lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4efc1c73-6dc9-43ed-8143-74bb270f7fe7@linux.ibm.com>
Date: Tue, 28 Jan 2025 10:28:21 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: steven chen <chenste@...ux.microsoft.com>, zohar@...ux.ibm.com,
        roberto.sassu@...weicloud.com, petr@...arici.cz,
        eric.snowberg@...cle.com, paul@...l-moore.com, code@...icks.com,
        nramas@...ux.microsoft.com, James.Bottomley@...senPartnership.com,
        madvenka@...ux.microsoft.com
Cc: linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 7/7] ima: measure kexec load and exec events as critical
 data



On 1/24/25 5:55 PM, steven chen wrote:
> The amount of memory allocated at kexec load, even with the extra memory
> allocated, might not be large enough for the entire measurement list.  The
> indeterminate interval between kexec 'load' and 'execute' could exacerbate
> this problem.
> 
> Define two new IMA events, 'kexec_load' and 'kexec_execute', to be
> measured as critical data at kexec 'load' and 'execute' respectively.
> Report the allocated kexec segment size, IMA binary log size and the
> runtime measurements count as part of those events.
> 
> These events, and the values reported through them, serve as markers in
> the IMA log to verify the IMA events are captured during kexec soft
> reboot.  The presence of a 'kexec_load' event in between the last two
> 'boot_aggregate' events in the IMA log implies this is a kexec soft
> reboot, and not a cold-boot. And the absence of 'kexec_execute' event
> after kexec soft reboot implies missing events in that window which
> results in inconsistency with TPM PCR quotes, necessitating a cold boot
> for a successful remote attestation.
> 
> Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
> Author: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> Signed-off-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> Signed-off-by: steven chen <chenste@...ux.microsoft.com>
> ---
>   security/integrity/ima/ima_kexec.c | 23 +++++++++++++++++++++++
>   1 file changed, 23 insertions(+)
> 
> diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> index c9c916f69ca7..d416ca0382cb 100644
> --- a/security/integrity/ima/ima_kexec.c
> +++ b/security/integrity/ima/ima_kexec.c
> @@ -17,6 +17,8 @@
>   #include "ima.h"
>   
>   #ifdef CONFIG_IMA_KEXEC
> +#define IMA_KEXEC_EVENT_LEN 256
> +
>   static struct seq_file ima_kexec_file;
>   static void *ima_kexec_buffer;
>   static size_t kexec_segment_size;
> @@ -36,6 +38,24 @@ static void ima_free_kexec_file_buf(struct seq_file *sf)
>   	ima_reset_kexec_file(sf);
>   }
>   
> +static void ima_measure_kexec_event(const char *event_name)
> +{
> +	char ima_kexec_event[IMA_KEXEC_EVENT_LEN];
> +	size_t buf_size = 0;
> +	long len;
> +
> +	buf_size = ima_get_binary_runtime_size();
> +	len = atomic_long_read(&ima_htable.len);
> +
> +	scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN,
> +			"kexec_segment_size=%lu;ima_binary_runtime_size=%lu;"
> +			"ima_runtime_measurements_count=%ld;",
> +				kexec_segment_size, buf_size, len);
> +
> +	ima_measure_critical_data("ima_kexec", event_name, ima_kexec_event,
> +					strlen(ima_kexec_event), false, NULL, 0);
> +}
> +
>   static int ima_alloc_kexec_file_buf(size_t segment_size)
>   {
>   	/*
> @@ -60,6 +80,7 @@ static int ima_alloc_kexec_file_buf(size_t segment_size)
>   out:
>   	ima_kexec_file.read_pos = 0;
>   	ima_kexec_file.count = sizeof(struct ima_kexec_hdr);	/* reserved space */
> +	ima_measure_kexec_event("kexec_load");
>   
>   	return 0;
>   }
> @@ -206,6 +227,8 @@ static int ima_update_kexec_buffer(struct notifier_block *self,
>   
>   	if (ret)
>   		pr_err("Dump measurements failed. Error:%d\n", ret);
> +	else
> +		ima_measure_kexec_event("kexec_execute");
>   
>   	if (buf_size != 0)
>   		memcpy(ima_kexec_buffer, buf, buf_size);


I have been doing kexec's (on ppc64 KVM) applying one patch after 
another in this series and then testing with this command:

evmctl ima_measurement --ignore-violations 
/sys/kernel/security/ima/binary_runtime_measurements

Unfortunately it breaks at this patch. I am not sure what it is due to.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