Hello Petr,
On 2021-02-23 4:18 p.m., Petr Vorel wrote:
Hi Tushar,
Change Log v3:
- Incorporated feedback from Mimi on v2.
- Updated patch title and description to make it generic.
- Changed config description word 'data' to 'records'.
- Tested use cases for boot param "ima_policy=tcb".
e
measurement log. This limits the ability of the attestation service to
accurately determine the current state of the system, because it would
be interpreted as the system having 'val#2' for the given record.
Update ima_add_template_entry() to support measurement of duplicate
records, driven by a
Hi Mimi,
On 2021-02-17 12:49 p.m., Tushar Sugandhi wrote:
On 2021-02-17 12:39 p.m., Mimi Zohar wrote:
On Wed, 2021-02-17 at 10:53 -0800, Tushar Sugandhi wrote:
Thanks for the feedback Mimi.
Appreciate it.
On 2021-02-17 7:03 a.m., Mimi Zohar wrote:
Hi Tushar,
The Subject line could be
On 2021-02-17 12:39 p.m., Mimi Zohar wrote:
On Wed, 2021-02-17 at 10:53 -0800, Tushar Sugandhi wrote:
Thanks for the feedback Mimi.
Appreciate it.
On 2021-02-17 7:03 a.m., Mimi Zohar wrote:
Hi Tushar,
The Subject line could be improved. Perhaps something like - "IMA:
suppor
Thanks for the feedback Mimi.
Appreciate it.
On 2021-02-17 7:03 a.m., Mimi Zohar wrote:
Hi Tushar,
The Subject line could be improved. Perhaps something like - "IMA:
support for duplicate measurement records"
Will do.
On Tue, 2021-02-16 at 18:46 -0800, Tushar Sugandhi wrote:
IM
asurement of duplicate
data, driven by a Kconfig option - IMA_DISABLE_HTABLE.
Signed-off-by: Tushar Sugandhi
---
Change Log v2:
- Incorporated feedback from Mimi on v1.
- The fix is not just applicable to measurement of critical data,
it now applies to other buffers and file data as well.
On 2021-02-09 10:53 a.m., Mimi Zohar wrote:
On Tue, 2021-02-09 at 10:23 -0800, Tushar Sugandhi wrote:
On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote:
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA does not measure duplicate buffer data since TPM extend is a very
On 2021-02-08 12:24 p.m., Mimi Zohar wrote:
Hi Tushar,
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/ima_queue.c
b/security/integrity/ima/ima_queue.c
index c096ef8945c7..fbf359495fa8 100644
--- a/security/integrity/ima/ima_queue.c
+++ b
On 2021-02-08 12:45 p.m., Mimi Zohar wrote:
Hi Tushar,
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA needs to support duplicate measurements of integrity
critical data to accurately determine the current state of that data
on the system. Further, since measurement of
Thank you Mimi for reviewing this series.
On 2021-02-08 1:10 p.m., Mimi Zohar wrote:
Hi Tushar,
On Mon, 2021-02-08 at 15:22 -0500, Mimi Zohar wrote:
On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote:
IMA does not measure duplicate buffer data since TPM extend is a very
expensive
IMA policy condition, for the IMA func
CRITICAL_DATA to allow duplicate buffer measurement of integrity
critical data.
Limit the ability to measure duplicate buffer data when action is
"measure" and func is CRITICAL_DATA.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/tes
ting
commit b3f82afc1041 ("IMA: Measure kernel version in early boot")
Tushar Sugandhi (3):
IMA: add policy condition to measure duplicate critical data
IMA: update functions to read allow_dup policy condition
IMA: add support to measure duplicate buffer for critical data
buffer entry for integrity critical data should be measured.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_api.c | 9 +
security/integrity/ima/ima_init.c | 2 +-
security/integrity/ima/ima_main.c | 5 +++--
security/integrity
data.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_api.c | 6 --
security/integrity/ima/ima_appraise.c | 2 +-
security/integrity/ima/ima_main.c | 6 +++---
security/integrity/ima/ima_policy.c | 7 ++-
5 files
On 2021-01-15 4:54 a.m., Mimi Zohar wrote:
On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote:
IMA measures files and buffer data such as keys, command-line arguments
passed to the kernel on kexec system call, etc. While these measurements
are necessary for monitoring and validating
On 2021-01-13 6:09 p.m., Mimi Zohar wrote:
On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote:
Integrity critical data may belong to a single subsystem or it may
arise from cross subsystem interaction. Currently there is no mechanism
to group or limit the data based on certain label
is not provided with
the func CRITICAL_DATA, measure all the input integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
Documentation/ABI/testing/ima_policy | 2 ++
security/integrity/ima/ima_policy.c | 37 +---
2 files changed, 36 insertions(+)
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to remo
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Update the documentation on kernel parameters to document
the new critical data builtin policy.
