From: Roberto Sassu
One of the IMA shortcomings over the years has been the availability of
reference digest values for appraisal. Recently, the situation improved
and some Linux distributions are including file signatures.
The digest_cache LSM takes a different approach. Instead of requiring
From: Roberto Sassu
Introduce a new hook to check the integrity of digest lists.
The new hook is invoked during a kernel read with file type
READING_DIGEST LIST, which is done by the digest_cache LSM when it is
populating a digest cache with a digest list.
Signed-off-by: Roberto Sassu
From: Roberto Sassu
Invoking digest_cache_get() inside the iint->mutex critical region can
cause deadlocks due to the fact that IMA can be recursively invoked for
reading the digest list. The deadlock would occur if the digest_cache LSM
attempts to read the same inode that is already locked
From: Roberto Sassu
Add the 'digest_cache=' policy keyword, to enable the usage of digest
caches for specific IMA actions and purposes.
At the moment, it accepts only 'content' as value, as digest caches can be
only used only for measurement and appraisal of file conten
From: Roberto Sassu
Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in
the kernel command line to add the following rule at the beginning of the
IMA policy, before other rules:
measure func=DIGEST_LIST_CHECK pcr=12
which will measure digest lists
From: Roberto Sassu
The digest_cache LSM allows integrity providers to record how the digest
list being used to populate the digest cache was verified.
Integrity providers can register a kernel_post_read_file LSM hook
implementation, and call digest_cache_verif_set() providing the result of
the
From: Roberto Sassu
Introduce a new measurement style using digest caches, which can be
performed exclusively on non-standard PCRs, to avoid ambiguity.
While a measurement on the standard PCR means that a file was accessed and
had the measured content, a measurement with the digest cache means
From: Roberto Sassu
Similarly to measurement, enable the new appraisal style too using digest
caches.
Instead of verifying individual file signatures, verify the signature of
lists of digests and search calculated file digests in those lists.
The benefits are that signed lists of digests
From: Roberto Sassu
IMA invalidates the cached verification result on file content/metadata
update, so that the file is evaluated again at next access.
While until now checking modifications on the file was sufficient to
determine if the cached verification result is still valid, that no longer
On Thu, 2024-03-07 at 14:42 -0500, Mimi Zohar wrote:
> On Wed, 2024-02-14 at 15:35 +0100, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Invoking digest_cache_get() inside the iint->mutex critical region can
> > cause deadlocks due to the fact that IMA
On Thu, 2024-03-07 at 14:43 -0500, Mimi Zohar wrote:
> On Wed, 2024-02-14 at 15:35 +0100, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Add the 'digest_cache=' policy keyword, to enable the usage of digest
> > caches for specific IMA actions and
On Thu, 2024-03-07 at 15:17 -0500, Mimi Zohar wrote:
> On Wed, 2024-02-14 at 15:35 +0100, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in
> > the kernel command line
&
On Fri, 2024-03-08 at 11:08 -0500, Mimi Zohar wrote:
> Hi Roberto,
>
> > diff --git a/security/integrity/ima/ima_main.c
> > b/security/integrity/ima/ima_main.c
> > index 3fc48214850a..48a09747ae7a 100644
> > --- a/security/integrity/ima/ima_main.c
> > +++ b/security/integrity/ima/ima_main.c
> > @@
On Fri, 2024-03-08 at 12:35 -0500, Mimi Zohar wrote:
> Hi Roberto,
>
> > b/security/integrity/ima/ima_main.c
> > index a66522a22cbc..e1b2f5737753 100644
> > --- a/security/integrity/ima/ima_main.c
> > +++ b/security/integrity/ima/ima_main.c
> > @@ -301,6 +301,15 @@ static int process_measurement(s
From: Roberto Sassu
One of the IMA shortcomings over the years has been the availability of
reference digest values for appraisal. Recently, the situation improved
and some Linux distributions are including file signatures.
The digest_cache LSM takes a different approach. Instead of requiring
From: Roberto Sassu
Introduce a new hook to check the integrity of digest lists.
The new hook is invoked during a kernel read with file type
READING_DIGEST LIST, which is done by the digest_cache LSM when it is
populating a digest cache with a digest list.
Signed-off-by: Roberto Sassu
From: Roberto Sassu
Invoking digest_cache_get() inside the iint->mutex critical region can
cause deadlocks due to the fact that IMA can be recursively invoked for
reading the digest list. The deadlock would occur if the digest_cache LSM
attempts to read the same inode that is already locked
From: Roberto Sassu
Add the 'digest_cache=' policy keyword, to enable the usage of digest
caches for specific IMA actions and purpose.
