On Tue, Oct 23, 2012 at 09:18:54AM -0400, Vivek Goyal wrote: [..] > > >> There are 3 options for trusting /sbin/kexec. There are IMA and EMA, > > >> and it is conceivable to have ELF note sections with signatures for > > >> executables. > > > > > > Can you please tell more about what is EMA and IMA. I did quick google > > > and could not find much. > > > > That should have been EVM and IMA. Look under security/integrity/. I > > don't know much about them but they appear to be security modules with a > > focus on verifying checksum or perhaps encrypted hashes of executables > > are consistent. > > I will do some quick search there and I see if I can understand something. > Ok, I quickly went through following paper. http://mirror.transact.net.au/sourceforge/l/project/li/linux-ima/linux-ima/Integrity_overview.pdf So it looks like that IMA can store the hashes of files and at execute time ensure those hashes are unchanged to protect against the possibility of modification of files. But what about creation of a new program which can call kexec_load() and execute an unsigned kernel. Doesn't look like that will be prevented using IMA. Whole idea behind UEFI secure boot seems to be that all signing happens outside the running system and now only signed code can run with higher priviliges. IMA seems to be only protecting against only making sure existing binaries are not modifed but it does not seem to prevent against installation of new binaries and these binaries take advantage of kexec system call to load an unsigned kernel. Thanks Vivek
