From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>,
Peter Jones <pjones@redhat.com>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>,
David Howells <dhowells@redhat.com>,
linux-wireless <linux-wireless@vger.kernel.org>,
Kalle Valo <kvalo@codeaurora.org>,
Seth Forshee <seth.forshee@canonical.com>,
Johannes Berg <johannes.berg@intel.com>,
linux-integrity@vger.kernel.org,
Hans de Goede <hdegoede@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andres Rodriguez <andresx7@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware
Date: Fri, 11 May 2018 01:00:26 -0400 [thread overview]
Message-ID: <1526014826.3414.46.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180510232639.GF27853@wotan.suse.de>
On Thu, 2018-05-10 at 23:26 +0000, Luis R. Rodriguez wrote:
> On Wed, May 09, 2018 at 10:00:58PM -0400, Mimi Zohar wrote:
> > On Wed, 2018-05-09 at 23:48 +0000, Luis R. Rodriguez wrote:
> > > On Wed, May 09, 2018 at 06:06:57PM -0400, Mimi Zohar wrote:
> >
> > > > > > Yes, writing regdb as a micro/mini LSM sounds reasonable. The LSM
> > > > > > would differentiate between other firmware and the regulatory.db based
> > > > > > on the firmware's pathname.
> > > > >
> > > > > If that is the only way then it would be silly to do the mini LSM as all
> > > > > calls would have to have the check. A special LSM hook for just the
> > > > > regulatory db also doesn't make much sense.
> > > >
> > > > All calls to request_firmware() are already going through this LSM
> > > > hook. I should have said, it would be based on both READING_FIRMWARE
> > > > and the firmware's pathname.
> > >
> > > Yes, but it would still be a strcmp() computation added for all
> > > READING_FIRMWARE. In that sense, the current arrangement is only open coding the
> > > signature verification for the regulatory.db file. One way to avoid this would
> > > be to add an LSM specific to the regulatory db
> >
> > Casey already commented on this suggestion.
>
> Sorry but I must have missed this, can you send me the email or URL where he did that?
> I never got a copy of that email I think.
My mistake. I've posted similar patches for kexec_load and for the
firmware sysfs fallback, both call security_kernel_read_file().
Casey's comment was in regards to kexec_load[1], not for the sysfs
fallback mode. Here's the link to the most recent version of the
kexec_load patches.[2]
[1] http://kernsec.org/pipermail/linux-security-module-archive/2018-May/006690.html
[2] http://kernsec.org/pipermail/linux-security-module-archive/2018-May/006854.html
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware
Date: Fri, 11 May 2018 01:00:26 -0400 [thread overview]
Message-ID: <1526014826.3414.46.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180510232639.GF27853@wotan.suse.de>
On Thu, 2018-05-10 at 23:26 +0000, Luis R. Rodriguez wrote:
> On Wed, May 09, 2018 at 10:00:58PM -0400, Mimi Zohar wrote:
> > On Wed, 2018-05-09 at 23:48 +0000, Luis R. Rodriguez wrote:
> > > On Wed, May 09, 2018 at 06:06:57PM -0400, Mimi Zohar wrote:
> >
> > > > > > Yes, writing regdb as a micro/mini LSM sounds reasonable. ?The LSM
> > > > > > would differentiate between other firmware and the regulatory.db based
> > > > > > on the firmware's pathname.
> > > > >
> > > > > If that is the only way then it would be silly to do the mini LSM as all
> > > > > calls would have to have the check. A special LSM hook for just the
> > > > > regulatory db also doesn't make much sense.
> > > >
> > > > All calls to request_firmware() are already going through this LSM
> > > > hook. ?I should have said, it would be based on both READING_FIRMWARE
> > > > and the firmware's pathname.
> > >
> > > Yes, but it would still be a strcmp() computation added for all
> > > READING_FIRMWARE. In that sense, the current arrangement is only open coding the
> > > signature verification for the regulatory.db file. One way to avoid this would
> > > be to add an LSM specific to the regulatory db
> >
> > Casey already commented on this suggestion.
>
> Sorry but I must have missed this, can you send me the email or URL where he did that?
> I never got a copy of that email I think.
