Re: [PATCH v18 20/21] Documentation: add ipe documentation

[Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx>]

On 5/4/2024 1:04 AM, Bagas Sanjaya wrote:
> On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
> > +IPE does not mitigate threats arising from malicious but authorized
> > +developers (with access to a signing certificate), or compromised
> > +developer tools used by them (i.e. return-oriented programming attacks).
> > +Additionally, IPE draws hard security boundary between userspace and
> > +kernelspace. As a result, IPE does not provide any protections against a
> > +kernel level exploit, and a kernel-level exploit can disable or tamper
> > +with IPE's protections.
>
> So how to mitigate kernel-level exploits then?
One possible way is to use hypervisor to protect the kernel integrity. 
https://github.com/heki-linux is one project on this direction. Perhaps 
I should also add this link to the doc.

> > +Allow only initramfs
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > <snipped>...
> > +Allow any signed and validated dm-verity volume and the initramfs
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > <snipped>...
>
> htmldocs build reports new warnings:
>
> Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
>
> Allow any signed and validated dm-verity volume and the initramfs
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
>
> Allow any signed and validated dm-verity volume and the initramfs
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.
>
> I have to match these sections underline length:
>
> ---- >8 ----
> diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> index 1a3bf1d8aa23f0..a47e14e024a90d 100644
> --- a/Documentation/admin-guide/LSM/ipe.rst
> +++ b/Documentation/admin-guide/LSM/ipe.rst
> @@ -681,7 +681,7 @@ Allow all
>      DEFAULT action=ALLOW
>   
>   Allow only initramfs
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~
>   
>   ::
>   
> @@ -691,7 +691,7 @@ Allow only initramfs
>      op=EXECUTE boot_verified=TRUE action=ALLOW
>   
>   Allow any signed and validated dm-verity volume and the initramfs
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   
>   ::
>   
> @@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
>      op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
>   
>   Allow any fs-verity file with a valid built-in signature
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   
>   ::
>   
> @@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
>      op=EXECUTE fsverity_signature=TRUE action=ALLOW
>   
>   Allow execution of a specific fs-verity file
> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   
>   ::
>   
>
> > +Additional Information
> > +----------------------
> > +
> > +- `Github Repository <https://github.com/microsoft/ipe>`_
> > +- Documentation/security/ipe.rst
>
> Link title to both this admin-side and developer docs can be added for
> disambiguation (to avoid confusion on readers):
>
> ---- >8 ----
> diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> index a47e14e024a90d..25b17e11559149 100644
> --- a/Documentation/admin-guide/LSM/ipe.rst
> +++ b/Documentation/admin-guide/LSM/ipe.rst
> @@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
>   
>      This is the documentation for admins, system builders, or individuals
>      attempting to use IPE. If you're looking for more developer-focused
> -   documentation about IPE please see Documentation/security/ipe.rst
> +   documentation about IPE please see :doc:`the design docs
> +   </security/ipe>`.
>   
>   Overview
>   --------
> @@ -748,7 +749,7 @@ Additional Information
>   ----------------------
>   
>   - `Github Repository <https://github.com/microsoft/ipe>`_
> -- Documentation/security/ipe.rst
> +- :doc:`Developer and design docs for IPE </security/ipe>`
>   
>   FAQ
>   ---
> diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
> index 07e3632241285d..fd1b1a852d2165 100644
> --- a/Documentation/security/ipe.rst
> +++ b/Documentation/security/ipe.rst
> @@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
>   
>      This is documentation targeted at developers, instead of administrators.
>      If you're looking for documentation on the usage of IPE, please see
> -   Documentation/admin-guide/LSM/ipe.rst
> +   `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
>   
>   Historical Motivation
>   ---------------------
>
> Thanks.

My apologies for these format issues and thanks for the suggestions. I 
will fix them.
-Fan