On Wed, 2024-02-14 at 07:38 -0800, Tushar Sugandhi wrote: > The current Kernel behavior is IMA measurements snapshot is taken at > kexec 'load' and not at kexec 'execute'. IMA log is then carried > over to the new Kernel after kexec 'execute'. 'Kernel' should not be capitalized since it isn't a proper name. 'Linux' would be capitalized (e.g. The Linux kernel). -> "The IMA measurement list is copied at kexec 'load', not kexec 'execute', before being carried over to the new kexec'ed kernel. Mimi > > New events can be measured during/after the IMA log snapshot at kexec > 'load' and before the system boots to the new Kernel. In this scenario, > the TPM PCRs are extended with these events, but they are not carried > over to the new Kernel after kexec soft reboot since the snapshot is > already taken. This results in mismatch between TPM PCR quotes and the > actual IMA measurements list after kexec soft reboot, which in turn > results in remote attestation failure. > > To solve this problem - > - allocate the necessary buffer at kexec 'load' time, > - populate the buffer with the IMA measurements at kexec 'execute' time, > - and measure two new IMA events 'kexec_load' and 'kexec_execute' as > critical data to help detect missing events after kexec soft reboot. > > The solution details include: > - refactoring the existing code to allocate a buffer to hold IMA > measurements at kexec 'load', and dump the measurements at kexec > 'execute' > > - IMA functionality to suspend and resume measurements as needed during > buffer copy at kexec 'execute', > > - kexec functionality for mapping the segments from the current Kernel > to the subsequent one, > > - necessary changes to the kexec_file_load syscall, enabling it to call > the ima functions, > > - registering a reboot notifier which gets called during kexec > 'execute', > > - introducing a new Kconfig option to configure the extra memory to be > allocated for passing IMA log from the current Kernel to the next, > > - introducing two new events to be measured by IMA during kexec, to > help diagnose if the IMA log was copied fully or partially, from the > current Kernel to the next, > > - excluding IMA segment while calculating and storing digest in function > kexec_calculate_store_digests(), since IMA segment can be modified > after the digest is computed during kexec 'load'. This will ensure > that the segment is not added to the 'purgatory_sha_regions', and thus > not verified by verify_sha256_digest(). > > The changes proposed in this series ensure the integrity of the IMA > measurements is preserved across kexec soft reboots, thus significantly > improving the security of the Kernel post kexec soft reboots. > > There were previous attempts to fix this issue [1], [2], [3]. But they > were not merged into the mainline Kernel. > > We took inspiration from the past work [1] and [2] while working on this > patch series. > > V4 of this series is available here[6] for reference. >
