Re: [PATCH v2] ima: export the measurement list when needed

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.ibm.com>
To: david.safford@gmail.com,
	Janne Karhunen <janne.karhunen@gmail.com>,
	linux-integrity@vger.kernel.org,
	linux-security-module <linux-security-module@vger.kernel.org>
Cc: Ken Goldman <kgold@linux.ibm.com>,
	monty.wiseman@ge.com, Amir Goldstein <amir73il@gmail.com>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH v2] ima: export the measurement list when needed
Date: Wed, 12 Feb 2020 20:03:16 -0500	[thread overview]
Message-ID: <1581555796.8515.130.camel@linux.ibm.com> (raw)
In-Reply-To: <6b787049b965c8056d0e27360e2eaa8fa2f38b35.camel@gmail.com>

On Wed, 2020-02-12 at 16:08 -0500, david.safford@gmail.com wrote:
> On Tue, 2020-02-11 at 18:10 -0500, Mimi Zohar wrote:
> > On Tue, 2020-02-11 at 11:10 -0500, david.safford@gmail.com wrote:
> 
> > > <snip>
> > > 
> > This new feature will require setting up some infrastructure for
> > storing the partial measurement list(s) in order to validate a TPM
> > quote.  Userspace already can save partial measurement list(s) without
> > any kernel changes.  The entire measurement list does not need to be
> > read each time.  lseek can read past the last record previously read.
> >  The only new aspect is truncating the in kernel measurement list in
> > order to free kernel memory.
> 
> This is a pretty important new feature.
> A lot of people can't use IMA because of the memory issue.
> Also, I really think we need to let administrators choose the tradeoffs
> of keeping the list in memory, on a local file, or only on the 
> attestation server, as best fits their use cases.

Dave, I understand that some use cases require the ability of
truncating the measurement list.  We're discussing how to truncate the
measurement list.  For example, in addition to the existing securityfs
binary_runtime_measurements file, we could define a new securityfs
file indicating the number of records to delete.

> > 
> > < snip> 
> > 
> > Until there is proof that the measurement list can be exported to a
> > file before kexec, instead of carrying the measurement list across
> > kexec, and a TPM quote can be validated after the kexec, there isn't a
> > compelling reason for the kernel needing to truncate the measurement
> > list.
> 
> If this approach doesn't work with all the kexec use cases, then it is 
> useless, and the ball is in my court to prove that it does. Fortunately
> I have to test that anyway for the coming TLV support.
> 
> Working on it...

Testing could be done independently of the TLV support.  To verify
that you aren't loosing any measurements, boot with a measurement
policy like "ima_policy=tcb" on the boot command line.

thanks,

Mimi

next prev parent reply	other threads:[~2020-02-13  1:03 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-08 11:17 [PATCH v2] ima: export the measurement list when needed Janne Karhunen
2020-01-10  8:48 ` Janne Karhunen
2020-01-22 15:56   ` Mimi Zohar
2020-01-23  8:41     ` Janne Karhunen
2020-01-26 17:01       ` Mimi Zohar
2020-01-27  9:03         ` Janne Karhunen
2020-02-06 14:13   ` Mimi Zohar
2020-02-10  8:04     ` Janne Karhunen
2020-02-10 15:26       ` Mimi Zohar
2020-02-10 18:18     ` david.safford
2020-02-10 20:24       ` Mimi Zohar
2020-02-11  8:06         ` Janne Karhunen
2020-02-11 16:10         ` david.safford
2020-02-11 23:10           ` Mimi Zohar
2020-02-12 21:08             ` david.safford
2020-02-13  1:03               ` Mimi Zohar [this message]
2020-02-13  6:41                 ` Janne Karhunen
2020-02-18 15:36                   ` Mimi Zohar
2020-02-13 20:11           ` Ken Goldman
2020-02-18 14:50             ` david.safford
2020-01-24 14:46 ` david.safford
2020-01-27  8:48   ` Janne Karhunen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1581555796.8515.130.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=amir73il@gmail.com \
    --cc=david.safford@gmail.com \
    --cc=janne.karhunen@gmail.com \
    --cc=kgold@linux.ibm.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=monty.wiseman@ge.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.