At the moment, it accepts only 'data' as value, as digest caches can be
used only for measurement and appraisal of file data. In the
From: Roberto Sassu
Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in
the kernel command line to add the following rule at the beginning of the
IMA policy, before other rules:
measure func=DIGEST_LIST_CHECK pcr=12
which will measure digest lists
From: Roberto Sassu
Setting the boot-time built-in policies 'digest_cache_measure' and
'digest_cache_appraise' is not sufficient to use the digest_cache LSM to
measure and appraise files, since their effect is only to measure and
appraise digest lists.
Modify existing meas
From: Roberto Sassu
The digest_cache LSM allows integrity providers to record how the digest
list being used to populate the digest cache was verified.
Integrity providers can register a kernel_post_read_file LSM hook
implementation, and call digest_cache_verif_set() providing the result of
the
From: Roberto Sassu
Introduce a new measurement style using digest caches, which can be
performed exclusively on non-standard PCRs, to avoid ambiguity.
While a measurement on the standard PCR means that a file was accessed and
had the measured data, a measurement with the digest cache means
From: Roberto Sassu
Similarly to measurement, enable the new appraisal style too using digest
caches.
Instead of verifying individual file signatures, verify the signature of
lists of digests and search calculated file digests in those lists.
The benefits are that signed lists of digests
From: Roberto Sassu
A digest cache used for measurement/appraisal might change over the time
(due to file modification, directory changes). When that happens, IMA
should invalidate the cached integrity result for affected inodes and
evaluate those inodes again.
Implement ima_digest_cache_change
From: Roberto Sassu
Integrity detection and protection has long been a desirable feature, to
reach a large user base and mitigate the risk of flaws in the software
and attacks.
However, while solutions exist, they struggle to reach a large user base,
due to requiring higher than desired
From: Roberto Sassu
Introduce digest_cache_init() to initialize created digest caches. Since
initialization happens after releasing both the dig_owner_mutex and
dig_user_mutex locks (to avoid a lock inversion with VFS locks), any caller
of digest_cache_get() can potentially be in charge of
From: Roberto Sassu
Create the digest_cache directory in /integrity, and add the
default_path file, to let root change/read the default path (file or
directory) from where digest lists are looked up.
An RW semaphore prevents the default path from changing while
digest_list_new() and
From: Roberto Sassu
Add a linked list of hash tables to the digest cache, one per algorithm,
containing the digests extracted from digest lists.
The number of hash table slots is determined by dividing the number of
digests to add to the average depth of the collision list defined with
From: Roberto Sassu
Introduce digest_cache_populate() to populate the digest cache from a
digest list. Call it from digest_cache_init() if the inode is a regular
file.
It opens the file and then schedules a work to read the content (with new
file type READING_DIGEST_LIST). Scheduling a work
From: Roberto Sassu
Add digest_list_parse_tlv(), to parse TLV-formatted (Type Length Value)
digest lists. Their structure is:
[header: DIGEST_LIST_FILE, num fields, total len]
[field: DIGEST_LIST_ALGO, length, value]
[field: DIGEST_LIST_ENTRY#1, length, value (below)]
|- [header
From: Roberto Sassu
Add a parser of a generic Type-Length-Value (TLV) format:
+-+--+-+
| data type (u64) | num fields (u64) | total len (u64) | # header
+--+--+-++-+---+
| field1 (u64) | len1 (u64) | value1
From: Roberto Sassu
The Integrity Digest Cache can support other LSMs in their decisions of
granting access to file data and metadata.
However, the information alone about whether a digest was found in a digest
cache might not be sufficient, because for example those LSMs wouldn't know
From: Roberto Sassu
In the environments where xattrs are not available (e.g. in the initial ram
disk), the Integrity Digest Cache cannot precisely determine which digest
list in a directory contains the desired reference digest. However,
although slower, it would be desirable to search the
From: Roberto Sassu
Register six new LSM hooks on behalf of the IMA LSM, path_truncate,
file_release, inode_unlink, inode_rename, inode_post_setxattr and
inode_post_removexattr, to monitor digest lists/parent directory
modifications.