Signed-off-by: Lakshmi Ramasubram
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 7 +--
security/integrity/ima/ima_main.c | 8 +---
2 files changed, 10
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add policy rule support for measuring integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
Reviewed-by: Mimi Zohar
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity
hash.
Introduce a boolean parameter to support measuring buffer data hash,
which would be much smaller, instead of the buffer itself.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h | 3 +-
security/integrity/ima/ima_appraise.c
ot a mandatory policy option for
func=CRITICAL_DATA anymore. If not present, all the data sources
specified in __ima_supported_kernel_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: define a builtin critical data measurement policy
selinux: include a consumer of the new IMA critical d
of the system. Currently, IMA does not provide a
generic function for measuring kernel integrity critical data.
Define ima_measure_critical_data, a new IMA hook, to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h
void process_buffer_measurement(struct inode *inode, const void
*buf, int size,
const char *eventname, enum ima_hooks func,
- int pcr, const char *func_data);
+ int pcr, const char *func_data,
+ bool measure_buf_hash);
Please a
On 2020-12-24 6:41 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to
On 2020-12-24 6:29 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel
On 2021-01-05 12:16 p.m., Mimi Zohar wrote:
On Tue, 2021-01-05 at 12:01 -0800, Tushar Sugandhi wrote:
data. However, various data structures, policies, and states
Here and everywhere else, there are two blanks after a period.
I checked this patch file in multiple text editors, but
On 2020-12-24 5:48 a.m., Mimi Zohar wrote:
Hi Tushar,
Please update the Subject line as, "Add policy rule support for
measuring critical data".
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data
On 2020-12-24 5:04 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
IMA provides capabilities to measure file data, and in-memory buffer
No need for the comma here.
Up to this patch set, all the patches refer to "buffer data", not "in-
mem
On 2020-12-23 4:03 p.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
The original IMA buffer data measurement sizes were small (e.g. boot
command line), but the new buffer data measurement use cases have data
sizes that are a lot larger. Just as IMA measures
Hello Mimi,
Sorry for the late response. I was on vacation last week.
On 2020-12-24 5:06 a.m., Mimi Zohar wrote:
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/ima_main.c
b/security/integrity/ima/ima_main.c
index 68956e884403..e76ef4bfd0f4
On 2020-12-12 11:20 a.m., Tyler Hicks wrote:
On 2020-12-12 10:02:47, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
On 2020-12-12 11:20 a.m., Tyler Hicks wrote:
On 2020-12-12 10:02:48, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel subsystems is needed
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity/ima/ima_policy.c
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to remot
a mandatory policy option for
func=CRITICAL_DATA anymore. If not present, all the data sources
specified in __ima_supported_kernel_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: define a builtin critical data measurement policy
selinux: include a consumer of the new IMA
ments are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler
:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12
+ case CRITICAL_DATA:
+ if (!rule->data_source)
+ return true;
+
+ opt_list = rule->data_source;
+ break;
I guess this case should unconditionally return true in this patch and
then the include this additional logic in the
On 2020-12-11 4:25 p.m., Tyler Hicks wrote:
On 2020-12-11 15:58:03, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h
From: Lakshmi Ramasubramanian
SELinux stores the active policy in memory, so the changes to this data
at runtime would have an impact on the security guarantees provided
by SELinux. Measuring in-memory SELinux policy through IMA subsystem
provides a secure way for the attestation service to remot
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Tyler Hicks
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security
ritical data measurement policy
selinux: include a consumer of the new IMA critical data hook
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measure buffer data hash
IMA: define a hook to measure kernel integrity critical data
IMA: add pol
ments are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
---
security/inte
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity/ima/ima_policy.c
+ */
+void ima_measure_critical_data(const char *event_name,
+ const void *buf, int buf_len,
+ bool measure_buf_hash)
+{
+ if (!event_name || !buf || !buf_len) {
+ pr_err("Invalid arguments passed to %s().\n", __func_
On 2020-12-10 3:15 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:09, Tushar Sugandhi wrote:
System administrators should be able to limit which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
condition to choose specific kernel subsystems is needed
