

Re: [PATCH v3 19/22] ima: support for kexec image and initramfs

On Sun, 2016-02-07 at 22:10 +0200, Petko Manolov wrote: > On 16-02-03 14:06:27, Mimi Zohar wrote: > > Option 3: incorportate the ima_hooks enumeration into kernel_read_file_id, > > perhaps changing the enumeration name. > > > > For now, duplicate the new RE

[PATCH v3 04/22] firmware: simplify dev_*() print messages for generic helpers

chaufler <ca...@schaufler-ca.com> Cc: Ming Lei <ming@canonical.com> Cc: Takashi Iwai <ti...@suse.de> Cc: Vojtěch Pavlík <vojt...@suse.cz> Cc: Kyle McMartin <k...@kernel.org> Cc: Matthew Garrett <mj...@srcf.ucam.org> Cc: linux-ker...@vger.kernel.org

[PATCH v3 07/22] vfs: define a generic function to read a file from the kernel

some of these differences. This patch introduces a common function for reading files from the kernel with the corresponding security post-read hook and function. Changelog v3: - additional bounds checking - Luis v2: - To simplify patch review, re-ordered patches Signed-off-by: Mimi Zohar <

[PATCH v3 12/22] vfs: define kernel_read_file_from_path

This patch defines kernel_read_file_from_path(), a wrapper for the VFS common kernel_read_file(). Changelog: - Separated from the IMA patch Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 22 ++ include/linux/fs.h | 2 ++ 2 files chang

[PATCH v3 15/22] vfs: define kernel_copy_file_from_fd()

This patch defines kernel_read_file_from_fd(), a wrapper for the VFS common kernel_read_file(). Changelog: - Separated from the kernel modules patch Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 16 include/linux/fs.h | 2 ++ 2 files chang

[PATCH v3 09/22] ima: provide buffer hash calculation function

satkin <dmitry.kasat...@huawei.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_crypto.c | 47 + 2 files changed, 49 insertions(+) diff --git a/security/integrity/ima/ima.h b/

[PATCH v3 05/22] firmware: move completing fw into a helper

From: "Luis R. Rodriguez" <mcg...@kernel.org> This will be re-used later through a new extensible interface. Reviewed-by: Josh Boyer <jwbo...@fedoraproject.org> Signed-off-by: Luis R. Rodriguez <mcg...@kernel.org> Signed-off-by: Mimi Zohar <zo...@linux.

[PATCH v3 00/22] vfs: support for a common kernel file loader

implify dev_*() print messages for generic helpers firmware: move completing fw into a helper Mimi Zohar (16): ima: refactor ima_policy_show() to display "ima_hooks" rules ima: use "ima_hooks" enum as function argument vfs: define a generic function to read a file

[PATCH v3 08/22] vfs: define kernel_read_file_id enumeration

. Changelog v3: - Replace the IMA specific enumeration with a generic one. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 4 ++-- include/linux/fs.h| 7 ++- include/linux/lsm_hooks.h | 4 +++- include/linux/security.h | 7 +-- se

[PATCH v3 01/22] ima: separate 'security.ima' reading functionality from collect

h algo to the ima_collect_measurement(). Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 15 +++ security/integrity/ima/ima_api.c | 15 +++ secu

[PATCH v3 18/22] kexec: replace call to copy_file_from_fd() with kernel version

ocess_file() allocating memory, the caller allocates and frees the memory. - Moved the kexec measurement/appraisal call to copy_file_from_fd(). The same call now measures and appraises both the kexec image and initramfs. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- include/linux/fs.h

[PATCH v3 21/22] ima: measure and appraise the IMA policy itself

Add support for measuring and appraising the IMA policy itself. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_fs.c | 9 - security/integrity/ima/ima_main.c | 3 +++ security/integri

[PATCH v3 06/22] firmware: fold successful fw read early

Luis R. Rodriguez <mcg...@kernel.org> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/base/firmware_class.c | 16 +++- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c index fb64814..c65

[PATCH v3 16/22] module: replace copy_module_from_fd with kernel version

module twice, once for measuring/appraising and again for loading the kernel module, the signature validation is moved to the kernel_post_read_file() security hook. This patch removes the security_kernel_module_from_file() hook and security call. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.

