| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87wmcboqg4.fsf@> Date: Wed, 26 Mar 2025 14:46:03 +0100 From: Nicolai Stange <nstange@...e.de> To: Mimi Zohar <zohar@...ux.ibm.com> Cc: Nicolai Stange <nstange@...e.de>, Roberto Sassu <roberto.sassu@...wei.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Eric Snowberg <eric.snowberg@...cle.com>, Jarkko Sakkinen <jarkko@...nel.org>, James Bottomley <James.Bottomley@...senPartnership.com>, linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [RFC PATCH v2 02/13] ima: always create runtime_measurements sysfs file for ima_hash Mimi Zohar <zohar@...ux.ibm.com> writes: > On Wed, 2025-03-26 at 09:21 +0100, Nicolai Stange wrote: >> Mimi Zohar <zohar@...ux.ibm.com> writes: >> >> > On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote: >> > "ima_hash" is the default file hash algorithm. Re-using it as the default >> > complete measurement list assumes that the subsequent kexec'ed kernels configure >> > and define it as the default file hash algorithm as well, which might not be the >> > case. >> >> I don't really see why the ima_hashes would have to match between kexecs >> for this to work -- all events' template hashes are getting recreated >> from scratch anyway after kexec (ima_restore_measurement_list() -> >> ima_calc_field_array_hash()). >> >> That is, if ima_hash=sha256 first, and ima_hash=sha384 after kexec, one >> would have *runtime_measurements_sha256 first and >> *runtime_measurements_sha384 after kexec. And both had exclusively >> template hashes of their respective algo in them each. >> >> What am I missing? > > Your solution would work nicely, if the "ima_hash" algorithm could be guaranteed > to be built into the kernel. It's highly unlikely someone would choose a hash > algorithm not built into kernel, but it is possible. hash_setup() only verifies > that the hash algorithm is a valid name. But ima_init_ima_crypto(), hence the whole IMA __init, would fail if ima_hash was unavailable at __init time? Thanks, Nicolai > Either fix hash_setup() to guarantee that the chosen hash algorithm is built > into the kernel or use the CONFIG_IMA_DEFAULT_HASH and add a Kconfig to select > the hash algorithm. This would be in lieu of v2 05/13. > >> > Drop this patch. >> >> Fine by me, but just to confirm, in case there's no TPM attached and >> SHA1 was disabled, there would be no /sys/*/*runtime_measurement* at all >> then. Is that Ok? > > Of course not. :) > >> ima_hash was chosen here only, because after this series, it will be the >> only single algorithm guaranteed to be available. > > With the proposed changes to "[RFC PATCH v2 05/13] ima: select CRYPTO_SHA256 > from Kconfig', SHA256 would be added to the "extra" measurements if the TPM > SHA256 bank is disabled. -- SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany GF: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)
Powered by blists - more mailing lists