lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Jun 2019 17:14:07 +0200 From: Roberto Sassu <roberto.sassu@...wei.com> To: Mimi Zohar <zohar@...ux.ibm.com>, <dmitry.kasatkin@...wei.com>, <mjg59@...gle.com> CC: <linux-integrity@...r.kernel.org>, <linux-security-module@...r.kernel.org>, <linux-doc@...r.kernel.org>, <stable@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <silviu.vlasceanu@...wei.com> Subject: Re: [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status On 6/7/2019 5:08 PM, Mimi Zohar wrote: > On Fri, 2019-06-07 at 16:40 +0200, Roberto Sassu wrote: >>> On Thu, 2019-06-06 at 13:26 +0200, Roberto Sassu wrote: > >>>> Although this choice appears legitimate, it might not be suitable for >>>> hardened systems, where the administrator expects that access is denied if >>>> there is any error. An attacker could intentionally delete the EVM keys >>>> from the system and set the file digest in security.ima to the actual file >>>> digest so that the final appraisal status is INTEGRITY_PASS. >>> >>> Assuming that the EVM HMAC key is stored in the initramfs, not on some >>> other file system, and the initramfs is signed, INTEGRITY_UNKNOWN >>> would be limited to the rootfs filesystem. >> >> There is another issue. The HMAC key, like the public keys, should be >> loaded when appraisal is disabled. This means that we have to create a >> trusted key at early boot and defer the unsealing. > > There is no need for IMA to appraise the public key file signature, > since the certificate is signed by a key on the builtin/secondary > trusted keyring. With CONFIG_IMA_LOAD_X509 enabled, the public key > can be loaded onto the IMA keyring with IMA-appraisal enabled, but > without verifying the file signature. Yes, but access to the files containing the master key and the EVM key is denied if appraisal is enabled. Roberto -- HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Bo PENG, Jian LI, Yanli SHI
Powered by blists - more mailing lists