Re: [PATCH 4/4] integrity: CA enforcement in machine keyring

[Eric Snowberg <eric.snowberg@oracle.com>]

> On Mar 7, 2022, at 11:36 AM, Stefan Berger <stefanb@linux.ibm.com> wrote:
> 
> 
> 
> On 3/7/22 13:13, Eric Snowberg wrote:
>>> On Mar 4, 2022, at 4:19 PM, Stefan Berger <stefanb@linux.ibm.com> wrote:
>>> 
>>> 
>>> On 3/1/22 12:36, Eric Snowberg wrote:
>>>> When INTEGRITY_MACHINE_KEYRING is set, all Machine Owner Keys (MOK)
>>>> are loaded into the machine keyring.  Add a new
>>>> INTEGRITY_MACHINE_KEYRING_CA_ENFORCED option where only MOK CA keys are
>>>> added.
>>>> 
>>>> Set the restriction check to restrict_link_by_ca.  This will only allow
>>>> CA keys into the machine keyring. Unlike when INTEGRITY_MACHINE_KEYRING
>>>> is enabled, IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY may
>>>> also be enabled, allowing IMA to use keys in the machine keyring as
>>>> another trust anchor.
>>> 
>>> I tried to test this but could only do it by disabling the MokListTrustedRT variable check and then also the check for secure boot. It did load the expected keys onto the .machine keyring, enforcing the x509 indicating a self-signed CA if the compile time option CONFIG_INTEGRITY_MACHINE_KEYRING_CA_ENFORCED=y was set, loading all keys in the case of CONFIG_INTEGRITY_MACHINE_KEYRING=y.
>>> 
>>> I tried with this branch here from mokutils https://github.com/esnowberg/mokutil/tree/trust-mok but this seems to create an EFI variable with a different name. I guess this is the wrong branch?
>> Thanks for testing.  During the shim review, Peter requested an EFI variable name
>> change. This did not impact anything in the kernel.  However it did impact mokutil.
>> The necessary mokutil changes are available in this pull request:
>> https://github.com/lcp/mokutil/pull/49
> 
> The following is in Jarkko's tree:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/commit/?id=4d83e5144e224b90f6589d11b5fecde33c0dd211
> 
> 
> +
> +/*
> + * Try to load the MokListTrustedRT MOK variable to see if we should trust
> + * the MOK keys within the kernel. It is not an error if this variable
> + * does not exist.  If it does not exist, MOK keys should not be trusted
> + * within the machine keyring.
> + */
> +static __init bool uefi_check_trust_mok_keys(void)
> +{
> +	struct efi_mokvar_table_entry *mokvar_entry;
> +
> +	mokvar_entry = efi_mokvar_entry_find("MokListTrustedRT");
> +
> +	if (mokvar_entry)
> +		return true;
> +
> +	return false;
> +}
> 
> I don't think this works  with your mokutil PR:
> 
> static int
> trust_mok_keys()
> {
> 	return set_toggle("MokListTrustedNew", 0);
> }
> 
> From what I saw, MokListTrustedRT searches for a mok-variable entry in the MOK-specific directory in sysfs while MokListTrustedNew creates one in the EFI dir…

MokListTrustedNew is set by mokutil.  The variable is then used by MokManager.  
When shim boots and sees the variable is set, it loads MokManager instead of grub.  
The MokManager then asks the user if they want to make the change.   If the user 
accepts the change, shim stores a new boot services variable and the MokListTrustedNew 
variable is deleted. Afterwards the machine is rebooted, shim creates the 
MokListTrustedRT based on the boot services variable previously set.