Hello Petr,
On 2021-02-23 4:18 p.m., Petr Vorel wrote:
Hi Tushar,
Change Log v3:
- Incorporated feedback from Mimi on v2.
- Updated patch title and description to make it generic.
- Changed config description word 'data' to 'records'.
- Tested use cases for boot param
of the attestation service to
accurately determine the current state of the system, because it would
be interpreted as the system having 'val#2' for the given record.
Update ima_add_template_entry() to support measurement of duplicate
records, driven by a Kconfig option - IMA_DISABLE_HTABLE.
Signed-off-by: Tushar
Hi Mimi,
On 2021-02-17 12:49 p.m., Tushar Sugandhi wrote:
On 2021-02-17 12:39 p.m., Mimi Zohar wrote:
On Wed, 2021-02-17 at 10:53 -0800, Tushar Sugandhi wrote:
Thanks for the feedback Mimi.
Appreciate it.
On 2021-02-17 7:03 a.m., Mimi Zohar wrote:
Hi Tushar,
The Subject line could
On 2021-02-17 12:39 p.m., Mimi Zohar wrote:
On Wed, 2021-02-17 at 10:53 -0800, Tushar Sugandhi wrote:
Thanks for the feedback Mimi.
Appreciate it.
On 2021-02-17 7:03 a.m., Mimi Zohar wrote:
Hi Tushar,
The Subject line could be improved. Perhaps something like - "IMA:
su
Thanks for the feedback Mimi.
Appreciate it.
On 2021-02-17 7:03 a.m., Mimi Zohar wrote:
Hi Tushar,
The Subject line could be improved. Perhaps something like - "IMA:
support for duplicate measurement records"
Will do.
On Tue, 2021-02-16 at 18:46 -0800, Tushar Sugandhi wrote:
by a Kconfig option - IMA_DISABLE_HTABLE.
Signed-off-by: Tushar Sugandhi
---
Change Log v2:
- Incorporated feedback from Mimi on v1.
- The fix is not just applicable to measurement of critical data,
it now applies to other buffers and file data as well.
- the fix is driven by a Kconfig option
On 2021-02-09 10:53 a.m., Mimi Zohar wrote:
On Tue, 2021-02-09 at 10:23 -0800, Tushar Sugandhi wrote:
On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote:
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA does not measure duplicate buffer data since TPM extend is a very
On 2021-02-08 12:24 p.m., Mimi Zohar wrote:
Hi Tushar,
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/ima_queue.c
b/security/integrity/ima/ima_queue.c
index c096ef8945c7..fbf359495fa8 100644
--- a/security/integrity/ima/ima_queue.c
+++ b
On 2021-02-08 12:45 p.m., Mimi Zohar wrote:
Hi Tushar,
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA needs to support duplicate measurements of integrity
critical data to accurately determine the current state of that data
on the system. Further, since measurement
Thank you Mimi for reviewing this series.
On 2021-02-08 1:10 p.m., Mimi Zohar wrote:
Hi Tushar,
On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote:
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA does not measure duplicate buffer data since TPM extend is a very
expensive
IMA policy condition, for the IMA func
CRITICAL_DATA to allow duplicate buffer measurement of integrity
critical data.
Limit the ability to measure duplicate buffer data when action is
"measure" and func is CRITICAL_DATA.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/tes
asure kernel version in early boot")
Tushar Sugandhi (3):
IMA: add policy condition to measure duplicate critical data
IMA: update functions to read allow_dup policy condition
IMA: add support to measure duplicate buffer for critical data hook
Documentation/ABI/testing/ima_po
buffer entry for integrity critical data should be measured.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_api.c | 9 +
security/integrity/ima/ima_init.c | 2 +-
security/integrity/ima/ima_main.c | 5 +++--
security/integrity
data.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_api.c | 6 --
security/integrity/ima/ima_appraise.c | 2 +-
security/integrity/ima/ima_main.c | 6 +++---
security/integrity/ima/ima_policy.c | 7 ++-
5 files
On 2021-01-15 4:54 a.m., Mimi Zohar wrote:
On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote:
IMA measures files and buffer data such as keys, command-line arguments
passed to the kernel on kexec system call, etc. While these measurements
are necessary for monitoring and validating
On 2021-01-13 6:09 p.m., Mimi Zohar wrote:
On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote:
Integrity critical data may belong to a single subsystem or it may
arise from cross subsystem interaction. Currently there is no mechanism
to group or limit the data based on certain label
is not provided with
the func CRITICAL_DATA, measure all the input integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
Documentation/ABI/testing/ima_policy | 2 ++
security/integrity/ima/ima_policy.c | 37 +---
2 files changed, 36 insertions(
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Update the documentation on kernel parameters to document
the new critical data builtin policy.
Signed-off-by: Lakshmi
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 7 +--
security/integrity/ima/ima_main.c | 8 +---
2 files changed, 10
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6
the necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add policy rule support for measuring integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
Reviewed-by: Mimi Zohar
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity
hash.
