From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Dave Hansen <dave@linux.vnet.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH 04/14] evm: re-release
Date: Fri, 04 Jun 2010 10:53:32 -0400 [thread overview]
Message-ID: <1275663212.3205.12.camel@localhost.localdomain> (raw)
In-Reply-To: <1275661730.21231.32.camel@moss-pluto.epoch.ncsc.mil>
On Fri, 2010-06-04 at 10:28 -0400, Stephen Smalley wrote:
> On Wed, 2010-04-21 at 17:49 -0400, Mimi Zohar wrote:
> > EVM protects a file's security extended attributes against integrity
> > attacks. It maintains an HMAC-sha1 value across the extended attributes,
> > storing the value as the extended attribute 'security.evm'. EVM has gone
> > through a number of iterations, initially as an LSM module, subsequently
> > as a LIM integrity provider, and now, when co-located with a security_
> > hook, embedded directly in the security_ hook, similar to IMA.
> >
> > This is the first part of a local file integrity verification system.
> > While this part does authenticate the selected extended attributes, and
> > cryptographically bind them to the inode, coming extensions will bind
> > other directory and inode metadata for more complete protection. The
> > set of protected security extended attributes is configured at compile.
> >
> > EVM depends on the Kernel Key Retention System to provide it with the
> > kernel master key for the HMAC operation. The kernel master key is
> > securely loaded onto the root's keyring, typically by 'loadkernkey',
> > which either uses the TPM sealed secret key, if available, or a
> > password requested from the console. To signal EVM, that the key has
> > been loaded onto the keyring, 'echo 1 > <securityfs>/evm'. This is
> > normally done in the initrd, which has already been measured as part
> > of the trusted boot. (Refer to http://linux-ima.sourceforge.net/#EVM.)
>
> I don't remember this dependency on the kernel key system in prior
> incarnations of EVM. Can you explain the rationale for using it, and
> the implications?
This changed very early on, so that people without a TPM could 'play'
with it.
Mimi
next prev parent reply other threads:[~2010-06-04 14:53 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-21 21:49 [PATCH 00/14] EVM Mimi Zohar
2010-04-21 21:49 ` [PATCH 01/14] integrity: move ima inode integrity data management Mimi Zohar
2010-04-21 21:49 ` [PATCH 02/14] security: move LSM xattrnames to xattr.h Mimi Zohar
2010-04-21 21:49 ` [PATCH 03/14] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2010-04-26 18:50 ` Serge E. Hallyn
2010-04-21 21:49 ` [PATCH 04/14] evm: re-release Mimi Zohar
2010-04-26 21:03 ` Serge E. Hallyn
2010-06-04 14:28 ` Stephen Smalley
2010-06-04 14:53 ` Mimi Zohar [this message]
2010-06-04 15:20 ` Stephen Smalley
2010-06-04 18:08 ` David Safford
2010-04-21 21:49 ` [PATCH 05/14] ima: move ima_file_free before releasing the file Mimi Zohar
2010-04-21 21:49 ` [PATCH 06/14] security: imbed evm calls in security hooks Mimi Zohar
2010-04-21 21:49 ` [PATCH 07/14] evm: inode post removexattr Mimi Zohar
2010-04-21 21:49 ` [PATCH 08/14] evm: imbed evm_inode_post_setattr Mimi Zohar
2010-04-21 21:49 ` [PATCH 09/14] evm: inode_post_init Mimi Zohar
2010-04-21 21:49 ` [PATCH 10/14] fs: add evm_inode_post_init calls Mimi Zohar
2010-04-21 21:49 ` [PATCH 11/14] ima: integrity appraisal extension Mimi Zohar
2010-04-21 21:49 ` [PATCH 12/14] ima: appraise default rules Mimi Zohar
2010-04-21 21:49 ` [PATCH 13/14] ima: inode post_setattr Mimi Zohar
2010-04-21 21:49 ` [PATCH 14/14] ima: add ima_inode_setxattr and ima_inode_removexattr Mimi Zohar
2010-04-21 21:58 ` [PATCH 00/14] EVM Randy Dunlap
2010-04-21 22:18 ` Mimi Zohar
2010-04-21 22:23 ` Randy Dunlap
2010-04-21 22:41 ` Mimi Zohar
2010-05-31 0:20 ` James Morris
2010-05-31 10:02 ` Shaz
2010-05-31 10:08 ` Shaz
2010-06-01 19:28 ` Mimi Zohar
2010-06-02 7:03 ` Dmitry Kasatkin
2010-06-02 7:50 ` Shaz
2010-06-02 9:12 ` Dmitry Kasatkin
2010-06-02 10:15 ` Shaz
2010-06-02 10:23 ` Dmitry Kasatkin
2010-06-02 14:02 ` Mimi Zohar
2010-06-04 6:53 ` Shaz
2010-06-04 15:09 ` Mimi Zohar
2010-06-04 18:47 ` Shaz
2010-06-04 0:57 ` James Morris
2010-06-04 6:56 ` Shaz
2010-06-04 20:25 ` [ProbableSpam] " David Safford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1275663212.3205.12.camel@localhost.localdomain \
--to=zohar@linux.vnet.ibm.com \
--cc=dave@linux.vnet.ibm.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).