IMA vs TPM (i2c) builtin driver boot order

Message ID	9b98d912-ba78-402c-a5c8-154bef8794f7@smile.fr (mailing list archive)
State	New
Headers	show Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C132F146019 for <linux-integrity@vger.kernel.org>; Tue, 25 Jun 2024 08:22:52 +0000 (UTC) Message-ID: <9b98d912-ba78-402c-a5c8-154bef8794f7@smile.fr> Date: Tue, 25 Jun 2024 10:22:50 +0200 Precedence: bulk MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: fr, en-US To: linux-integrity@vger.kernel.org From: Romain Naour <romain.naour@smile.fr> Subject: IMA vs TPM (i2c) builtin driver boot order Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit
Series	IMA vs TPM (i2c) builtin driver boot order \| expand IMA vs TPM (i2c) builtin driver boot order

Message ID

9b98d912-ba78-402c-a5c8-154bef8794f7@smile.fr (mailing list archive)

State

New

Headers

Message-ID: <9b98d912-ba78-402c-a5c8-154bef8794f7@smile.fr>
Date: Tue, 25 Jun 2024 10:22:50 +0200
Precedence: bulk
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: fr, en-US
To: linux-integrity@vger.kernel.org
From: Romain Naour <romain.naour@smile.fr>
Subject: IMA vs TPM (i2c) builtin driver boot order
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Series

IMA vs TPM (i2c) builtin driver boot order | expand

Commit Message

Romain Naour June 25, 2024, 8:22 a.m. UTC

Hello,

I'm using the kernel 6.1.80-ti-arm64-r50 provided by Debian Bullseye image for
the beaglebone-ai-64 [1] (the same happen with a Yocto/Buildroot based image
with the latest 6.9.x vanilla kernel)

  $ uname -a
  Linux BeagleBone 6.1.80-ti-arm64-r50 #1 bullseye SMP PREEMPT_DYNAMIC Fri May
24 19:44:30 UTC 2024 aarch64 GNU/Linux

But I noticed that the i2c bus is probed after the IMA/EVM infra.
What if a TPM is connected by i2c bus ?

[ 1.306865] ima: No TPM chip found, activating TPM-bypass!
...
[ 1.370601] ti-sci 44083000.system-controller: ABI: 3.1 (firmware rev 0x0015
'21.5.0--v2021.05 (Terrific Llam')
[ 1.428399] omap_i2c 42120000.i2c: bus 0 rev0.12 at 400 kHz
[ 1.434666] omap_i2c 2000000.i2c: bus 4 rev0.12 at 400 kHz
[ 1.440738] omap_i2c 2010000.i2c: bus 5 rev0.12 at 400 kHz
[ 1.446798] omap_i2c 2020000.i2c: bus 2 rev0.12 at 100 kHz
[ 1.452907] omap_i2c 2030000.i2c: bus 6 rev0.12 at 400 kHz
[ 1.458983] omap_i2c 2040000.i2c: bus 3 rev0.12 at 100 kHz
[ 1.465082] omap_i2c 2050000.i2c: bus 7 rev0.12 at 400 kHz
[ 1.471146] omap_i2c 2060000.i2c: bus 1 rev0.12 at 100 kHz

I'm not sure this issue is really specific to the board, there were a similar
issue on rpi board:

  https://github.com/Cybersecurity-LINKS/tpm-ima-patch

After digging into this problem, I did two changes to ima/evm driver to replace
late_initcall() by late_initcall_sync()
(Tested on a vanilla 6.6.33 kernel)


Now, the IMA/EVM stack are initialized *after* the TPM device.

[    0.285986] omap_i2c 42120000.i2c: bus 0 rev0.12 at 400 kHz
[    0.286706] omap_i2c 2000000.i2c: bus 4 rev0.12 at 400 kHz
[    0.287382] omap_i2c 2010000.i2c: bus 5 rev0.12 at 400 kHz
[    0.331503] tpm_tis_i2c 2-002e: 2.0 TPM (device-id 0x1C, rev-id 22)
[    0.677185] omap_i2c 2020000.i2c: bus 2 rev0.12 at 100 kHz
[    0.677904] omap_i2c 2030000.i2c: bus 6 rev0.12 at 400 kHz
[    0.678557] omap_i2c 2040000.i2c: bus 3 rev0.12 at 100 kHz
[    0.679167] omap_i2c 2050000.i2c: bus 7 rev0.12 at 400 kHz
[    0.679792] omap_i2c 2060000.i2c: bus 1 rev0.12 at 100 kHz

[    3.062788] ima: Allocated hash algorithm: sha256

[    3.318975] ima: No architecture policies found
[    3.323536] evm: Initialising EVM extended attributes:
[    3.328662] evm: security.selinux (disabled)
[    3.332919] evm: security.SMACK64 (disabled)
[    3.337177] evm: security.SMACK64EXEC (disabled)
[    3.341781] evm: security.SMACK64TRANSMUTE (disabled)
[    3.346819] evm: security.SMACK64MMAP (disabled)
[    3.351422] evm: security.apparmor (disabled)
[    3.355764] evm: security.ima
[    3.358721] evm: security.capability
[    3.362285] evm: HMAC attrs: 0x1

Thoughts?