Introduce a boolean parameter to support measuring buffer data hash,
which would be much smaller, instead of the buffer itself.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h | 3 +-
security/integrity/ima/ima_appraise.c
option for
func=CRITICAL_DATA anymore. If not present, all the data sources
specified in __ima_supported_kernel_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: define a builtin critical data measurement policy
selinux: include a consumer of the new IMA critical data hook
Tushar Sugandhi
of the system. Currently, IMA does not provide a
generic function for measuring kernel integrity critical data.
Define ima_measure_critical_data, a new IMA hook, to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h
void process_buffer_measurement(struct inode *inode, const void
*buf, int size,
const char *eventname, enum ima_hooks func,
- int pcr, const char *func_data);
+ int pcr, const char *func_data,
+ bool measure_buf_hash);
Please
On 2020-12-24 6:41 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data
On 2020-12-24 6:29 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel
On 2021-01-05 12:16 p.m., Mimi Zohar wrote:
On Tue, 2021-01-05 at 12:01 -0800, Tushar Sugandhi wrote:
data. However, various data structures, policies, and states
Here and everywhere else, there are two blanks after a period.
I checked this patch file in multiple text editors
On 2020-12-24 5:48 a.m., Mimi Zohar wrote:
Hi Tushar,
Please update the Subject line as, "Add policy rule support for
measuring critical data".
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_cri
On 2020-12-24 5:04 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
IMA provides capabilities to measure file data, and in-memory buffer
No need for the comma here.
Up to this patch set, all the patches refer to "buffer data", not "in-
mem
On 2020-12-23 4:03 p.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
The original IMA buffer data measurement sizes were small (e.g. boot
command line), but the new buffer data measurement use cases have data
sizes that are a lot larger. Just as IMA measures
Hello Mimi,
Sorry for the late response. I was on vacation last week.
On 2020-12-24 5:06 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/ima_main.c
b/security/integrity/ima/ima_main.c
index 68956e884403..e76ef4bfd0f4
On 2020-12-12 11:20 a.m., Tyler Hicks wrote:
On 2020-12-12 10:02:47, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
On 2020-12-12 11:20 a.m., Tyler Hicks wrote:
On 2020-12-12 10:02:48, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel subsystems is needed
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
the necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity/ima/ima_policy.c
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to
for
func=CRITICAL_DATA anymore. If not present, all the data sources
specified in __ima_supported_kernel_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: define a builtin critical data measurement policy
selinux: include a consumer of the new IMA critical data hook
Tusha
are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
urce:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12
+ case CRITICAL_DATA:
+ if (!rule->data_source)
+ return true;
+
+ opt_list = rule->data_source;
+ break;
I guess this case should unconditionally return true in this patch and
then the include this additional logic in the
On 2020-12-11 4:25 p.m., Tyler Hicks wrote:
On 2020-12-11 15:58:03, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
urce:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security
policy
selinux: include a consumer of the new IMA critical data hook
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measure buffer data hash
IMA: define a hook to measure kernel integrity critical data
IMA: add policy rule to measure criti
are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
---
security/integrity
the necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity/ima/ima_policy.c
+ */
+void ima_measure_critical_data(const char *event_name,
+ const void *buf, int buf_len,
+ bool measure_buf_hash)
+{
+ if (!event_name || !buf || !buf_len) {
+ pr_err("Invalid arguments passed to %s().\n",
On 2020-12-10 3:15 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:09, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel subsystems is needed
On 2020-12-10 3:10 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:08, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
On 2020-12-10 3:02 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:07, Tushar Sugandhi wrote:
IMA provides capabilities to measure file data, and in-memory buffer
data. However, various data structures, policies, and states
stored in kernel memory also impact the integrity of the system
On 2020-12-10 3:22 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:11, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built
On 2020-12-10 3:19 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:10, Tushar Sugandhi wrote:
The IMA hook ima_measure_critical_data() does not support a way to
specify the source of the critical data provider. Thus, the data
measurement cannot be constrained based on the data source label
On 2020-12-10 2:38 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:06, Tushar Sugandhi wrote:
The original IMA buffer data measurement sizes were small (e.g. boot
command line), but the new buffer data measurement use cases have data
sizes that are a lot larger. Just as IMA measures the file
On 2020-12-10 2:14 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:05, Tushar Sugandhi wrote:
IMA functions such as ima_match_keyring(), process_buffer_measurement(),
ima_match_policy() etc. handle data specific to keyrings. Currently,
these constructs are not generic to handle any func
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing
ment policy
selinux: include a consumer of the new IMA critical data hook
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measure buffer data hash
IMA: define a hook to measure kernel integrity critical data
IMA: add policy rule to measure
the necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_policy.c | 35 +
1 file
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security/integrity/ima/ima_policy.c
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12 insertions(+), 5 deletions
urce:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
From: Lakshmi Ramasubramanian
IMA measures files and buffer data such as keys, command line arguments
passed to the kernel on kexec system call, etc. While these measurements
enable monitoring and validating the integrity of the system, it is not
sufficient. Various data structures, policies and
are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
---
security/integrity
Hi James,
On 2020-11-20 6:05 p.m., James Morris wrote:
On Thu, 19 Nov 2020, Tushar Sugandhi wrote:
an impact on the security guarantees provided by SELinux. Measuring
such in-memory data structures through IMA subsystem provides a secure
way for a remote attestation service to know the state
Thanks Pavel for looking at this series.
