From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com,
linux-integrity@vger.kernel.org
Cc: sashal@kernel.org, dhowells@redhat.com,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org
Subject: [PATCH v9 0/3] IMA: Deferred measurement of keys
Date: Wed, 22 Jan 2020 17:32:03 -0800 [thread overview]
Message-ID: <20200123013206.8499-1-nramas@linux.microsoft.com> (raw)
The IMA subsystem supports measuring asymmetric keys when the key is
created or updated[1]. But keys created or updated before a custom IMA
policy is loaded are currently not measured. This includes keys added,
for instance, to either the .ima or .builtin_trusted_keys keyrings, which
happens early in the boot process.
Measuring the early boot keys, by design, requires loading a custom IMA
policy. This change adds support for queuing keys created or updated
before a custom IMA policy is loaded. The queued keys are processed when
a custom policy is loaded. Keys created or updated after a custom policy
is loaded are measured immediately (not queued). In the case when a
custom policy is not loaded within 5 minutes of IMA initialization, the
queued keys are freed.
[1] https://lore.kernel.org/linux-integrity/20191211164707.4698-1-nramas@linux.microsoft.com/
Changelog:
v9
=> Rebased the changes to v5.5-rc7
=> Defined an intermediate Kconfig boolean option namely
IMA_QUEUE_EARLY_BOOT_KEYS to declare the deferred key
measurement functions.
=> Use delayed workqueue to free the queued keys when a custom IMA
policy is not loaded.
v8
=> Rebased the changes to linux-next
=> Need to apply the following patch first
https://lore.kernel.org/linux-integrity/20200108160508.5938-1-nramas@linux.microsoft.com/
v7
=> Updated cover letter per Mimi's suggestions.
=> Updated "Reported-by" tag to be specific about
the issues fixed in the patch.
v6
=> Replaced mutex with a spinlock to sychronize access to
queued keys. This fixes the problem reported by
"kernel test robot <rong.a.chen@intel.com>"
https://lore.kernel.org/linux-integrity/2a831fe9-30e5-63b4-af10-a69f327f7fb7@linux.microsoft.com/T/#t
=> Changed ima_queue_key() to a static function. This fixes
the issue reported by "kbuild test robot <lkp@intel.com>"
https://lore.kernel.org/linux-integrity/1577370464.4487.10.camel@linux.ibm.com/
=> Added the patch to free the queued keys if a custom IMA policy
was not loaded to this patch set.
v5
=> Removed temp keys list in ima_process_queued_keys()
v4
=> Check and set ima_process_keys flag with mutex held.
v3
=> Defined ima_process_keys flag to be static.
=> Set ima_process_keys with ima_keys_mutex held.
=> Added a comment in ima_process_queued_keys() function
to state the use of temporary list for keys.
v2
=> Rebased the changes to v5.5-rc1
=> Updated function names, variable names, and code comments
to be less verbose.
v1
=> Code cleanup
v0
=> Based changes on v5.4-rc8
=> The following patchsets should be applied in that order
https://lore.kernel.org/linux-integrity/1572492694-6520-1-git-send-email-zohar@linux.ibm.com
https://lore.kernel.org/linux-integrity/20191204224131.3384-1-nramas@linux.microsoft.com/
=> Added functions to queue and dequeue keys, and process
the queued keys when custom IMA policies are applied.
Lakshmi Ramasubramanian (3):
IMA: Define workqueue for early boot key measurements
IMA: Call workqueue functions to measure queued keys
IMA: Defined delayed workqueue to free the queued keys
security/integrity/ima/Kconfig | 5 +
security/integrity/ima/Makefile | 1 +
security/integrity/ima/ima.h | 24 +++
security/integrity/ima/ima_asymmetric_keys.c | 8 +
security/integrity/ima/ima_init.c | 8 +-
security/integrity/ima/ima_policy.c | 3 +
security/integrity/ima/ima_queue_keys.c | 171 +++++++++++++++++++
7 files changed, 219 insertions(+), 1 deletion(-)
create mode 100644 security/integrity/ima/ima_queue_keys.c
--
2.17.1
next reply other threads:[~2020-01-23 1:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-23 1:32 Lakshmi Ramasubramanian [this message]
2020-01-23 1:32 ` [PATCH v9 1/3] IMA: Define workqueue for early boot key measurements Lakshmi Ramasubramanian
2020-01-23 14:19 ` Mimi Zohar
2020-01-23 1:32 ` [PATCH v9 2/3] IMA: Call workqueue functions to measure queued keys Lakshmi Ramasubramanian
2020-01-23 1:32 ` [PATCH v9 3/3] IMA: Defined delayed workqueue to free the " Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200123013206.8499-1-nramas@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).