If an action affects a digest list or the parent directory
From: Roberto Sassu
A desirable goal when doing integrity measurements is that they are done
always in the same order across boots, so that the resulting PCR value
becomes predictable and suitable for sealing policies. However, due to
parallel execution of system services at boot, a
From: Roberto Sassu
Add tests to verify the correctness of the Integrity Digest Cache, in
all_test.c.
Add the kernel module digest_cache_kern.ko, to let all_test call the API
of the Integrity Digest Cache through the newly introduced
digest_cache_test file in /integrity/digest_cache.
Test
From: Roberto Sassu
Implement a simple parser of RPM headers, that extracts the digest and the
algorithm of the packaged files from the RPMTAG_FILEDIGESTS and
RPMTAG_FILEDIGESTALGO section, and adds them to the digest cache.
The rpm digest list parser has been verified with Frama-C
(https
From: Roberto Sassu
Add the documentation of the Integrity Digest Cache in
Documentation/security.
Signed-off-by: Roberto Sassu
---
Documentation/security/digest_cache.rst | 814
Documentation/security/index.rst| 1 +
MAINTAINERS
From: Roberto Sassu
Introduce the Integrity Digest Cache, to collect digests from various
sources (called digest lists), and to store them in kernel memory, in a set
of hash tables forming a digest cache. Extracted digests can be used as
reference values for integrity verification of file data
From: Roberto Sassu
Add the 'digest_cache=' policy keyword, to enable the usage of digest
caches for specific IMA actions and purpose.
At the moment, it accepts only 'data' as value, as digest caches can be
used only for measurement and appraisal of file data. In the
From: Roberto Sassu
One of the IMA shortcomings over the years has been the availability of
reference digest values for appraisal. Recently, the situation improved
and some Linux distributions are including file signatures, such as
Fedora 39.
The Integrity Digest Cache takes a different
From: Roberto Sassu
Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in
the kernel command line to add the following rule at the beginning of the
IMA policy, before other rules:
measure func=DIGEST_LIST_CHECK pcr=12
which will measure digest lists
From: Roberto Sassu
Invoking digest_cache_get() inside the iint->mutex critical region can
cause deadlocks due to the fact that IMA can be recursively invoked for
reading the digest list. The deadlock would occur if the Integrity Digest
Cache attempts to read the same inode that is alre
From: Roberto Sassu
Setting the boot-time built-in policies 'digest_cache_measure' and
'digest_cache_appraise' is not sufficient to use the Integrity Digest Cache
to measure and appraise files, since their effect is only to measure and
appraise digest lists.
Modify existing
From: Roberto Sassu
Introduce a new hook to check the integrity of digest lists.
The new hook is invoked during a kernel read with file type
READING_DIGEST LIST, which is done by the Integrity Digest Cache when it is
populating a digest cache with a digest list.
Signed-off-by: Roberto Sassu
From: Roberto Sassu
Add a digest cache pointer to the ima_iint_cache structure and introduce
ima_digest_cache_get_check() to retrieve a fresh digest cache and compare
with the pointer stored in the previous calls (if digest cache was enabled
in the IMA policy).
If the pointers don't
From: Roberto Sassu
The Integrity Digest Cache allows integrity providers to record how the
digest list being used to populate the digest cache was verified.
Integrity providers can register a kernel_post_read_file LSM hook
implementation, and call digest_cache_verif_set() providing the result
From: Roberto Sassu
Introduce a new measurement style using digest caches, which can be
performed exclusively on non-standard PCRs, to avoid ambiguity.
While a measurement on the standard PCR means that a file was accessed and
had the measured data, a measurement with the digest cache means
From: Roberto Sassu
Similarly to measurement, enable the new appraisal style too using digest
caches.
It allows files to be verified by only checking the signature of the
package they belong to (as opposed to checking individual file signatures),
and by doing a digest lookup in the digest cache
From: Roberto Sassu
Introduce ima_digest_cache_load_verified_usage() to retrieve the verified
usage from the digest cache returned from the lookup of the digest
calculated by IMA on a file being accessed.
Verified usage cannot be loaded from the digest cache returned by
digest_cache_get() since
On Thu, 2024-09-05 at 10:02 -0700, Jeff Johnson wrote:
> On 9/5/24 08:05, Roberto Sassu wrote:
> ...
