On Wed, Oct 14, 2020 at 07:38:50AM -0400, Mimi Zohar wrote: > On Wed, 2020-10-14 at 17:35 +0800, Chester Lin wrote: > > Hi Ard & Mimi, > > > > On Tue, Oct 13, 2020 at 06:59:21PM +0200, Ard Biesheuvel wrote: > > > On Tue, 13 Oct 2020 at 18:46, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > > > > > > [Cc'ing linuxppc-dev@xxxxxxxxxxxxxxxx] > > > > > > > > On Tue, 2020-10-13 at 10:18 +0200, Ard Biesheuvel wrote: > > > > > Chester reports that it is necessary to introduce a new way to pass > > > > > the EFI secure boot status between the EFI stub and the core kernel > > > > > on ARM systems. The usual way of obtaining this information is by > > > > > checking the SecureBoot and SetupMode EFI variables, but this can > > > > > only be done after the EFI variable workqueue is created, which > > > > > occurs in a subsys_initcall(), whereas arch_ima_get_secureboot() > > > > > is called much earlier by the IMA framework. > > > > > > > > > > However, the IMA framework itself is started as a late_initcall, > > > > > and the only reason the call to arch_ima_get_secureboot() occurs > > > > > so early is because it happens in the context of a __setup() > > > > > callback that parses the ima_appraise= command line parameter. > > > > > > > > > > So let's refactor this code a little bit, by using a core_param() > > > > > callback to capture the command line argument, and deferring any > > > > > reasoning based on its contents to the IMA init routine. > > > > > > > > > > Cc: Chester Lin <clin@xxxxxxxx> > > > > > Cc: Mimi Zohar <zohar@xxxxxxxxxxxxx> > > > > > Cc: Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx> > > > > > Cc: James Morris <jmorris@xxxxxxxxx> > > > > > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > > > > > Link: https://lore.kernel.org/linux-arm-kernel/20200904072905.25332-2-clin@xxxxxxxx/ > > > > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > > > > > --- > > > > > v2: rebase onto series 'integrity: improve user feedback for invalid bootparams' > > > > > > > > Thanks, Ard. Based on my initial, limited testing on Power, it looks > > > > good, but I'm hesistant to include it in the integrity 5.10 pull > > > > request without it having been in linux-next and some additional > > > > testing. It's now queued in the next-integrity-testing branch awaiting > > > > some tags. > > > > > > > > Tested-by: Chester Lin <clin@xxxxxxxx> > > > > I have tested this patch on x86 VM. > > > > * System configuration: > > - Platform: QEMU/KVM > > - Firmware: EDK2/OVMF + secure boot enabled. > > - OS: SLE15-SP2 + SUSE's kernel-vanilla (=linux v5.9) + the follow commits > > from linux-next and upstream: > > * [PATCH v2] ima: defer arch_ima_get_secureboot() call to IMA init time > > https://www.spinics.net/lists/linux-efi/msg20645.html > > * e4d7e2df3a09 "ima: limit secure boot feedback scope for appraise" > > * 7fe2bb7e7e5c "integrity: invalid kernel parameters feedback" > > * 4afb28ab03d5 "ima: add check for enforced appraise option" > > > > * Logs with UEFI secure boot enabled: > > > > [ 0.000000] Linux version 5.9.0-858-g865c50e1d279-1.g8764d18-vanilla (geeko@b > > uildhost) (gcc (SUSE Linux) 10.2.1 20200825 [revision c0746a1beb1ba073c7981eb09f > > 55b3d993b32e5c], GNU ld (GNU Binutils; openSUSE Tumbleweed) 2.34.0.20200325-1) # > > 1 SMP Wed Oct 14 04:00:11 UTC 2020 (8764d18) > > [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.9.0-858-g865c50e1d279-1. > > g8764d18-vanilla root=UUID=5304c03e-4d8a-4d67-873a-32a32e57cdeb console=ttyS0,11 > > 5200 resume=/dev/disk/by-path/pci-0000:04:00.0-part4 mitigations=auto ignore_log > > level crashkernel=192M,high crashkernel=72M,low ima_appraise=off > > [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point regi > > sters' > > [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' > > [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' > > .... > > .... > > [ 1.720309] ima: Secure boot enabled: ignoring ima_appraise=off option > > [ 1.720314] ima: No TPM chip found, activating TPM-bypass! > > [ 1.722129] ima: Allocated hash algorithm: sha256 > > > Thank you for testing the options aren't being set in secure boot mode. > My main concern, however, is that IMA doesn't go into TPM-bypass mode. > Does this system have a TPM? > > Mimi > Last time I didn't emulate a TPM device in KVM so that's why the kernel couldn't find a TPM