Re: [PATCH v4 01/10] IMA: Defined an IMA hook to measure keys on key create or update

From: Lakshmi Ramasubramanian
Date: Thu Nov 07 2019 - 13:42:41 EST

Next message: Marco Elver: "Re: [PATCH v3 1/9] kcsan: Add Kernel Concurrency Sanitizer infrastructure"
Previous message: David Miller: "Re: [PATCH v3 0/6] Add namespace awareness to Netlink methods"
In reply to: Mimi Zohar: "Re: [PATCH v4 01/10] IMA: Defined an IMA hook to measure keys on key create or update"
Next in thread: Mimi Zohar: "Re: [PATCH v4 01/10] IMA: Defined an IMA hook to measure keys on key create or update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/6/2019 7:40 PM, Mimi Zohar wrote:

I would move the patch that defines the "keyring=" policy option prior
to this one. ÂInclude the call to process_buffer_measurement() in this
patch. ÂA subsequent patch would add support to defer measuring the
key, by calling a function named something like
ima_queue_key_measurement().

Mimi

As I'd stated in the other response, I wanted to isolate all key related
code in a separate C file and build it if and only if all CONFIG
dependencies are met.

The basic measuring of keys shouldn't be any different than any other
policy rule, other than it is a key and not a file. ÂThis is the
reason that I keep saying start out with the basics and then add
support to defer measuring keys on the trusted keyrings.

I'll make the changes, rearrange the patches and send an updated set.

I do have a few questions since I am still not fully understanding the requirements you are targeting. Appreciate if you could please clarify.

As you already know, I am using the "public key" of the given asymmetric key as the "buffer" to measure in process_buffer_measurement().

The measurement decision is not based on whether the keyring is a trusted one or an untrusted one. As long as the IMA policy allows (through the "keyrings=" option) the key will be measured.

Do you want only trusted keyrings to be allowed in the measurement?
In my opinion, that decision should be deferred to whoever is setting up the IMA policy.

Only the queueing code needed for measuring keys on the trusted
keyrings would be in a separate file.

Mimi

The decision to process key immediately or defer (queue) is based on whether IMA has been initialized or not. Keyring is not used for this decision.

Could you please clarify how queuing is related to keyring's trustworthiness?

The check for whether the key is an asymmetric one or not, and extracting the "public key" if it is an asymmetric key needs to be in a separate file to handle the CONFIG dependencies in IMA.

thanks,
-lakshmi

Next message: Marco Elver: "Re: [PATCH v3 1/9] kcsan: Add Kernel Concurrency Sanitizer infrastructure"
Previous message: David Miller: "Re: [PATCH v3 0/6] Add namespace awareness to Netlink methods"
In reply to: Mimi Zohar: "Re: [PATCH v4 01/10] IMA: Defined an IMA hook to measure keys on key create or update"
Next in thread: Mimi Zohar: "Re: [PATCH v4 01/10] IMA: Defined an IMA hook to measure keys on key create or update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]