[PATCH v3 14/22] security: define kernel_read_file hook

The kernel_read_file security hook is called prior to reading the file into memory. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- fs/exec.c | 4 include/linux/ima.h | 6 ++ include/linux/lsm_hooks.h | 8 include

[PATCH v3 19/22] ima: support for kexec image and initramfs

{ enum ima_hooks func_id; enum kernel_read_file_id read_id; }; }; Option 3: incorportate the ima_hooks enumeration into kernel_read_file_id, perhaps changing the enumeration name. For now, duplicate the new READING_KEXEC_IMAGE/INITRAMFS in ima_hooks. Signed-off-by: Mimi

[PATCH v3 20/22] ima: load policy using path

v3: - moved kernel_read_file_from_path() to a separate patch v2: - after re-ordering the patches, replace calling integrity_kernel_read() to read the file with kernel_read_file_from_path() (Mimi) - Patch description re-written by Luis R. Rodriguez Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com> S

[PATCH v3 22/22] ima: require signed IMA policy

Require the IMA policy to be signed when additional rules can be added. v1: - initialize the policy flag - include IMA_APPRAISE_POLICY in the policy flag Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima_policy.c | 7 +++ 1 file changed, 7 inse

[PATCH v3 03/22] ima: use "ima_hooks" enum as function argument

Cleanup the function arguments by using "ima_hooks" enumerator as needed. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 25 + security/integrity/ima/ima_api.c | 6 +++--- security/integrity/ima/ima

[PATCH v3 13/22] firmware: replace call to fw_read_file_contents() with kernel version

kernel_fw_from_file() hook and security call. Changelog v3: - remove kernel_fw_from_file hook - use kernel_file_read_from_path() - requested by Luis v2: - reordered and squashed firmware patches - fix MAX firmware size (Kees Cook) Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- driver

[PATCH v3 02/22] ima: refactor ima_policy_show() to display "ima_hooks" rules

Define and call a function to display the "ima_hooks" rules. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima_policy.c | 63 + 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/securi

[PATCH v3 17/22] ima: remove firmware and module specific cached status info

simplifies adding support for other files read by the kernel. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/iint.c | 4 ++-- security/integrity/ima/ima.h | 3 ++- security/integrity/ima/ima_appraise.

[PATCH v3 10/22] ima: calculate the hash of a buffer using aynchronous hash(ahash)

Setting up ahash has some overhead. Only use ahash to calculate the hash of a buffer, if the buffer is larger than ima_ahash_minsize. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima_crypto.c | 75 - 1 file chang

[PATCH v3 11/22] ima: define a new hook to measure and appraise a file already in memory

the kexec changes in "kexec: replace call to copy_file_from_fd() with kernel version". Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- include/linux/ima.h | 8 +++ include/linux/security.h | 1 + security/integrity/ima/ima.h

Re: [RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() with kernel version

On Wed, 2016-01-20 at 15:56 -0800, Luis R. Rodriguez wrote: > On Wed, Jan 20, 2016 at 3:39 PM, Luis R. Rodriguez wrote: > >> @@ -350,13 +321,18 @@ static int fw_get_filesystem_firmware(struct device > >> *device, > >> file = filp_open(path, O_RDONLY, 0); > >>

Re: [RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() with kernel version

On Tue, 2016-01-19 at 16:10 -0800, Kees Cook wrote: > On Mon, Jan 18, 2016 at 7:11 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > Replace fw_read_file_contents() for reading a file with the common VFS > > kernel_read_file() function. A benefit of calling kernel_re

Re: [RFC PATCH v2 03/11] ima: provide buffer hash calculation function

On Tue, 2016-01-19 at 21:26 +0200, Dmitry Kasatkin wrote: > On Mon, Jan 18, 2016 at 5:11 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > From: Dmitry Kasatkin <d.kasat...@samsung.com> > > > > This patch provides convenient buffer hash calculation function.

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote: > Hi Mimi, > > Please change > > Signed-off-by: Dmitry Kasatkin I'll make the change here and in the other patches as well. Mimi ___ kexec mailing list

Re: [RFC PATCH v2 02/11] vfs: define a generic function to read a file from the kernel

On Wed, 2016-01-20 at 02:09 +0100, Luis R. Rodriguez wrote: > On Mon, Jan 18, 2016 at 10:11:17AM -0500, Mimi Zohar wrote: > > diff --git a/fs/exec.c b/fs/exec.c > > index b06623a..6d623c2 100644 > > --- a/fs/exec.c > > +++ b/fs/exec.c > > @@ -831,6 +832,58 @@

Re: [RFC PATCH v2 09/11] ima: load policy using path

On Thu, 2016-01-21 at 01:05 +0100, Luis R. Rodriguez wrote: > On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote: > > --- a/fs/exec.c > > +++ b/fs/exec.c > > @@ -903,6 +903,27 @@ out: > > return ret; > > } > > > > +int kernel_read_file_f

  1   2   3   4   5   >