My mistake. ?I've posted similar patches for kexec_load and for the
firmware sysfs fallback, both call security_kernel_read_file().
Casey's comment was in regards to kexec_load[1], not for the sysfs
fallback mode. ?Here's the link to the most recent version of the
kexec_load patches.[2]
[1]?http://kernsec.org/pipermail/linux-security-module-archive/2018-May/006690.html
[2] http://kernsec.org/pipermail/linux-security-module-archive/2018-May/006854.html
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>,
Peter Jones <pjones@redhat.com>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>,
David Howells <dhowells@redhat.com>,
linux-wireless <linux-wireless@vger.kernel.org>,
Kalle Valo <kvalo@codeaurora.org>,
Seth Forshee <seth.forshee@canonical.com>,
Johannes Berg <johannes.berg@intel.com>,
linux-integrity@vger.kernel.org,
Hans de Goede <hdegoede@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andres Rodriguez <andresx7@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware
Date: Fri, 11 May 2018 01:00:26 -0400 [thread overview]
Message-ID: <1526014826.3414.46.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180510232639.GF27853@wotan.suse.de>
On Thu, 2018-05-10 at 23:26 +0000, Luis R. Rodriguez wrote:
> On Wed, May 09, 2018 at 10:00:58PM -0400, Mimi Zohar wrote:
> > On Wed, 2018-05-09 at 23:48 +0000, Luis R. Rodriguez wrote:
> > > On Wed, May 09, 2018 at 06:06:57PM -0400, Mimi Zohar wrote:
> >
> > > > > > Yes, writing regdb as a micro/mini LSM sounds reasonable. The LSM
> > > > > > would differentiate between other firmware and the regulatory.db based
> > > > > > on the firmware's pathname.
> > > > >
> > > > > If that is the only way then it would be silly to do the mini LSM as all
> > > > > calls would have to have the check. A special LSM hook for just the
> > > > > regulatory db also doesn't make much sense.
> > > >
> > > > All calls to request_firmware() are already going through this LSM
> > > > hook. I should have said, it would be based on both READING_FIRMWARE
> > > > and the firmware's pathname.
> > >
> > > Yes, but it would still be a strcmp() computation added for all
> > > READING_FIRMWARE. In that sense, the current arrangement is only open coding the
> > > signature verification for the regulatory.db file. One way to avoid this would
> > > be to add an LSM specific to the regulatory db
> >
> > Casey already commented on this suggestion.
>
> Sorry but I must have missed this, can you send me the email or URL where he did that?
> I never got a copy of that email I think.
My mistake. I've posted similar patches for kexec_load and for the
firmware sysfs fallback, both call security_kernel_read_file().
Casey's comment was in regards to kexec_load[1], not for the sysfs
fallback mode. Here's the link to the most recent version of the
kexec_load patches.[2]
[1] http://kernsec.org/pipermail/linux-security-module-archive/2018-May/006690.html
[2] http://kernsec.org/pipermail/linux-security-module-archive/2018-May/006854.html
Mimi
next prev parent reply other threads:[~2018-05-11 5:00 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-01 13:48 [PATCH 0/6] firmware: kernel signature verification Mimi Zohar
2018-05-01 13:48 ` Mimi Zohar
2018-05-01 13:48 ` [PATCH 1/6] firmware: permit LSMs and IMA to fail firmware sysfs fallback loading Mimi Zohar