On 2020-12-10 3:10 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:08, Tushar Sugandhi wrote:
A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get
On 2020-12-10 3:02 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:07, Tushar Sugandhi wrote:
IMA provides capabilities to measure file data, and in-memory buffer
data. However, various data structures, policies, and states
stored in kernel memory also impact the integrity of the system
On 2020-12-10 3:22 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:11, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in
On 2020-12-10 3:19 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:10, Tushar Sugandhi wrote:
The IMA hook ima_measure_critical_data() does not support a way to
specify the source of the critical data provider. Thus, the data
measurement cannot be constrained based on the data source label
in
On 2020-12-10 2:38 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:06, Tushar Sugandhi wrote:
The original IMA buffer data measurement sizes were small (e.g. boot
command line), but the new buffer data measurement use cases have data
sizes that are a lot larger. Just as IMA measures the file
On 2020-12-10 2:14 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:05, Tushar Sugandhi wrote:
IMA functions such as ima_match_keyring(), process_buffer_measurement(),
ima_match_policy() etc. handle data specific to keyrings. Currently,
these constructs are not generic to handle any func
the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing
al data measurement policy
selinux: include a consumer of the new IMA critical data hook
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measure buffer data hash
IMA: define a hook to measure kernel integrity critical data
IMA: add policy
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_policy.c | 35 +
1 file
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security/integrity/ima/ima_policy.c
source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12 insertions(+), 5 deletions
:=".
Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"data_source:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
From: Lakshmi Ramasubramanian
Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.
Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".
Update the documentation
From: Lakshmi Ramasubramanian
IMA measures files and buffer data such as keys, command line arguments
passed to the kernel on kexec system call, etc. While these measurements
enable monitoring and validating the integrity of the system, it is not
sufficient. Various data structures, policies and
ments are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
---
security/inte
Hi James,
On 2020-11-20 6:05 p.m., James Morris wrote:
On Thu, 19 Nov 2020, Tushar Sugandhi wrote:
an impact on the security guarantees provided by SELinux. Measuring
such in-memory data structures through IMA subsystem provides a secure
way for a remote attestation service to know the state
Thanks Pavel for looking at this series.
On 2020-11-20 4:46 a.m., Pavel Machek wrote:
On Thu 2020-11-19 15:26:03, Tushar Sugandhi wrote:
Kernel integrity critical data can be defined as the in-memory kernel
data which if accidentally or maliciously altered, can compromise the
integrity of the
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security/integrity/ima/ima_policy.c
ments are only stored in the IMA log, since the buffer has no
extended attributes associated with it.
Introduce a boolean parameter measure_buf_hash to support measuring
hash of a buffer, which would be much smaller, instead of the buffer
itself.
Signed-off-by: Tushar Sugandhi
---
security/inte
From: Lakshmi Ramasubramanian
The IMA hook to measure kernel critical data, namely
ima_measure_critical_data(), could be called before a custom IMA policy
is loaded. Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy is
loa
From: Lakshmi Ramasubramanian
IMA measures files and buffer data such as keys, command line arguments
passed to the kernel on kexec system call, etc. While these measurements
enable monitoring and validating the integrity of the system, it is not
sufficient. In-memory data structures maintained b
necessary constraints (flags etc.)
for integrity critical buffer data measurements.
Add a policy rule to define the constraints for restricting integrity
critical data measurements.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_policy.c | 35 +
1 file
imit the measurement to the subsystems that are specified in the IMA
policy - CRITICAL_DATA+"data_sources:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, the data from all the
supported kernel subsystems is measured.
Signed-off-by: Tushar Sugandhi
---
D
source name as an input parameter, so that the policy rule can
be used to limit data sources being measured.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h | 6 --
security/integrity/ima/ima_main.c | 11 ---
2 files changed, 12 insertions(+), 5 deletions(-)
diff
integrity critical data.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
include/linux/ima.h | 6 +
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_main.c| 36
ted_kernel_data_sources will be measured.
