Re: [PATCH v5 0/8] ima: kexec: measure events between kexec load and execute

[Mimi Zohar <zohar@linux.ibm.com>]

On Wed, 2024-02-14 at 07:38 -0800, Tushar Sugandhi wrote:
> The current Kernel behavior is IMA measurements snapshot is taken at
> kexec 'load' and not at kexec 'execute'.  IMA log is then carried
> over to the new Kernel after kexec 'execute'.

'Kernel' should not be capitalized since it isn't a proper name.  'Linux' would
be capitalized (e.g. The Linux kernel).

-> "The IMA measurement list is copied at kexec 'load', not kexec 'execute',
before being carried over to the new kexec'ed kernel.

Mimi

> 
> New events can be measured during/after the IMA log snapshot at kexec 
> 'load' and before the system boots to the new Kernel.  In this scenario,
> the TPM PCRs are extended with these events, but they are not carried
> over to the new Kernel after kexec soft reboot since the snapshot is
> already taken.  This results in mismatch between TPM PCR quotes and the
> actual IMA measurements list after kexec soft reboot, which in turn
> results in remote attestation failure.
> 
> To solve this problem - 
>  - allocate the necessary buffer at kexec 'load' time,
>  - populate the buffer with the IMA measurements at kexec 'execute' time, 
>  - and measure two new IMA events 'kexec_load' and 'kexec_execute' as
>    critical data to help detect missing events after kexec soft reboot.
> 
> The solution details include:
>  - refactoring the existing code to allocate a buffer to hold IMA
>    measurements at kexec 'load', and dump the measurements at kexec
>    'execute'
> 
>  - IMA functionality to suspend and resume measurements as needed during
>    buffer copy at kexec 'execute',
> 
>  - kexec functionality for mapping the segments from the current Kernel
>    to the subsequent one, 
> 
>  - necessary changes to the kexec_file_load syscall, enabling it to call
>    the ima functions,
> 
>  - registering a reboot notifier which gets called during kexec 
>    'execute',
> 
>  - introducing a new Kconfig option to configure the extra memory to be
>    allocated for passing IMA log from the current Kernel to the next,
>    
>  - introducing two new events to be measured by IMA during kexec, to
>    help diagnose if the IMA log was copied fully or partially, from the
>    current Kernel to the next,
> 
>  - excluding IMA segment while calculating and storing digest in function
>    kexec_calculate_store_digests(), since IMA segment can be modified
>    after the digest is computed during kexec 'load'.  This will ensure
>    that the segment is not added to the 'purgatory_sha_regions', and thus
>    not verified by verify_sha256_digest().
> 
> The changes proposed in this series ensure the integrity of the IMA
> measurements is preserved across kexec soft reboots, thus significantly
> improving the security of the Kernel post kexec soft reboots.
> 
> There were previous attempts to fix this issue [1], [2], [3].  But they
> were not merged into the mainline Kernel.
> 
> We took inspiration from the past work [1] and [2] while working on this
> patch series.
> 
> V4 of this series is available here[6] for reference.
>