From: Mimi Zohar <zohar@linux.ibm.com>
To: Lakshmi <nramas@linux.microsoft.com>,
Linux Integrity <linux-integrity@vger.kernel.org>,
Ken Goldman <kgold@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Roberto Sassu <roberto.sassu@huawei.com>
Cc: James Morris <jamorris@linux.microsoft.com>,
Prakhar Srivastava <prsriva@linux.microsoft.com>,
Balaji Balasubramanyan <balajib@linux.microsoft.com>,
Jordan Hand <jorhand@linux.microsoft.com>
Subject: Re: [PATCH 0/2] [IMA] Measure public keys of BuiltIn Trusted Keys
Date: Thu, 06 Jun 2019 08:44:25 -0400 [thread overview]
Message-ID: <1559825065.4278.94.camel@linux.ibm.com> (raw)
In-Reply-To: <f9f2a5ab-a880-7131-d0ca-fb3b72571478@linux.microsoft.com>
On Wed, 2019-06-05 at 17:16 -0700, Lakshmi wrote:
> The motive behind this patch series is to measure the public key
> of keys in BuiltIn_Trusted_Keys keyring to IMA log.
>
> The kernel could be built with the config parameter
> CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY enabled.
> If this is done only those "IMA Signer Keys" that are signed by a key in
> the "BuiltIn Trusted Keys" or the "Secondary Trusted Keys" can be added
> to the "IMA Keyring".
>
> In other words, "IMA Signer Keys" are attested by the "Trusted Keys"
> on the client machines if the above config parameter is enabled.
>
> IMA will enumerate the keys in the Trusted Keys keyring, and measure
> them in the IMA log. On file read, IMA will validate the signature of
> the system files using "IMA Signer Key" present in "IMA Keyring".
>
> An attestation service would receive the "Trusted Keys" from
> a trusted source (which is different from the client machines it is
> attesting). The service would compare the Trusted Keys reported by
> the client with the list of known Trusted Keys. A client would be
> marked trusted by the service if and only if the keys reported
> by the client are all trusted.
>
> Using the above approach the attestation service will be attesting
> the "IMA Signer" while the clients attest the IMA Signature of
> the system files. This enables the service to attest the client
> machines by maintaining only a list of "Trusted Keys". These keys
> change much less frequently than "IMA Signer Keys". It also frees
> the service from having to maintain the "Hash of System Files"
> which would change very frequently. This approach would significantly
> reduce the maintenance cost of the service with respect to the data used
> for attesting clients.
Instead of measuring all the files in policy, Roberto's "digest lists"
proposed patch set measures only "unknown" files. Why bother with all
those messy measurements?!
In your use case scenario, will the measurement list only contain the builtin and secondary keys?
Mimi
>
> To achieve the above the patch series does the following:
> - Adds a new method in asymmetric_key_subtype to query
> the public key of the given key
> - Enumerate the keys in "BuiltIn Trusted Keys" and measure
> them to IMA log.
>
> Lakshmi (2):
> Added a new interface method namely query_public_key to
> asymmetric_key_subtype interface
> Measure keys in BuiltIn Trusted Keys keyring
>
> Documentation/crypto/asymmetric-keys.txt | 1 +
> certs/system_keyring.c | 7 ++
> crypto/asymmetric_keys/public_key.c | 7 ++
> crypto/asymmetric_keys/signature.c | 24 +++++++
> include/crypto/public_key.h | 1 +
> include/keys/asymmetric-subtype.h | 3 +
> include/keys/system_keyring.h | 9 +++
> include/linux/key.h | 32 +++++++++
> security/integrity/digsig.c | 58 +++++++++++++++++
> security/integrity/ima/Kconfig | 9 +++
> security/integrity/ima/ima_init.c | 62 ++++++++++++++++++
> security/integrity/integrity.h | 25 ++++++++
> security/keys/keyring.c | 82 ++++++++++++++++++++++++
> 13 files changed, 320 insertions(+)
>
next prev parent reply other threads:[~2019-06-06 12:45 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-06 0:16 [PATCH 0/2] [IMA] Measure public keys of BuiltIn Trusted Keys Lakshmi
2019-06-06 12:44 ` Mimi Zohar [this message]
2019-06-06 16:58 ` Lakshmi
2019-06-07 14:14 ` Ken Goldman
2019-06-07 17:15 ` Lakshmi
2019-06-10 17:02 ` Lakshmi
2019-06-11 12:22 ` Mimi Zohar
2019-06-11 17:13 ` Mimi Zohar
2019-06-12 16:47 ` Jordan Hand
2019-06-12 18:32 ` Mimi Zohar
2019-06-17 17:04 ` Ken Goldman
2019-06-17 23:42 ` Lakshmi
2019-06-18 1:31 ` Matthew Garrett
2019-06-10 16:57 ` Jordan Hand
2019-06-18 17:31 ` Ken Goldman
2019-06-18 17:52 ` Jordan Hand
2019-06-25 20:27 ` Lakshmi
2019-07-16 16:33 ` Lakshmi
2019-07-16 17:51 ` Mimi Zohar
2019-07-16 23:39 ` Lakshmi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1559825065.4278.94.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=balajib@linux.microsoft.com \
--cc=dhowells@redhat.com \
--cc=jamorris@linux.microsoft.com \
--cc=jorhand@linux.microsoft.com \
--cc=kgold@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=prsriva@linux.microsoft.com \
--cc=roberto.sassu@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).