Initially reported on TI forum and Beaglebord Discord [2]

[1]: https://www.beagleboard.org/boards/beaglebone-ai-64
[2]:
https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1375425/tda4vm-ima-vs-tpm-builtin-driver-boot-order

Best regards,
Romain

Comments

Mimi Zohar June 25, 2024, 8:17 p.m. UTC | #1

Hi Romain,

On Tue, 2024-06-25 at 10:22 +0200, Romain Naour wrote:
> Hello,
> 
> I'm using the kernel 6.1.80-ti-arm64-r50 provided by Debian Bullseye image for
> the beaglebone-ai-64 [1] (the same happen with a Yocto/Buildroot based image
> with the latest 6.9.x vanilla kernel)
> 
>   $ uname -a
>   Linux BeagleBone 6.1.80-ti-arm64-r50 #1 bullseye SMP PREEMPT_DYNAMIC Fri May
> 24 19:44:30 UTC 2024 aarch64 GNU/Linux
> 
> But I noticed that the i2c bus is probed after the IMA/EVM infra.
> What if a TPM is connected by i2c bus ?
> 
> [ 1.306865] ima: No TPM chip found, activating TPM-bypass!
> ...
> [ 1.370601] ti-sci 44083000.system-controller: ABI: 3.1 (firmware rev 0x0015
> '21.5.0--v2021.05 (Terrific Llam')
> [ 1.428399] omap_i2c 42120000.i2c: bus 0 rev0.12 at 400 kHz
> [ 1.434666] omap_i2c 2000000.i2c: bus 4 rev0.12 at 400 kHz
> [ 1.440738] omap_i2c 2010000.i2c: bus 5 rev0.12 at 400 kHz
> [ 1.446798] omap_i2c 2020000.i2c: bus 2 rev0.12 at 100 kHz
> [ 1.452907] omap_i2c 2030000.i2c: bus 6 rev0.12 at 400 kHz
> [ 1.458983] omap_i2c 2040000.i2c: bus 3 rev0.12 at 100 kHz
> [ 1.465082] omap_i2c 2050000.i2c: bus 7 rev0.12 at 400 kHz
> [ 1.471146] omap_i2c 2060000.i2c: bus 1 rev0.12 at 100 kHz
> 
> I'm not sure this issue is really specific to the board, there were a similar
> issue on rpi board:
> 
>   https://github.com/Cybersecurity-LINKS/tpm-ima-patch
> 
> After digging into this problem, I did two changes to ima/evm driver to replace
> late_initcall() by late_initcall_sync()
> (Tested on a vanilla 6.6.33 kernel)
> 
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index ff9a939dad8e..339f6e8d7e56 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -960,4 +960,4 @@ static int __init init_evm(void)
>         return error;
>  }
> 
> -late_initcall(init_evm);
> +late_initcall_sync(init_evm);  /* Start EVM after the IMA */
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index cc1217ac2c6f..1e9417ffdf08 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -1120,4 +1120,4 @@ static int __init init_ima(void)
>         return error;
>  }
> 
> -late_initcall(init_ima);       /* Start IMA after the TPM is available */
> +late_initcall_sync(init_ima);  /* Start IMA after the TPM is available */
> 
> Now, the IMA/EVM stack are initialized *after* the TPM device.
> 
> [    0.285986] omap_i2c 42120000.i2c: bus 0 rev0.12 at 400 kHz
> [    0.286706] omap_i2c 2000000.i2c: bus 4 rev0.12 at 400 kHz
> [    0.287382] omap_i2c 2010000.i2c: bus 5 rev0.12 at 400 kHz
> [    0.331503] tpm_tis_i2c 2-002e: 2.0 TPM (device-id 0x1C, rev-id 22)
> [    0.677185] omap_i2c 2020000.i2c: bus 2 rev0.12 at 100 kHz
> [    0.677904] omap_i2c 2030000.i2c: bus 6 rev0.12 at 400 kHz
> [    0.678557] omap_i2c 2040000.i2c: bus 3 rev0.12 at 100 kHz
> [    0.679167] omap_i2c 2050000.i2c: bus 7 rev0.12 at 400 kHz
> [    0.679792] omap_i2c 2060000.i2c: bus 1 rev0.12 at 100 kHz
> 
> [    3.062788] ima: Allocated hash algorithm: sha256
> 
> [    3.318975] ima: No architecture policies found
> [    3.323536] evm: Initialising EVM extended attributes:
> [    3.328662] evm: security.selinux (disabled)
> [    3.332919] evm: security.SMACK64 (disabled)
> [    3.337177] evm: security.SMACK64EXEC (disabled)
> [    3.341781] evm: security.SMACK64TRANSMUTE (disabled)
> [    3.346819] evm: security.SMACK64MMAP (disabled)
> [    3.351422] evm: security.apparmor (disabled)
> [    3.355764] evm: security.ima
> [    3.358721] evm: security.capability
> [    3.362285] evm: HMAC attrs: 0x1
> 
> Thoughts?
> 
> Initially reported on TI forum and Beaglebord Discord [2]
> 
> [1]: https://www.beagleboard.org/boards/beaglebone-ai-64
> [2]:
> https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1375425/tda4vm-ima-vs-tpm-builtin-driver-boot-order

As long as IMA (and EVM) are initialized before accessing files from real root
or loading kernel modules, I don't have a problem with moving it to
late_initcall_sync().

Please post the IMA and EVM patches here on the linux-integrity mailing list.

thanks,

Mimi

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index ff9a939dad8e..339f6e8d7e56 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -960,4 +960,4 @@  static int __init init_evm(void)
        return error;
 }

-late_initcall(init_evm);
+late_initcall_sync(init_evm);  /* Start EVM after the IMA */
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index cc1217ac2c6f..1e9417ffdf08 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -1120,4 +1120,4 @@  static int __init init_ima(void)
        return error;
 }

-late_initcall(init_ima);       /* Start IMA after the TPM is available */
+late_initcall_sync(init_ima);  /* Start IMA after the TPM is available */

IMA vs TPM (i2c) builtin driver boot order

Commit Message

Comments

Patch