Re: [PATCH v2 00/15] ima: digest list feature

From: Matthew Garrett
Date: Thu Nov 09 2017 - 09:48:00 EST


On Thu, Nov 9, 2017 at 4:51 AM, Roberto Sassu <roberto.sassu@xxxxxxxxxx> wrote:
> On 11/8/2017 4:48 PM, Matthew Garrett wrote:
>> The code doing the parsing is in the initramfs, which has already been
>> measured at boot time. You can guarantee that it's being done by
>> trusted code.
>
>
> The parser can be executed in the initial ram disk, but everything
> accessed before the parser is executed will be measured/appraised
> without digest lists. To do signature-based remote attestation, where
> the verification consists on checking the signature of digests of
> measured files, it would be necessary to sign systemd, libraries,
> everything accessed before the parser, and the parser. If RPM headers
> are parsed by the kernel, measurement/appraisal will be done directly
> with digest lists.

There's no need to have a policy that measures those files, because
they're part of the already-measured initramfs. Just set the IMA
policy after you've loaded the digest list.

>>> The main problem is that the digest list measurement, performed when the
>>> parser accesses the file containing the RPM header, might not reflect
>>> what IMA uses for digest lookup.
>>
>>
>> Why not?
>
>
> I assumed you wanted to measure digest lists only at the time they are
> read by the parser, and not when they are read by IMA. If instead digest
> lists are verified again after conversion, the new workflow should be:
>
> 1) the kernel parses digest list metadata before systemd is executed
> 2) the kernel verifies the signature of digest lists (RPM headers) and
> add the digest of digest lists to the hash table, so that appraisal
> succeeds
> 3) systemd (with file signature) is executed
> 4) the parser (with file signature) is executed
> 5) the parser reads and converts the digest lists to the generic format,
> and writes them to a tmpfs filesystem
> 6) the parser generates a new digest list metadata file with the path of
> converted digest lists and sends the path of the new metadata to IMA
> 7) IMA reads the generic digest lists
>
> The measurement list should look like:
>
> 10 <digest> ima-sig <digest> boot_aggregate
> 10 <digest> ima-sig <digest> /etc/ima/digest_lists/metadata
> 10 <digest> ima-sig <digest> /usr/lib/systemd/systemd <signature>
> ...
> 10 <digest> ima-sig <digest> <parser> <signature>
> 10 <digest> ima-sig <digest> /tmp/metadata
>
>
> If parsing of RPM headers is done by the kernel, the measurement list
> will look like:
>
> 10 <digest> ima-ng <digest> boot_aggregate
> 10 <digest> ima-ng <digest> /etc/ima/digest_lists/metadata
>
>
> A built-in policy should enable appraisal of tmpfs. If not, patch 11/15
> disables digest lookup for appraisal. Since generic digest lists will
> have a security.ima extended attribute (they are mutable files),
> appraisal verification will succeed.
>
> With this solution, digital signatures cannot be required, because
> generic digest lists will have a HMAC. For appraisal, it becomes
> necessary to ensure that only digest lists written by the parser can be
> processed by IMA.

This seems very over-complicated, and it's unclear why the kernel
needs to open the file itself. You *know* that all of userland is
trustworthy at this point even in the absence of signatures. It seems
reasonable to provide a interface that allows userland to pass a
digest list to the kernel, in the same way that userland can pass an
IMA policy to the kernel. You can then restrict access to that
interface via an LSM.