Re: [PATCH v18 20/21] Documentation: add ipe documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 5/4/2024 1:04 AM, Bagas Sanjaya wrote:
On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
+IPE does not mitigate threats arising from malicious but authorized
+developers (with access to a signing certificate), or compromised
+developer tools used by them (i.e. return-oriented programming attacks).
+Additionally, IPE draws hard security boundary between userspace and
+kernelspace. As a result, IPE does not provide any protections against a
+kernel level exploit, and a kernel-level exploit can disable or tamper
+with IPE's protections.

So how to mitigate kernel-level exploits then?

One possible way is to use hypervisor to protect the kernel integrity. https://github.com/heki-linux is one project on this direction. Perhaps I should also add this link to the doc.

+Allow only initramfs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<snipped>...
+Allow any signed and validated dm-verity volume and the initramfs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<snipped>...

htmldocs build reports new warnings:

Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.

Allow any signed and validated dm-verity volume and the initramfs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.

Allow any signed and validated dm-verity volume and the initramfs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.

I have to match these sections underline length:

---- >8 ----
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
index 1a3bf1d8aa23f0..a47e14e024a90d 100644
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -681,7 +681,7 @@ Allow all
     DEFAULT action=ALLOW
Allow only initramfs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~
:: @@ -691,7 +691,7 @@ Allow only initramfs
     op=EXECUTE boot_verified=TRUE action=ALLOW
Allow any signed and validated dm-verity volume and the initramfs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: @@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
     op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
Allow any fs-verity file with a valid built-in signature
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: @@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
     op=EXECUTE fsverity_signature=TRUE action=ALLOW
Allow execution of a specific fs-verity file
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
+Additional Information
+----------------------
+
+- `Github Repository <https://github.com/microsoft/ipe>`_
+- Documentation/security/ipe.rst

Link title to both this admin-side and developer docs can be added for
disambiguation (to avoid confusion on readers):

---- >8 ----
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
index a47e14e024a90d..25b17e11559149 100644
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
This is the documentation for admins, system builders, or individuals
     attempting to use IPE. If you're looking for more developer-focused
-   documentation about IPE please see Documentation/security/ipe.rst
+   documentation about IPE please see :doc:`the design docs
+   </security/ipe>`.
Overview
  --------
@@ -748,7 +749,7 @@ Additional Information
  ----------------------
- `Github Repository <https://github.com/microsoft/ipe>`_
-- Documentation/security/ipe.rst
+- :doc:`Developer and design docs for IPE </security/ipe>`
FAQ
  ---
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index 07e3632241285d..fd1b1a852d2165 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
This is documentation targeted at developers, instead of administrators.
     If you're looking for documentation on the usage of IPE, please see
-   Documentation/admin-guide/LSM/ipe.rst
+   `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
Historical Motivation
  ---------------------

Thanks.


My apologies for these format issues and thanks for the suggestions. I will fix them.
-Fan




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux