Re: [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache

[Eric Snowberg <eric.snowberg@oracle.com>]

> On Nov 26, 2024, at 3:41 AM, Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
> 
> On Tue, 2024-11-26 at 00:13 +0000, Eric Snowberg wrote:
>> 
>>> On Nov 19, 2024, at 3:49 AM, Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
>>> 
>>> From: Roberto Sassu <roberto.sassu@huawei.com>
>>> 
>>> The Integrity Digest Cache can also help IMA for appraisal. IMA can simply
>>> lookup the calculated digest of an accessed file in the list of digests
>>> extracted from package headers, after verifying the header signature. It is
>>> sufficient to verify only one signature for all files in the package, as
>>> opposed to verifying a signature for each file.
>> 
>> Is there a way to maintain integrity over time?  Today if a CVE is discovered 
>> in a signed program, the program hash can be added to the blacklist keyring. 
>> Later if IMA appraisal is used, the signature validation will fail just for that 
>> program.  With the Integrity Digest Cache, is there a way to do this?  
> 
> As far as I can see, the ima_check_blacklist() call is before
> ima_appraise_measurement(). If it fails, appraisal with the Integrity
> Digest Cache will not be done.


It is good the program hash would be checked beforehand and fail if it is 
contained on the list. 

The .ima keyring may contain many keys.  If one of the keys was later 
revoked and added to the .blacklist, wouldn't this be missed?  It would 
be caught during signature validation when the file is later appraised, but 
now this step isn't taking place.  Correct?

With IMA appraisal, it is easy to maintain authenticity but challenging to 
maintain integrity over time. In user-space there are constantly new CVEs.  
To maintain integrity over time, either keys need to be rotated in the .ima 
keyring or program hashes need to be frequently added to the .blacklist.   
If neither is done, for an end-user on a distro, IMA-appraisal basically 
guarantees authenticity.

While I understand the intent of the series is to increase performance, 
have you considered using this to give the end-user the ability to maintain 
integrity of their system?  What I mean is, instead of trying to import anything 
from an RPM, just have the end-user provide this information in some format 
to the Digest Cache.  User-space tools could be built to collect and format 
the data needed by the Digest Cache.  This data  may allow multiple versions 
of the same program.  The data would then be signed by one of the system 
kernel keys (either something in the secondary or machine keyring), to maintain 
a root of trust.  This would give the end-user the ability to have integrity however 
they see fit.  This leaves the distro to provide signed programs and the end-user 
the ability to decide what level of software they want to run on their system.  If 
something isn't in the Digest Cache, it gets bumped down to the traditional 
IMA-appraisal.  I think it would simplify the problem you are trying to solve, 
especially around the missing kernel PGP code required for all this to work, 
since it wouldn't be necessary.   With this approach, besides the performance 
gain, the end-user would gain the ability to maintain integrity that is enforced by
the kernel.