> > +module_init(digest_cache_test_init);
> > +module_exit(digest_cache_test_fini);
> > +MODULE_LICENSE("GPL");
>
> Missing MODULE_DESCRIPTION()
>
&g
On Thu, 2024-09-05 at 20:30 +0300, Jani Nikula wrote:
> On Thu, 05 Sep 2024, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Add a parser of a generic Type-Length-Value (TLV) format:
> >
> > +-+--+-+
> &
On Fri, 2024-09-06 at 11:06 +0300, Jani Nikula wrote:
> On Fri, 06 Sep 2024, Roberto Sassu wrote:
> > On Thu, 2024-09-05 at 20:30 +0300, Jani Nikula wrote:
> > > On Thu, 05 Sep 2024, Roberto Sassu wrote:
> > > > From: Roberto Sassu
> > > >
> >
On Fri, 2024-09-06 at 12:41 +0300, Jarkko Sakkinen wrote:
> On Thu Sep 5, 2024 at 6:25 PM EEST, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Introduce a new hook to check the integrity of digest lists.
>
> "Introduce DIGEST_LIST_CHECK, a new hook..."
On Fri, 2024-09-06 at 12:45 +0300, Jarkko Sakkinen wrote:
> On Thu Sep 5, 2024 at 6:25 PM EEST, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in
> > the kernel command lin
This patch adds a call to evm_reset_status() in evm_inode_post_setattr(),
before security.evm is updated. The same is done in the other
evm_inode_post_* functions.
Fixes: 523b74b16bcbb ("evm: reset EVM status when file attributes change")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.
This patch ensures that integrity_audit_msg() is called only when the
status is not INTEGRITY_PASS.
Fixes: 8606404fa555c ("ima: digital signature verification support")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.kernel.org
---
security/integrity/ima/ima_appraise.c | 5 +++--
1 file
to the kernel command line.
Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.kernel.org
---
Documentation/admin-guide/kernel-parameters.txt | 3 +++
security/integrity/ima/ima_appraise.c | 12
2 files c
tures")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.kernel.org
---
security/integrity/evm/evm_crypto.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/evm/evm_crypto.c
b/security/integrity/evm/evm_crypto.c
index e11564eb645b..82a38e801ee4 100644
--- a/security/int
On 5/20/2019 11:20 PM, Mimi Zohar wrote:
On Thu, 2019-05-16 at 18:12 +0200, Roberto Sassu wrote:
diff --git a/Documentation/admin-guide/kernel-parameters.txt
b/Documentation/admin-guide/kernel-parameters.txt
index 52e6fbb042cc..80e1c233656b 100644
--- a/Documentation/admin-guide/kernel
On 5/20/2019 11:20 PM, Mimi Zohar wrote:
On Thu, 2019-05-16 at 18:12 +0200, Roberto Sassu wrote:
This patch ensures that integrity_audit_msg() is called only when the
status is not INTEGRITY_PASS.
Fixes: 8606404fa555c ("ima: digital signature verification support")
Signed-off-by: Rob
introduce
'enforce-evm' and 'log-evm' as possible values for ima_appraise=
- remove patch 4/4 (ima: only audit failed appraisal verifications)
- add new patch (ima: show rules with IMA_INMASK correctly)
Roberto Sassu (3):
evm: check hash algorithm passed to init_desc()
tures")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.kernel.org
---
security/integrity/evm/evm_crypto.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/evm/evm_crypto.c
b/security/integrity/evm/evm_crypto.c
index e11564eb645b..82a38e801ee4 100644
--- a/security/int
suffix to the value of the ima_appraise= kernel option.
Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.kernel.org
---
Documentation/admin-guide/kernel-parameters.txt | 3 ++-
security/integrity/ima/ima_appraise.c |
Show the '^' character when a policy rule has flag IMA_INMASK.
Fixes: 80eae209d63ac ("IMA: allow reading back the current IMA policy")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.kernel.org
---
security/integrity/ima/ima_policy.c | 21 -
1 file changed,
On 5/30/2019 2:00 PM, Mimi Zohar wrote:
On Wed, 2019-05-29 at 15:30 +0200, Roberto Sassu wrote:
Currently, ima_appraise_measurement() ignores the EVM status when
evm_verifyxattr() returns INTEGRITY_UNKNOWN. If a file has a valid
security.ima xattr with type IMA_XATTR_DIGEST or
On 6/3/2019 3:43 PM, James Bottomley wrote:
On Mon, 2019-06-03 at 11:25 +0200, Roberto Sassu wrote:
On 5/30/2019 2:00 PM, Mimi Zohar wrote:
On Wed, 2019-05-29 at 15:30 +0200, Roberto Sassu wrote:
Currently, ima_appraise_measurement() ignores the EVM status when
evm_verifyxattr() returns
On 6/3/2019 4:31 PM, James Bottomley wrote:
On Mon, 2019-06-03 at 16:29 +0200, Roberto Sassu wrote:
On 6/3/2019 3:43 PM, James Bottomley wrote:
On Mon, 2019-06-03 at 11:25 +0200, Roberto Sassu wrote:
On 5/30/2019 2:00 PM, Mimi Zohar wrote:
On Wed, 2019-05-29 at 15:30 +0200, Roberto Sassu
th
security.ima and security.evm (HMAC calculated with the random key).
