| Message ID | 20231005182602.634615-1-tusharsu@linux.microsoft.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | ima: kexec: measure events between kexec load and execute | expand |
On Fri, 2023-10-27 at 11:18 -0400, Mimi Zohar wrote: > On Thu, 2023-10-05 at 11:25 -0700, Tushar Sugandhi wrote: > > The current Kernel behavior is IMA measurements snapshot is taken at > > kexec 'load' and not at kexec 'execute'. IMA log is then carried > > over to the new Kernel after kexec 'execute'. > > > > Some systems can be configured to call kexec 'load' first, and followed > > by kexec 'execute' after some time. (as opposed to calling 'load' and > > 'execute' in one single kexec command). > > Additional measurements may be introduced by the kexec load itself. > Saving the measurement list as close as possible to the reboot is > beneficial, whether or not the kexec load and kexec execute are > executed separately. > > > In such scenario, if new IMA > > measurements are added between kexec 'load' and kexec 'execute', the > > TPM PCRs are extended with the IMA events between 'load' and 'execute'. > > But those IMA events are not carried over to the new Kernel after kexec > > soft reboot. This results in mismatch between TPM PCR quotes, and the > > actual IMA measurements list, after the system boots into the new kexec > > image. This mismatch results in the remote attestation failing for that > > system. > > > > This patch series proposes a solution to solve this problem by allocating > > the necessary buffer at kexec 'load' time, and populating the buffer > > with the IMA measurements at kexec 'execute' time. > > How about beginning the paragraph with "To solve this problem allocate > ... and populate ..." Does this patch set take into account kexec_calculate_store_digests(), which is called from kexec_load, and verify_sha256_digest()?
On 10/27/23 08:18, Mimi Zohar wrote: > On Thu, 2023-10-05 at 11:25 -0700, Tushar Sugandhi wrote: >> The current Kernel behavior is IMA measurements snapshot is taken at >> kexec 'load' and not at kexec 'execute'. IMA log is then carried >> over to the new Kernel after kexec 'execute'. >> >> Some systems can be configured to call kexec 'load' first, and followed >> by kexec 'execute' after some time. (as opposed to calling 'load' and >> 'execute' in one single kexec command). > > Additional measurements may be introduced by the kexec load itself. > Saving the measurement list as close as possible to the reboot is > beneficial, whether or not the kexec load and kexec execute are > executed separately. > True. What I am trying to say here is the longer the window between 'load' and 'execute', greater are the chances of measurements getting added. But as long as a single measurement gets added between 'load' and 'execute', it will break the attestation after kexec soft-reboot. So maybe the above line in the patch description is not necessary. I will remove. >> In such scenario, if new IMA >> measurements are added between kexec 'load' and kexec 'execute', the >> TPM PCRs are extended with the IMA events between 'load' and 'execute'. >> But those IMA events are not carried over to the new Kernel after kexec >> soft reboot. This results in mismatch between TPM PCR quotes, and the >> actual IMA measurements list, after the system boots into the new kexec >> image. This mismatch results in the remote attestation failing for that >> system. >> >> This patch series proposes a solution to solve this problem by allocating >> the necessary buffer at kexec 'load' time, and populating the buffer >> with the IMA measurements at kexec 'execute' time. > > How about beginning the paragraph with "To solve this problem allocate > ... and populate ..." > Sure. Will do. ~Tushar
On 10/27/23 12:51, Mimi Zohar wrote: > Does this patch set take into account kexec_calculate_store_digests(), > which is called from kexec_load, and verify_sha256_digest()? I am not yet sure if my patches will impact the kexec_calculate_store_digests() and verify_sha256_digest() functionality. I will investigate further and get back to you as soon as possible. Thanks for bringing this up Mimi. ~Tushar
