On Tue, May 29, 2018 at 02:01:57PM -0400, Mimi Zohar wrote: > Luis, is the security_kernel_post_read_file LSM hook in > firmware_loading_store() still needed after this patch? Should it be > calling security_kernel_load_data() instead? That's up to Kees to decide as he added that hook, and knows what LSMs may be doing with it. From my perspective it is confusing to have that hook there so I think it could be removed now. Kees? Luis > > --- > > With an IMA policy requiring signed firmware, this patch prevents > the sysfs fallback method of loading firmware. > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> > Cc: Luis R. Rodriguez <mcgrof@xxxxxxxx> > Cc: David Howells <dhowells@xxxxxxxxxx> > Cc: Matthew Garrett <mjg59@xxxxxxxxxx> > --- > security/integrity/ima/ima_main.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c > index a565d46084c2..4a87f78098c8 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -475,8 +475,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, > > if (!file && read_id == READING_FIRMWARE) { > if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && > - (ima_appraise & IMA_APPRAISE_ENFORCE)) > + (ima_appraise & IMA_APPRAISE_ENFORCE)) { > + pr_err("Prevent firmware loading_store.\n"); > return -EACCES; /* INTEGRITY_UNKNOWN */ > + } > return 0; > } > > @@ -520,6 +522,12 @@ int ima_load_data(enum kernel_load_data_id id) > pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n"); > return -EACCES; /* INTEGRITY_UNKNOWN */ > } > + break; > + case LOADING_FIRMWARE: > + if (ima_appraise & IMA_APPRAISE_FIRMWARE) { > + pr_err("Prevent firmware sysfs fallback loading.\n"); > + return -EACCES; /* INTEGRITY_UNKNOWN */ > + } > default: > break; > } > -- > 2.7.5 > > -- Do not panic