2018-05-01 13:48 ` Mimi Zohar
2018-05-04 0:02 ` Luis R. Rodriguez
2018-05-04 0:02 ` Luis R. Rodriguez
2018-05-04 0:36 ` Mimi Zohar
2018-05-04 0:36 ` Mimi Zohar
2018-05-04 0:36 ` Mimi Zohar
2018-05-01 13:48 ` [PATCH 2/6] ima: prevent sysfs fallback firmware loading Mimi Zohar
2018-05-01 13:48 ` Mimi Zohar
2018-05-04 0:06 ` Luis R. Rodriguez
2018-05-04 0:06 ` Luis R. Rodriguez
2018-05-01 13:48 ` [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware Mimi Zohar
2018-05-01 13:48 ` Mimi Zohar
2018-05-04 0:07 ` Luis R. Rodriguez
2018-05-04 0:07 ` Luis R. Rodriguez
2018-05-04 0:24 ` Mimi Zohar
2018-05-04 0:24 ` Mimi Zohar
2018-05-04 0:24 ` Mimi Zohar
2018-05-08 17:34 ` Luis R. Rodriguez
2018-05-08 17:34 ` Luis R. Rodriguez
2018-05-08 17:34 ` Luis R. Rodriguez
2018-05-09 11:30 ` Mimi Zohar
2018-05-09 11:30 ` Mimi Zohar
2018-05-09 11:30 ` Mimi Zohar
2018-05-09 19:15 ` Luis R. Rodriguez
2018-05-09 19:15 ` Luis R. Rodriguez
2018-05-09 19:15 ` Luis R. Rodriguez
2018-05-09 19:57 ` Mimi Zohar
2018-05-09 19:57 ` Mimi Zohar
2018-05-09 19:57 ` Mimi Zohar
2018-05-09 21:22 ` Luis R. Rodriguez
2018-05-09 21:22 ` Luis R. Rodriguez
2018-05-09 21:22 ` Luis R. Rodriguez
2018-05-09 22:06 ` Mimi Zohar
2018-05-09 22:06 ` Mimi Zohar
2018-05-09 22:06 ` Mimi Zohar
2018-05-09 23:48 ` Luis R. Rodriguez
2018-05-09 23:48 ` Luis R. Rodriguez
2018-05-09 23:48 ` Luis R. Rodriguez
2018-05-10 2:00 ` Mimi Zohar
2018-05-10 2:00 ` Mimi Zohar
2018-05-10 2:00 ` Mimi Zohar
2018-05-10 23:26 ` Luis R. Rodriguez
2018-05-10 23:26 ` Luis R. Rodriguez
2018-05-10 23:26 ` Luis R. Rodriguez
2018-05-11 5:00 ` Mimi Zohar [this message]
2018-05-11 5:00 ` Mimi Zohar
2018-05-11 5:00 ` Mimi Zohar
2018-05-11 21:52 ` Luis R. Rodriguez
2018-05-11 21:52 ` Luis R. Rodriguez
2018-05-11 21:52 ` Luis R. Rodriguez
2018-05-14 12:58 ` Mimi Zohar
2018-05-14 12:58 ` Mimi Zohar
2018-05-14 12:58 ` Mimi Zohar
2018-05-14 19:28 ` Luis R. Rodriguez
2018-05-14 19:28 ` Luis R. Rodriguez
2018-05-14 19:28 ` Luis R. Rodriguez
2018-05-15 2:02 ` Mimi Zohar
2018-05-15 2:02 ` Mimi Zohar
2018-05-15 2:02 ` Mimi Zohar
2018-05-15 3:26 ` Luis R. Rodriguez
2018-05-15 3:26 ` Luis R. Rodriguez
2018-05-15 3:26 ` Luis R. Rodriguez
2018-05-15 12:32 ` Josh Boyer
2018-05-15 12:32 ` Josh Boyer
2018-05-15 12:43 ` Mimi Zohar
2018-05-15 12:43 ` Mimi Zohar
2018-05-15 12:43 ` Mimi Zohar
2018-05-01 13:48 ` [PATCH 4/6] ima: coordinate with signed regulatory.db Mimi Zohar
2018-05-01 13:48 ` Mimi Zohar
2018-05-01 13:48 ` [PATCH 5/6] ima: verify kernel firmware signatures when using a preallocated buffer Mimi Zohar
2018-05-01 13:48 ` Mimi Zohar
2018-05-01 13:48 ` [RFC PATCH 6/6] ima: prevent loading firmware into a pre-allocated buffer Mimi Zohar
2018-05-01 13:48 ` Mimi Zohar
2018-05-04 0:10 ` Luis R. Rodriguez
2018-05-04 0:10 ` Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1526014826.3414.46.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=andresx7@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=johannes.berg@intel.com \
--cc=keescook@chromium.org \
--cc=kvalo@codeaurora.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=pjones@redhat.com \
--cc=seth.forshee@canonical.com \
--cc=takahiro.akashi@linaro.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.