On 2020-11-20 4:46 a.m., Pavel Machek wrote:
On Thu 2020-11-19 15:26:03, Tushar Sugandhi wrote:
Kernel integrity critical data can be defined as the in-memory kernel
data which if accidentally or maliciously altered, can compromise the
integrity
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security/integrity/ima/ima_policy.c
are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
---
security/integrity
From: Lakshmi Ramasubramanian
The IMA hook to measure kernel critical data, namely
ima_measure_critical_data(), could be called before a custom IMA policy
is loaded. Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy is
From: Lakshmi Ramasubramanian
IMA measures files and buffer data such as keys, command line arguments
passed to the kernel on kexec system call, etc. While these measurements
enable monitoring and validating the integrity of the system, it is not
sufficient. In-memory data structures maintained
the necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_policy.c | 35 +
1 file
imit the measurement to the subsystems that are specified in the IMA
policy - CRITICAL_DATA+"data_sources:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
source name as an input parameter, so that the policy rule can
be used to limit data sources being measured.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12 insertions(+), 5 deletions(-)
diff
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
include/linux/ima.h | 6 +
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_main.c| 36
_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: add a built-in policy rule for critical data measurement
selinux: measure state and hash of the policy using IMA
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measure buffer d
Including "data_source" here isn't quite right. "data source" should
only be added in the first patch which uses it, not here. When adding
it please shorten the field description to "kernel data source". The
longer explanation can be included in the longer function description.
On 2020-11-12 2:19 p.m., Mimi Zohar wrote:
On Thu, 2020-11-12 at 13:47 -0800, Tushar Sugandhi wrote:
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
process_buffer_measurement() currently only measures the input buffer.
In case of SeLinux policy measurement, the policy being
11-01 at 14:26 -0800, Tushar Sugandhi wrote:
There are several kernel subsystems that contain critical data which if
accidentally or maliciously altered, can compromise the integrity of the
system. Examples of such subsystems would include LSMs like SELinux, or
AppArmor; or device-mapper targets like
On 2020-11-06 6:01 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
Currently, IMA does not restrict random data sources from measuring
their data using ima_measure_critical_data(). Any kernel data source can
call the function, and it's data
On 2020-11-06 5:43 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
System administrators should be able to choose which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
option to choose specific kernel
On 2020-11-06 5:24 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
Currently, IMA does not provide a generic function for kernel subsystems
to measure their critical data. Examples of critical data in this context
could be kernel in-memory r/o
On 2020-11-06 4:11 a.m., Mimi Zohar wrote:
Hi Tushar,
Below inline are a few additional comments.
diff --git a/security/integrity/ima/ima_main.c
b/security/integrity/ima/ima_main.c
index ae5da9f3339d..4485d87c0aa5 100644
--- a/security/integrity/ima/ima_main.c
+++
the subject line accordingly.
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
process_buffer_measurement() currently only measures the input buffer.
In case of SeLinux policy measurement, the policy being measured could
be large (several MB). This may result in a large entry in IMA
measurement
em measures its data by calling ima_measure_critical_data().
Limit the measurement to the subsystems that are specified in the IMA
policy - CRITICAL_DATA+"data_sources:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, measure the data from all the
supported k
supported'.
- Reverted the unnecessary rename of attribute size to buf_len.
- Introduced a boolean parameter measure_buf_hash as per community
feedback to support measuring hash of the buffer, instead of the
buffer itself.
Lakshmi Ramasubramanian (2):
IMA: add critical_data to the built-in policy r
that are being pushed to
the client. The attestation server will have to maintain the hash of
those buffer values.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 3 ++-
security/integrity/ima/ima_appraise.c| 2 +-
security/integrity/ima/ima_asymmetric_keys.c
func CRITICAL_DATA and a corresponding IMA hook
ima_measure_critical_data() to support measuring critical data for
various kernel subsystems.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
include/linux/ima.h | 8 ++
security/integrity/ima
alidate, at run-time, that the data
source is supported before measuring the data coming from that source.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 29 +
security/integrity/ima/ima_main.c | 12
2 files changed, 41 inser
From: Lakshmi Ramasubramanian
The IMA hook to measure kernel critical data, namely
ima_measure_critical_data(), could be called before a custom IMA policy
is loaded. For example, SELinux calls ima_measure_critical_data() to
measure its state and policy when they are initialized. This occurs
From: Lakshmi Ramasubramanian
Critical data structures of security modules are currently not measured.
Therefore an attestation service, for instance, would not be able to
attest whether the security modules are always operating with the policies
and configurations that the system administrator
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security/integrity/ima/ima_policy.c
Hi Mimi,
Thanks a lot for your continual engagement and
providing us valuable feedback on this work.
On 2020-10-24 8:35 p.m., Mimi Zohar wrote:
Hi Tushar,
On Wed, 2020-09-23 at 12:20 -0700, Tushar Sugandhi wrote:
There are several kernel components that contain critical data which
1 - 100 of 149 matches
Mail list logo