lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87wmcboqg4.fsf@>
Date: Wed, 26 Mar 2025 14:46:03 +0100
From: Nicolai Stange <nstange@...e.de>
To: Mimi Zohar <zohar@...ux.ibm.com>
Cc: Nicolai Stange <nstange@...e.de>,  Roberto Sassu
 <roberto.sassu@...wei.com>,  Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
  Eric Snowberg <eric.snowberg@...cle.com>,  Jarkko Sakkinen
 <jarkko@...nel.org>,  James Bottomley
 <James.Bottomley@...senPartnership.com>,  linux-integrity@...r.kernel.org,
  linux-security-module@...r.kernel.org,  linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v2 02/13] ima: always create runtime_measurements
 sysfs file for ima_hash

Mimi Zohar <zohar@...ux.ibm.com> writes:

> On Wed, 2025-03-26 at 09:21 +0100, Nicolai Stange wrote:
>> Mimi Zohar <zohar@...ux.ibm.com> writes:
>> 
>> > On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:

>> > "ima_hash" is the default file hash algorithm.  Re-using it as the default
>> > complete measurement list assumes that the subsequent kexec'ed kernels configure
>> > and define it as the default file hash algorithm as well, which might not be the
>> > case.
>> 
>> I don't really see why the ima_hashes would have to match between kexecs
>> for this to work -- all events' template hashes are getting recreated
>> from scratch anyway after kexec (ima_restore_measurement_list() ->
>> ima_calc_field_array_hash()).
>> 
>> That is, if ima_hash=sha256 first, and ima_hash=sha384 after kexec, one
>> would have *runtime_measurements_sha256 first and
>> *runtime_measurements_sha384 after kexec. And both had exclusively
>> template hashes of their respective algo in them each.
>> 
>> What am I missing?
>
> Your solution would work nicely, if the "ima_hash" algorithm could be guaranteed
> to be built into the kernel.  It's highly unlikely someone would choose a hash
> algorithm not built into kernel, but it is possible.  hash_setup() only verifies
> that the hash algorithm is a valid name.

But ima_init_ima_crypto(), hence the whole IMA __init, would fail if
ima_hash was unavailable at __init time?

Thanks,

Nicolai

> Either fix hash_setup() to guarantee that the chosen hash algorithm is built
> into the kernel or use the CONFIG_IMA_DEFAULT_HASH and add a Kconfig to select
> the hash algorithm.  This would be in lieu of v2 05/13.
>
>> > Drop this patch.
>> 
>> Fine by me, but just to confirm, in case there's no TPM attached and
>> SHA1 was disabled, there would be no /sys/*/*runtime_measurement* at all
>> then. Is that Ok?
>
> Of course not.  :)
>
>> ima_hash was chosen here only, because after this series, it will be the
>> only single algorithm guaranteed to be available.
>
> With the proposed changes to "[RFC PATCH v2 05/13] ima: select CRYPTO_SHA256
> from Kconfig', SHA256 would be added to the "extra" measurements if the TPM
> SHA256 bank is disabled.


-- 
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany
GF: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