Re: [RFC PATCH 0/6][v3] ima: Support a mode to appraise signed filesonly
From: Vivek Goyal
Date: Thu Feb 14 2013 - 16:45:54 EST
On Thu, Feb 14, 2013 at 03:51:24PM -0500, Mimi Zohar wrote:
> On Thu, 2013-02-14 at 14:55 -0500, Vivek Goyal wrote:
> > Hi,
> > Currently ima appraises all the files as specified by the rule.
> Currently IMA appraises files based on policy.
And policy is composed of multiple rules. Ok, will change it.
> > So
> > if one wants to create a system where only few executables are
> > signed, that system will not work with IMA.
> This statement misrepresents the IMA policy. You can definitely define
> a policy that only measures/appraises a few specific files. In your
> usecase scenario, you are not willing to rely on LSM labels. Policy
> rules can also be based on file owner. We could also add support for
Ok, will change it. How about following.
We want to create a system where only few executables are signed. This
patch extends IMA policy syntax so that one can specify that signatures
> > With secureboot, one needs to disable kexec so that unsigned kernels
> > can't be booted. To avoid this problem, it was proposed that sign
> > /sbin/kexec binary and if signatures are verified successfully, give
> > an special capability to the /sbin/kexec process. And in secureboot
> > mode processes with that special capability can invoke sys_kexec()
> > system call.
> Please add here that you then rely on /sbin/kexec to verify the
> integrity of the kernel image.
Ok, will do that. This is infact a grey area. Yet to be figured out
how /sbin/kexec will ensure a signed kernel is being loaded.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/