Re: [Linux-ima-user] Initramfs and IMA Appraisal

From: Mimi Zohar
Date: Mon Dec 29 2014 - 22:06:37 EST


On Mon, 2014-12-29 at 18:25 -0800, David Lang wrote:
> On Mon, 29 Dec 2014, Mimi Zohar wrote:
>
> > Thanks Rob for the explanation. The problem is that ramfs does not
> > support extended attributes, while tmpfs does. The boot loader could
> > "measure" (trusted boot) the initramfs, but as the initramfs is
> > generated on the target system, the initramfs is not signed, preventing
> > it from being appraised (secure Boot). To close the initramfs integrity
> > appraisal gap requires verifying the individual initramfs file
> > signatures, which are stored as extended attributes.
>
> what's the point of checking the files on the filesystem against signatures
> stored on the same filesystem? If someone could alter the file contents they can
> alter the signatures as well.

It's all about limiting which public keys can be used to verify the file
signatures. As of 3.17, only keys signed by a "trusted" key on the
system keyring may be added to the IMA keyring.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/