Lakshmi Ramasubramanian (2):
IMA: add a built-in policy rule for critical data measurement
selinux: measure state and hash of the policy using IMA
Tushar Sugandhi (6):
IMA: generalize keyring specific measurement constructs
IMA: add support to measur
Including "data_source" here isn't quite right. "data source" should
only be added in the first patch which uses it, not here. When adding
it please shorten the field description to "kernel data source". The
longer explanation can be included in the longer function description.
*Question
On 2020-11-12 2:19 p.m., Mimi Zohar wrote:
On Thu, 2020-11-12 at 13:47 -0800, Tushar Sugandhi wrote:
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
process_buffer_measurement() currently only measures the input buffer.
In case of SeLinux policy measurement, the policy being
11-01 at 14:26 -0800, Tushar Sugandhi wrote:
There are several kernel subsystems that contain critical data which if
accidentally or maliciously altered, can compromise the integrity of the
system. Examples of such subsystems would include LSMs like SELinux, or
AppArmor; or device-mapper targets like
On 2020-11-06 6:01 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
Currently, IMA does not restrict random data sources from measuring
their data using ima_measure_critical_data(). Any kernel data source can
call the function, and it's data
On 2020-11-06 5:43 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
System administrators should be able to choose which kernel subsystems
they want to measure the critical data for. To enable that, an IMA policy
option to choose specific kernel
On 2020-11-06 5:24 a.m., Mimi Zohar wrote:
Hi Tushar,
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
Currently, IMA does not provide a generic function for kernel subsystems
to measure their critical data. Examples of critical data in this context
could be kernel in-memory r/o
On 2020-11-06 4:11 a.m., Mimi Zohar wrote:
Hi Tushar,
Below inline are a few additional comments.
diff --git a/security/integrity/ima/ima_main.c
b/security/integrity/ima/ima_main.c
index ae5da9f3339d..4485d87c0aa5 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/
e the subject line accordingly.
On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote:
process_buffer_measurement() currently only measures the input buffer.
In case of SeLinux policy measurement, the policy being measured could
be large (several MB). This may result in a large entry in IMA
measur
em measures its data by calling ima_measure_critical_data().
Limit the measurement to the subsystems that are specified in the IMA
policy - CRITICAL_DATA+"data_sources:=". If "data_sources:=" is not
provided with the func CRITICAL_DATA, measure the data from all the
supported k
lightened' with
'supported'.
- Reverted the unnecessary rename of attribute size to buf_len.
- Introduced a boolean parameter measure_buf_hash as per community
feedback to support measuring hash of the buffer, instead of the
buffer itself.
Lakshmi Ramasubramanian (2):
IMA: add cri
are being pushed to
the client. The attestation server will have to maintain the hash of
those buffer values.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 3 ++-
security/integrity/ima/ima_appraise.c| 2 +-
security/integrity/ima/ima_asymmetric_keys.c
func CRITICAL_DATA and a corresponding IMA hook
ima_measure_critical_data() to support measuring critical data for
various kernel subsystems.
Signed-off-by: Tushar Sugandhi
---
Documentation/ABI/testing/ima_policy | 2 +-
include/linux/ima.h | 8 ++
security/integrity/ima
ata() to validate, at run-time, that the data
source is supported before measuring the data coming from that source.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 29 +
security/integrity/ima/ima_main.c | 12
2 files changed,
From: Lakshmi Ramasubramanian
The IMA hook to measure kernel critical data, namely
ima_measure_critical_data(), could be called before a custom IMA policy
is loaded. For example, SELinux calls ima_measure_critical_data() to
measure its state and policy when they are initialized. This occurs
befor
From: Lakshmi Ramasubramanian
Critical data structures of security modules are currently not measured.
Therefore an attestation service, for instance, would not be able to
attest whether the security modules are always operating with the policies
and configurations that the system administrator h
specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h| 6 ++--
security/integrity/ima/ima_api.c| 6 ++--
security/integrity/ima/ima_main.c | 6 ++--
security/integrity/ima/ima_policy.c
Hi Mimi,
Thanks a lot for your continual engagement and
providing us valuable feedback on this work.
On 2020-10-24 8:35 p.m., Mimi Zohar wrote:
Hi Tushar,
On Wed, 2020-09-23 at 12:20 -0700, Tushar Sugandhi wrote:
There are several kernel components that contain critical data which if
1 - 100 of 149 matches
Mail list logo