Strict appraisal will work only if it is done with signatures until the
persistent HMAC key is loaded.
Roberto Sassu (2):
evm: add option to set a random HMAC key at early boot
ima: add enforce-evm and log-evm modes to str
verify the HMAC. This type is used for new
files and file updates (unless security.evm exists with a different type),
until the persistent key is loaded. Afterwards, existing HMACs calculated
with the random key are replaced with HMACs calculated with the persistent
key.
Signed-off-by: Roberto Sassu
g-evm.
Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu
Cc: sta...@vger.kernel.org
---
Documentation/admin-guide/kernel-parameters.txt | 3 ++-
security/integrity/ima/ima_appraise.c | 8
2 files changed, 10 insertions(+), 1 de
On 6/6/2019 1:26 PM, Roberto Sassu wrote:
Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
EVM status'. However, I realized that this patch cannot be accepted alone
because IMA-Appraisal would deny access to new files created during the
boot. With the c
On 6/6/2019 4:49 PM, Mimi Zohar wrote:
On Thu, 2019-06-06 at 13:43 +0200, Roberto Sassu wrote:
On 6/6/2019 1:26 PM, Roberto Sassu wrote:
Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
EVM status'. However, I realized that this patch cannot be accepte
On 6/7/2019 4:24 PM, Mimi Zohar wrote:
Hi Roberto,
Thank you for updating the patch description.
Hi Mimi
no problem.
On Thu, 2019-06-06 at 13:26 +0200, Roberto Sassu wrote:
IMA and EVM have been designed as two independent subsystems: the first for
checking the integrity of file data
On 6/7/2019 5:08 PM, Mimi Zohar wrote:
On Fri, 2019-06-07 at 16:40 +0200, Roberto Sassu wrote:
On Thu, 2019-06-06 at 13:26 +0200, Roberto Sassu wrote:
Although this choice appears legitimate, it might not be suitable for
hardened systems, where the administrator expects that access is denied
parser from the kernel
- add support for parsing digest lists in user space
v1:
- add support for immutable/mutable files
- add support for appraisal with digest lists
Roberto Sassu (14):
ima: read hash algorithm from security.ima even if appraisal is not
enabled
ima: generalize
written to securityfs.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_fs.c | 22 --
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 2000e8df0301..02980b55a3f1 100644
--- a
concurrent policy
upload.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_fs.c | 58 -
1 file changed, 43 insertions(+), 15 deletions(-)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 9a10b62e380f..c8bbc56f735e 100644
atomic_long_t
variable used as source is chosen depending on the opened file in the
securityfs filesystem.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_fs.c | 38 +++--
1 file changed, 12 insertions(+), 26 deletions(-)
diff --git a/security/integrity/ima
COMPACT_PARSER.
It also introduces ima_set_parser() and ima_get_parser() to return the
task_struct of the process that opened digest_list_data. This will be used
to determine whether digest lists have been measured/appraised and, if not,
to prevent their usage.
Signed-off-by: Roberto Sassu
negative (ima_digest_allow() will always return a NULL pointer). The same
happens for IMA-Appraise.
This patch also ensures that the parser can only execute shared libraries
with type COMPACT_PARSER (i.e. libraries adding support for custom digest
list formats).
Signed-off-by: Roberto Sassu
patch raises the uploaded data size limit to 64M, to accept
files (e.g. digest lists) larger than a policy. The same limit is used
for the SELinux policy.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_fs.c | 68 +++--
1 file changed, 40 insertions(+), 28
(ima_digests_htable).
Signed-off-by: Roberto Sassu
---
security/integrity/ima/Kconfig | 10 ++
security/integrity/ima/Makefile | 1 +
security/integrity/ima/ima_digest_list.c | 152 +++
security/integrity/ima/ima_digest_list.h | 40 ++
security
.
