Re: [RFC PATCH v1] fw_lockdown: new micro LSM module to prevent loading unsigned firmware

From: Andy Lutomirski
Date: Mon Apr 02 2018 - 20:42:29 EST

On 11/10/2017 01:02 PM, Mimi Zohar wrote:
If the kernel is locked down and IMA-appraisal is not enabled, prevent
loading of unsigned firmware.

diff --git a/security/fw_lockdown/Kconfig b/security/fw_lockdown/Kconfig
new file mode 100644
index 000000000000..d6aef6ce8fee
--- /dev/null
+++ b/security/fw_lockdown/Kconfig
@@ -0,0 +1,6 @@
+ bool "Prevent loading unsigned firmware"
+ depends on LOCK_DOWN_KERNEL
+ default y
+ help
+ Prevent loading unsigned firmware in lockdown mode,

Please be honest about what this does. This option makes your system useless if you don't use IMA-Appraisal and it offers a particular security benefit if you do you IMA-Appraisal. How about making it depend on IMA-Appraisal? Change the name to SECURITY_ONLY_LOAD_IMA_APPRAISED_FIRMWARE and adjust the text accordingly, please.

+ * fw_lockdown_read_file - prevent loading of unsigned firmware
+ * @file: pointer to firmware
+ * @read_id: caller identifier
+ *
+ * Prevent loading of unsigned firmware in lockdown mode.

That comment gives a highly misleading impression of what this function does.

+ */
+static int fw_lockdown_read_file(struct file *file, enum kernel_read_file_id id)