chip. I have tested this patch again with a virtual TPM 1.2 by running swtpm and here are some logs: ----- [ 0.000000] Linux version 5.9.0-858-g865c50e1d279-1.g8764d18-vanilla (geeko@b uildhost) (gcc (SUSE Linux) 10.2.1 20200825 [revision c0746a1beb1ba073c7981eb09f 55b3d993b32e5c], GNU ld (GNU Binutils; openSUSE Tumbleweed) 2.34.0.20200325-1) # 1 SMP Wed Oct 14 04:00:11 UTC 2020 (8764d18) [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.9.0-858-g865c50e1d279-1. g8764d18-vanilla root=UUID=5304c03e-4d8a-4d67-873a-32a32e57cdeb console=ttyS0,11 5200 resume=/dev/disk/by-path/pci-0000:04:00.0-part4 mitigations=auto ignore_log level crashkernel=192M,high crashkernel=72M,low ima_appraise=off [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point regi sters' ..... ..... [ 0.000000] efi: EFI v2.60 by EDK II [ 0.000000] efi: SMBIOS=0x7fe82000 ACPI=0x7feb0000 ACPI 2.0=0x7feb0014 MEMATTT R=0x7ef89698 RNG=0x7ea12e18 [ 0.000000] efi: seeding entropy pool [ 0.000000] random: fast init done [ 0.000000] SMBIOS 2.8 present. [ 0.000000] DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 0.000000] Hypervisor detected: KVM ..... ..... [ 1.957625] Linux agpgart interface v0.103 [ 1.961903] tpm_tis 00:04: 1.2 TPM (device-id 0x1, rev-id 1) [ 1.966306] tpm tpm0: starting up the TPM manually [ 1.981753] ahci 0000:00:1f.2: version 3.0 [ 1.984503] PCI Interrupt Link [GSIA] enabled at IRQ 16 ..... ..... [ 2.086645] ima: Secure boot enabled: ignoring ima_appraise=off option [ 2.086650] ima: Allocated hash algorithm: sha256 [ 2.100662] evm: Initialising EVM extended attributes: [ 2.100689] audit: type=1807 audit(1602760724.564:2): action=measure func=KEX EC_KERNEL_CHECK res=1 [ 2.101849] evm: security.selinux [ 2.101849] evm: security.apparmor [ 2.101849] evm: security.ima [ 2.101850] evm: security.capability [ 2.101850] evm: HMAC attrs: 0x1 [ 2.102083] PM: Magic number: 8:588:327 [ 2.106723] audit: type=1807 audit(1602760724.564:3): action=measure func=MODD ULE_CHECK res=1 [ 2.118761] RAS: Correctable Errors collector initialized. ..... ----- In terms of TPM 2.0, swtpm seems to have issues while running the selftest so I verified this patch on my laptop as well because it has a real TPM 2.0 chip: ----- [ 0.000000] microcode: microcode updated early to revision 0xd6, date = 2020- 04-27 [ 0.000000] Linux version 5.9.0-858-g865c50e1d279-1.g8764d18-vanilla (geeko@b uildhost) (gcc (SUSE Linux) 10.2.1 20200825 [revision c0746a1beb1ba073c7981eb09f 55b3d993b32e5c], GNU ld (GNU Binutils; openSUSE Tumbleweed) 2.34.0.20200325-1) # 1 SMP Wed Oct 1404:00:11 UTC 2020 (8764d18) [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.9.0-858-g865c50e1d279-1. g8764d18-vanilla root=UUID=2184bbb7-780e-48a2-98b8-3a8cd3366e5e splash=silent re sume=/dev/disk/by-id/ata-INTEL_SSDSCKKF512G8_SATA_512GB_BTLA82850G3E512K-part3 i gnore_loglevel crashkernel=222M,high crashkernel=72M,low ima_appraise=log [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point regi sters' ..... ..... [ 0.000000] efi: EFI v2.60 by American Megatrends [ 0.000000] efi: ACPI=0x7a34e000 ACPI 2.0=0x7a34e000 SMBIOS=0xf0000 SMBIOS 3. 0=0xf0020 TPMFinalLog=0x7ac8b000 ESRT=0x7b0e0018 MEMATTR=0x7762d018 RNG=0x7b133f 18 TPMEventLog=0x6ab96018 [ 0.000000] efi: seeding entropy pool [ 0.000000] random: fast init done [ 0.000000] SMBIOS 3.1.0 present. [ 0.000000] DMI: Dell Inc. Latitude 7490/0KP0FT, BIOS 1.14.0 01/22/2020 ..... ..... [ 7.182711] Non-volatile memory driver v1.3 [ 7.182748] Linux agpgart interface v0.103 [ 7.210826] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0xFC, rev-id 1) [ 7.234324] ahci 0000:00:17.0: version 3.0 ..... ..... [ 7.288573] integrity: Loading X.509 certificate: UEFI:MokListRT [ 7.289299] integrity: Loaded X.509 cert 'openSUSE Secure Boot CA: 6842600de22c4c477e95be23dfea9513e5971762' [ 7.289913] ima: Secure boot enabled: ignoring ima_appraise=log option [ 7.289921] ima: Allocated hash algorithm: sha256 [ 7.314854] evm: Initialising EVM extended attributes: [ 7.314878] audit: type=1807 audit(1602778176.572:2): action=measure func=KEXEC_KERNEL_CHECK res=1 [ 7.316656] evm: security.selinux [ 7.316659] evm: security.apparmor [ 7.318493] audit: type=1807 audit(1602778176.572:3): action=measure func=MODULE_CHECK res=1 [ 7.320092] evm: security.ima [ 7.320093] evm: security.capability [ 7.322554] evm: HMAC attrs: 0x1