This patch also changes the requirement that security.ima must contain a
signature, if the type is EVM_IMA_XATTR_DIGSIG. A signature with length
zero is accepted.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima.h | 16
security/integrity/ima/ima_appraise.c | 55
hash table.
Signed-off-by: Roberto Sassu
---
include/linux/fs.h | 1 +
security/integrity/ima/ima_fs.c | 44 -
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index f7fdfe93e25d..0591a3c3cc2f 100644
=
(example: with ima_digest_list_pcr=+11, IMA generates standard measurements
with PCR 10 and digest list measurements with PCR 11).
Signed-off-by: Roberto Sassu
---
.../admin-guide/kernel-parameters.txt | 8
security/integrity/ima/ima.h | 9 ++--
security/int
executable with the User-Mode-Helper (UMH).
Signed-off-by: Roberto Sassu
---
security/integrity/iint.c| 1 +
security/integrity/ima/Kconfig | 15 +
security/integrity/ima/ima_digest_list.c | 42
security/integrity/integrity.h | 8
This patch adds the documentation of the IMA Digest Lists extension.
Signed-off-by: Roberto Sassu
---
Documentation/security/IMA-digest-lists.txt | 226
1 file changed, 226 insertions(+)
create mode 100644 Documentation/security/IMA-digest-lists.txt
diff --git a
perform appraisal verification
exclusively based on digest lists.
Signed-off-by: Roberto Sassu
---
.../admin-guide/kernel-parameters.txt | 3 +-
include/linux/evm.h | 6 +++
security/integrity/evm/evm_main.c | 2 +-
security/integrity/ima/ima.h
This patch introduces the new policies 'initrd' and 'appraise_initrd' to
measure/appraise files in the initial ram disk.
Signed-off-by: Roberto Sassu
---
.../admin-guide/kernel-parameters.txt | 5 +++-
security/integrity/ima/ima_policy.c | 26
On 6/14/2019 7:54 PM, Roberto Sassu wrote:
This patch set introduces a new IMA extension called IMA Digest Lists.
At early boot, the extension preloads in kernel memory reference digest
values, that can be compared with actual file digests when files are
accessed in the system.
The extension
On 6/17/2019 8:56 AM, Roberto Sassu wrote:
On 6/14/2019 7:54 PM, Roberto Sassu wrote:
This patch set introduces a new IMA extension called IMA Digest Lists.
At early boot, the extension preloads in kernel memory reference digest
values, that can be compared with actual file digests when files
On 6/25/2019 7:35 PM, Mimi Zohar wrote:
[Cc'ing Rob Landley]
On Tue, 2019-06-25 at 14:57 +0200, Roberto Sassu wrote:
Mimi, do you have any thoughts on this version?
I need to look closer, but when I first looked these changes seemed to
be really invasive. Let's first work on g
.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_fs.c | 18 --
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index ad491c5..058d3c1 100644
--- a/security/integrity/ima/ima_fs.c
+++ b
This patch renames ima_write_policy() to ima_write_data(). Also,
it determines the kernel_read_file_id from the dentry associated
to the file, and passes it to ima_read_file().
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_fs.c | 55 ++---
1
specifically for
the policy, as it might not be cleared at file release. This would prevent
userspace applications from uploading files after a policy has been loaded.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_fs.c | 46 -
1 file changed, 32
This patch removes ima_show_htable_violations() and
ima_show_measurements_count(). ima_show_htable_value(), called
by those functions, determines which hash table data should be
copied to the buffer depending on the dentry of the file passed
as argument.
Signed-off-by: Roberto Sassu
introduces functions to lookup and add a digest to
a hash table, which will be used by the parsers.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima.h | 8
security/integrity/ima/ima_queue.c | 39 ++
2 files changed, 47 insertions(+)
diff
ded together, their signature
cannot be verified.
Lastly, when a file is accessed, IMA searches the calculated digest in
the hash table. Only if the digest is not found a new entry is added
to the measurement list.
Roberto Sassu (12):
ima: generalize ima_read_policy()
ima: generalize ima_w
, as there is
no metadata provided for each. Digests (which have all the same size) are
concatenated together and placed after the header.
Signed-off-by: Roberto Sassu
---
security/integrity/ima/ima_digest_list.c | 60
1 file changed, 60 insertions(+)
diff --git a
1 - 100 of 193 matches
Mail list logo
