| Message ID | 20210528073812.407936-1-roberto.sassu@huawei.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | ima: Add template fields to verify EVM portable signatures | expand |
On Fri, 2021-05-28 at 09:38 +0200, Roberto Sassu wrote: > The recent patch set 'evm: Improve usability of portable signatures' added > the possibility to include EVM portable signatures in the IMA measurement > list. > > However, the information necessary to verify the signature were not > included in the IMA measurement list. This patch set introduces new > template fields to accomplish this goal: > > - 'iuid': the inode UID; > - 'igid': the inode GID; > - 'imode': the inode mode; > - 'xattrnames': a list of xattr names (separated by |), only if the xattr is > present; > - 'xattrlengths': a list of xattr lengths (u32), only if the xattr is present; > - 'xattrvalues': a list of xattr values; > > Patch 1 adds an helper function to show integers in the measurement list. > Patches 2, 3 and 5 introduce new template fields. Patch 4 make it possible > to verify EVM portable signatures which protect xattrs belonging to LSMs > not enabled in the target platform. Patch 6 introduces the new IMA template > evm-sig. Patch 7 fixes a small issue in evm_write_xattrs() when audit is > not enabled. Thanks, Roberto. Applied to: git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing branch. Mimi
The recent patch set 'evm: Improve usability of portable signatures' added the possibility to include EVM portable signatures in the IMA measurement list. However, the information necessary to verify the signature were not included in the IMA measurement list. This patch set introduces new template fields to accomplish this goal: - 'iuid': the inode UID; - 'igid': the inode GID; - 'imode': the inode mode; - 'xattrnames': a list of xattr names (separated by |), only if the xattr is present; - 'xattrlengths': a list of xattr lengths (u32), only if the xattr is present; - 'xattrvalues': a list of xattr values; Patch 1 adds an helper function to show integers in the measurement list. Patches 2, 3 and 5 introduce new template fields. Patch 4 make it possible to verify EVM portable signatures which protect xattrs belonging to LSMs not enabled in the target platform. Patch 6 introduces the new IMA template evm-sig. Patch 7 fixes a small issue in evm_write_xattrs() when audit is not enabled. This patch set has been tested with: https://github.com/robertosassu/ima-evm-utils/blob/ima-template-fields-v2-devel-v5/tests/verify_evmsig.test https://github.com/robertosassu/ima-evm-utils/blob/ima-template-fields-v2-devel-v5/tests/evm_hmac_non_enabled_xattrs.test The first test aims at checking whether the EVM portable signature included in the measurement list can be verified with the information also in the measurement list. It uses two methods for the verification: the first creates a copy of a measured file, sets metadata parsed from the measurement list to that copy and calls evmctl to verify the signature; the second lets evmctl verify the measurement list directly. The test is performed without and with an idmapped mount. Given that IMA always provides the original UID and GID, no more actions are needed in the second case. The second test verifies that setting a non-enabled xattr does not change the HMAC. The test results are available at: https://travis-ci.com/github/robertosassu/ima-evm-utils/jobs/508604164 https://travis-ci.com/github/robertosassu/ima-evm-utils/jobs/508604168 This patch set has been also tested on s390x, with and without the canonical format enabled (the test results are not shown, as the UML kernel used in Travis is not available for this architecture). Changelog v1: - remove the mntuidmap and mntgidmap template fields and always display the original inode UID and GID (suggested by Christian Brauner) - replace the evmxattrs template field with xattrnames, xattrlengths and xattrvalues (suggested by Mimi) - introduce the new IMA template evm-sig (suggested by Mimi) - use only one variable in ima_eventinodedac_init_common() (suggested by Mimi) Roberto Sassu (7): ima: Add ima_show_template_uint() template library function ima: Define new template fields iuid and igid ima: Define new template field imode evm: Verify portable signatures against all protected xattrs ima: Define new template fields xattrnames, xattrlengths and xattrvalues ima: Define new template evm-sig evm: Don't return an error in evm_write_xattrs() if audit is not enabled Documentation/security/IMA-templates.rst | 8 + include/linux/evm.h | 16 ++ security/integrity/evm/evm.h | 1 + security/integrity/evm/evm_crypto.c | 7 + security/integrity/evm/evm_main.c | 125 ++++++++++++++-- security/integrity/evm/evm_secfs.c | 18 ++- security/integrity/ima/ima_template.c | 18 +++ security/integrity/ima/ima_template_lib.c | 169 +++++++++++++++++++++- security/integrity/ima/ima_template_lib.h | 14 ++ 9 files changed, 362 insertions(+), 14 deletions(-)