On Sat, May 04, 2024 at 01:13:16PM -0700, Fan Wu wrote: > > > On 5/4/2024 1:04 AM, Bagas Sanjaya wrote: > > On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote: > > > +IPE does not mitigate threats arising from malicious but authorized > > > +developers (with access to a signing certificate), or compromised > > > +developer tools used by them (i.e. return-oriented programming attacks). > > > +Additionally, IPE draws hard security boundary between userspace and > > > +kernelspace. As a result, IPE does not provide any protections against a > > > +kernel level exploit, and a kernel-level exploit can disable or tamper > > > +with IPE's protections. > > > > So how to mitigate kernel-level exploits then? > > > One possible way is to use hypervisor to protect the kernel integrity. > https://github.com/heki-linux is one project on this direction. Perhaps I > should also add this link to the doc. OK. > > > > +Allow only initramfs > > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > <snipped>... > > > +Allow any signed and validated dm-verity volume and the initramfs > > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > <snipped>... > > > > htmldocs build reports new warnings: > > > > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short. > > > > Allow any signed and validated dm-verity volume and the initramfs > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short. > > > > Allow any signed and validated dm-verity volume and the initramfs > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short. > > > > I have to match these sections underline length: > > > > ---- >8 ---- > > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst > > index 1a3bf1d8aa23f0..a47e14e024a90d 100644 > > --- a/Documentation/admin-guide/LSM/ipe.rst > > +++ b/Documentation/admin-guide/LSM/ipe.rst > > @@ -681,7 +681,7 @@ Allow all > > DEFAULT action=ALLOW > > Allow only initramfs > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > +~~~~~~~~~~~~~~~~~~~~ > > :: > > @@ -691,7 +691,7 @@ Allow only initramfs > > op=EXECUTE boot_verified=TRUE action=ALLOW > > Allow any signed and validated dm-verity volume and the initramfs > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > :: > > @@ -725,7 +725,7 @@ Allow only a specific dm-verity volume > > op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW > > Allow any fs-verity file with a valid built-in signature > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > :: > > @@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature > > op=EXECUTE fsverity_signature=TRUE action=ALLOW > > Allow execution of a specific fs-verity file > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > :: > > > > > +Additional Information > > > +---------------------- > > > + > > > +- `Github Repository <https://github.com/microsoft/ipe>`_ > > > +- Documentation/security/ipe.rst > > > > Link title to both this admin-side and developer docs can be added for > > disambiguation (to avoid confusion on readers): > > > > ---- >8 ---- > > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst > > index a47e14e024a90d..25b17e11559149 100644 > > --- a/Documentation/admin-guide/LSM/ipe.rst > > +++ b/Documentation/admin-guide/LSM/ipe.rst > > @@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE) > > This is the documentation for admins, system builders, or individuals > > attempting to use IPE. If you're looking for more developer-focused > > - documentation about IPE please see Documentation/security/ipe.rst > > + documentation about IPE please see :doc:`the design docs > > + </security/ipe>`. > > Overview > > -------- > > @@ -748,7 +749,7 @@ Additional Information > > ---------------------- > > - `Github Repository <https://github.com/microsoft/ipe>`_ > > -- Documentation/security/ipe.rst > > +- :doc:`Developer and design docs for IPE </security/ipe>` > > FAQ > > --- > > diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst > > index 07e3632241285d..fd1b1a852d2165 100644 > > --- a/Documentation/security/ipe.rst > > +++ b/Documentation/security/ipe.rst > > @@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation > > This is documentation targeted at developers, instead of administrators. > > If you're looking for documentation on the usage of IPE, please see > > - Documentation/admin-guide/LSM/ipe.rst > > + `IPE admin guide </admin-guide/LSM/ipe.rst>`_. > > Historical Motivation > > --------------------- > > > > Thanks. > > > > My apologies for these format issues and thanks for the suggestions. I will > fix them. Oh, I forgot to also add :doc: directive for the last reference link: ---- >8 ---- diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst index fd1b1a852d2165..aa2e64d4119f3e 100644 --- a/Documentation/security/ipe.rst +++ b/Documentation/security/ipe.rst @@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation This is documentation targeted at developers, instead of administrators. If you're looking for documentation on the usage of IPE, please see - `IPE admin guide </admin-guide/LSM/ipe.rst>`_. + :doc:`IPE admin guide </admin-guide/LSM/ipe>`. Historical Motivation --------------------- Thanks. -- An old man doll... just what I always wanted! - Clara
Attachment:
signature.asc
Description: PGP signature
