diff options
| author | Mimi Zohar <zohar@linux.ibm.com> | 2021-01-15 07:46:52 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-01-15 07:54:11 +0300 |
| commit | e58bb688f2e44237990dfb68ea8cb2449efde7da (patch) | |
| tree | efa3f41a96dfdc7410912f3032211852ccbcdfbc /include | |
| parent | ccf11dbaa07b328fa469415c362d33459c140a37 (diff) | |
| parent | fdd1ffe8a812b1109388e4bc389e57b2695ad095 (diff) | |
| download | linux-e58bb688f2e44237990dfb68ea8cb2449efde7da.tar.xz | |
Merge branch 'measure-critical-data' into next-integrity
From "IMA: support for measuring kernel integrity critical data"
coverletter.
IMA measures files and buffer data such as keys, command-line arguments
passed to the kernel on kexec system call, etc. While these measurements
are necessary for monitoring and validating the integrity of the system,
they are not sufficient. Various data structures, policies, and states
stored in kernel memory also impact the integrity of the system.
Several kernel subsystems contain such integrity critical data -
e.g. LSMs like SELinux, AppArmor etc. or device-mapper targets like
dm-crypt, dm-verity, dm-integrity etc. These kernel subsystems help
protect the integrity of a system. Their integrity critical data is not
expected to change frequently during run-time. Some of these structures
cannot be defined as __ro_after_init, because they are initialized later.
For a given system, various external services/infrastructure tools
(including the attestation service) interact with it - both during the
setup and during rest of the system run-time. They share sensitive data
and/or execute critical workload on that system. The external services
may want to verify the current run-time state of the relevant kernel
subsystems before fully trusting the system with business critical
data/workload. For instance, verifying that SELinux is in "enforce" mode
along with the expected policy, disks are encrypted with a certain
configuration, secure boot is enabled etc.
This series provides the necessary IMA functionality for kernel
subsystems to ensure their configuration can be measured:
- by kernel subsystems themselves,
- in a tamper resistant way,
- and re-measured - triggered on state/configuration change.
This patch set:
- defines a new IMA hook ima_measure_critical_data() to measure
integrity critical data,
- limits the critical data being measured based on a label,
- defines a builtin critical data measurement policy,
- and includes an SELinux consumer of the new IMA critical data hook.
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/ima.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h index 7db9cca1af34..2ac834badbbe 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -31,6 +31,10 @@ extern void ima_post_path_mknod(struct dentry *dentry); extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); +extern void ima_measure_critical_data(const char *event_label, + const char *event_name, + const void *buf, size_t buf_len, + bool hash); #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM extern void ima_appraise_parse_cmdline(void); @@ -128,6 +132,12 @@ static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size } static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} + +static inline void ima_measure_critical_data(const char *event_label, + const char *event_name, + const void *buf, size_t buf_len, + bool hash) {} + #endif /* CONFIG_IMA */ #ifndef CONFIG_IMA_KEXEC |