From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16B76C3A5A6 for ; Thu, 19 Sep 2019 17:13:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E1DDC20644 for ; Thu, 19 Sep 2019 17:13:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390179AbfISRNH (ORCPT ); Thu, 19 Sep 2019 13:13:07 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:31054 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2389131AbfISRNG (ORCPT ); Thu, 19 Sep 2019 13:13:06 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x8JGva07076368 for ; Thu, 19 Sep 2019 13:13:06 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0b-001b2d01.pphosted.com with ESMTP id 2v4ddt9472-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Sep 2019 13:13:05 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 19 Sep 2019 18:13:03 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 19 Sep 2019 18:13:00 +0100 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x8JHCxqv50331838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Sep 2019 17:12:59 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A8828A405B; Thu, 19 Sep 2019 17:12:59 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A7683A4054; Thu, 19 Sep 2019 17:12:58 +0000 (GMT) Received: from dhcp-9-31-103-196.watson.ibm.com (unknown [9.31.103.196]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 19 Sep 2019 17:12:58 +0000 (GMT) Subject: Re: [PATCH 0/1] KEYS: Measure keys in trusted keyring From: Mimi Zohar To: Sasha Levin Cc: Lakshmi Ramasubramanian , linux-integrity@vger.kernel.org, Matthew Garrett , jamorris@linux.microsoft.com, kgoldman@us.ibm.com, "Wiseman, Monty (GE Global Research, US)" , Roberto Sassu , Greg KH Date: Thu, 19 Sep 2019 13:12:58 -0400 In-Reply-To: <20190919131851.GA8171@sasha-vm> References: <20190828002735.31025-1-nramas@linux.microsoft.com> <1567041083.6115.133.camel@linux.ibm.com> <1567190507.10024.134.camel@linux.ibm.com> <2cd27f52-1029-bcea-c73b-7d3d002cf030@linux.microsoft.com> <1568035881.4614.347.camel@linux.ibm.com> <20190919131851.GA8171@sasha-vm> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19091917-0020-0000-0000-0000036F2CC8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19091917-0021-0000-0000-000021C4DC46 Message-Id: <1568913178.4733.89.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-09-19_05:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909190148 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Thu, 2019-09-19 at 09:18 -0400, Sasha Levin wrote: > We do not restrict end use of the kernel; this is one of the main > reasons that the kernel is licensed under GPLv2 rather than GPLv3. > Please see https://lwn.net/Articles/200422/ . That's from a licensing perspective.  Linus has full control of what is upstreamed. > > We'd love to work with you on the technical aspects of this code to make > it acceptable to the IMA maintainers, but this work can't just be NACKed > based on a perceived end use of it. Perhaps if more people/companies thought about how technology could be abused, before creating it, we, as a society, wouldn't be where we are today. On 9/1 I commented on this patch set from a technical perspective, saying: IMA measures, appraises, and audits files based on policy[1]. If you're going to measure keys, all of the code should be within the IMA subdirectory. The only code outside of the IMA subdirectory is either an LSM or IMA hook. If an LSM hook already exists, use it. If an LSM hook doesn't exist and the location is generic that other LSMs would be interested, define a new LSM hook, otherwise define a new IMA hook. For example, to measure /boot/cmdline, the rule is "measure func=KEXEC_CMDLINE template=ima-buf". A similar rule for measuring keys would look something like "measure func=KEYS template=ima-buf pcr=". Remember "ifdef's" don't belong in C code[2]. Normally a stub function is defined in an include file to avoid ifdefs. Mimi [1] Documentation/ABI/testing/ima_policy [2] Refer to Documentation/process/coding-style.rst section "21) Conditional Compilation".