On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote: > IMA measures files and buffer data such as keys, command-line arguments > passed to the kernel on kexec system call, etc. While these measurements > are necessary for monitoring and validating the integrity of the system, > they are not sufficient. Various data structures, policies, and states > stored in kernel memory also impact the integrity of the system. > Several kernel subsystems contain such integrity critical data - > e.g. LSMs like SELinux, AppArmor etc. or device-mapper targets like > dm-crypt, dm-verity, dm-integrity etc. These kernel subsystems help > protect the integrity of a system. Their integrity critical data is not > expected to change frequently during run-time. Some of these structures > cannot be defined as __ro_after_init, because they are initialized later. > > For a given system, various external services/infrastructure tools > (including the attestation service) interact with it - both during the > setup and during rest of the system run-time. They share sensitive data > and/or execute critical workload on that system. The external services > may want to verify the current run-time state of the relevant kernel > subsystems before fully trusting the system with business critical > data/workload. For instance, verifying that SELinux is in "enforce" mode > along with the expected policy, disks are encrypted with a certain > configuration, secure boot is enabled etc. > > This series provides the necessary IMA functionality for kernel > subsystems to ensure their configuration can be measured: > - by kernel subsystems themselves, > - in a tamper resistant way, > - and re-measured - triggered on state/configuration change. > > This patch set: > - defines a new IMA hook ima_measure_critical_data() to measure > integrity critical data, > - limits the critical data being measured based on a label, > - defines a builtin critical data measurement policy, > - and includes an SELinux consumer of the new IMA critical data hook. Thanks Tushar, Lakshmi. This patch set is queued in the next- integrity-testing branch. Mimi