The current Kernel behavior is IMA measurements snapshot is taken at kexec 'load' and not at kexec 'execute'. IMA log is then carried over to the new Kernel after kexec 'execute'. Some systems can be configured to call kexec 'load' first, and followed by kexec 'execute' after some time. (as opposed to calling 'load' and 'execute' in one single kexec command). In such scenario, if new IMA measurements are added between kexec 'load' and kexec 'execute', the TPM PCRs are extended with the IMA events between 'load' and 'execute'. But those IMA events are not carried over to the new Kernel after kexec soft reboot. This results in mismatch between TPM PCR quotes, and the actual IMA measurements list, after the system boots into the new kexec image. This mismatch results in the remote attestation failing for that system. This patch series proposes a solution to solve this problem by allocating the necessary buffer at kexec 'load' time, and populating the buffer with the IMA measurements at kexec 'execute' time. The solution includes: - refactoring the existing code to allocate a buffer to hold IMA measurements at kexec 'load', and dump the measurements at kexec 'execute' - ima functionality to suspend and resume measurements as needed during buffer copy at kexec 'execute', - ima functionality for mapping the measurement list from the current Kernel to the subsequent one, - necessary changes to the kexec_file_load syscall, enabling it to call the ima functions, - registering a reboot notifier which gets called during kexec 'execute', - introducing a new Kconfig option to configure the amount of memory to be allocated for passing IMA log from the current Kernel to the next, - introducing two new events to be measured by IMA during kexec, to help diagnose if the IMA log was copied fully or partially, from the current Kernel to the next, The modifications proposed in this series ensure the integrity of the ima measurements is preserved across kexec soft reboots, thus significantly improving the security of the Kernel post kexec soft reboots. There were previous attempts to fix this issue [1], [2], [3]. But they were not merged into the mainline Kernel. We took inspiration from the past work [1] and [2] while working on this patch series. References: ----------- [1] [PATHC v2 5/9] ima: on soft reboot, save the measurement list https://lore.kernel.org/lkml/1472596811-9596-6-git-send-email-zohar@linux.vnet.ibm.com/ [2] PATCH v2 4/6] kexec_file: Add mechanism to update kexec segments. https://lkml.org/lkml/2016/8/16/577 [3] [PATCH 1/6] kexec_file: Add buffer hand-over support https://lore.kernel.org/linuxppc-dev/1466473476-10104-6-git-send-email-bauerman@linux.vnet.ibm.com/T/ Change Log v2: - Incorporated feedback from the community on v1 series. - Refactored the existing ima_dump_measurement_list to move buffer allocation functionality to ima_alloc_kexec_buf() function. - Introduced a new Kconfig option to configure the memory. - Updated the logic to copy the IMA log only in case of kexec soft reboot, and not on kexec crash. - Updated the logic to copy as many IMA events as possible in case of memory constraint, rather than just bailing out. - Introduced two new events to be measured by IMA during kexec, to help diagnose if the IMA log was copied fully or partially from the current Kernel to the next. - Refactored patches to ensure no warnings during individual patch compilation. - Used virt_to_page instead of phys_to_page. - Updated patch descriptions as necessary. Tushar Sugandhi (7): ima: refactor ima_dump_measurement_list to move memory allocation to a separate function ima: move ima_dump_measurement_list call from kexec load to execute ima: kexec: map source pages containing IMA buffer to image post kexec load kexec: update kexec_file_load syscall to call ima_kexec_post_load ima: suspend measurements while the buffer is being copied during kexec reboot ima: make the memory for events between kexec load and exec configurable ima: record log size at kexec load and execute include/linux/ima.h | 3 + include/linux/kexec.h | 13 ++ kernel/kexec_core.c | 73 ++++++++- kernel/kexec_file.c | 8 + security/integrity/ima/Kconfig | 9 ++ security/integrity/ima/ima.h | 2 + security/integrity/ima/ima_kexec.c | 246 ++++++++++++++++++++++++----- security/integrity/ima/ima_queue.c | 31 ++++ 8 files changed, 341 insertions(+), 44 deletions(-)