Re: [PATCH v18 20/21] Documentation: add ipe documentation

From: Bagas Sanjaya
Date: Sat May 04 2024 - 20:15:42 EST

On Sat, May 04, 2024 at 01:13:16PM -0700, Fan Wu wrote:
>
>
> On 5/4/2024 1:04 AM, Bagas Sanjaya wrote:
> > On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
> > > +IPE does not mitigate threats arising from malicious but authorized
> > > +developers (with access to a signing certificate), or compromised
> > > +developer tools used by them (i.e. return-oriented programming attacks).
> > > +Additionally, IPE draws hard security boundary between userspace and
> > > +kernelspace. As a result, IPE does not provide any protections against a
> > > +kernel level exploit, and a kernel-level exploit can disable or tamper
> > > +with IPE's protections.
> >
> > So how to mitigate kernel-level exploits then?
> >
> One possible way is to use hypervisor to protect the kernel integrity.
> https://github.com/heki-linux is one project on this direction. Perhaps I
> should also add this link to the doc.

OK.

>
> > > +Allow only initramfs
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > <snipped>...
> > > +Allow any signed and validated dm-verity volume and the initramfs
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > <snipped>...
> >
> > htmldocs build reports new warnings:
> >
> > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
> >
> > Allow any signed and validated dm-verity volume and the initramfs
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
> >
> > Allow any signed and validated dm-verity volume and the initramfs
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.
> >
> > I have to match these sections underline length:
> >
> > ---- >8 ----
> > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> > index 1a3bf1d8aa23f0..a47e14e024a90d 100644
> > --- a/Documentation/admin-guide/LSM/ipe.rst
> > +++ b/Documentation/admin-guide/LSM/ipe.rst
> > @@ -681,7 +681,7 @@ Allow all
> > DEFAULT action=ALLOW
> > Allow only initramfs
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~
> > ::
> > @@ -691,7 +691,7 @@ Allow only initramfs
> > op=EXECUTE boot_verified=TRUE action=ALLOW
> > Allow any signed and validated dm-verity volume and the initramfs
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ::
> > @@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
> > op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
> > Allow any fs-verity file with a valid built-in signature
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ::
> > @@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
> > op=EXECUTE fsverity_signature=TRUE action=ALLOW
> > Allow execution of a specific fs-verity file
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ::
> >
> > > +Additional Information
> > > +----------------------
> > > +
> > > +- `Github Repository <https://github.com/microsoft/ipe>`_
> > > +- Documentation/security/ipe.rst
> >
> > Link title to both this admin-side and developer docs can be added for
> > disambiguation (to avoid confusion on readers):
> >
> > ---- >8 ----
> > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> > index a47e14e024a90d..25b17e11559149 100644
> > --- a/Documentation/admin-guide/LSM/ipe.rst
> > +++ b/Documentation/admin-guide/LSM/ipe.rst
> > @@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
> > This is the documentation for admins, system builders, or individuals
> > attempting to use IPE. If you're looking for more developer-focused
> > - documentation about IPE please see Documentation/security/ipe.rst
> > + documentation about IPE please see :doc:`the design docs
> > + </security/ipe>`.
> > Overview
> > --------
> > @@ -748,7 +749,7 @@ Additional Information
> > ----------------------
> > - `Github Repository <https://github.com/microsoft/ipe>`_
> > -- Documentation/security/ipe.rst
> > +- :doc:`Developer and design docs for IPE </security/ipe>`
> > FAQ
> > ---
> > diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
> > index 07e3632241285d..fd1b1a852d2165 100644
> > --- a/Documentation/security/ipe.rst
> > +++ b/Documentation/security/ipe.rst
> > @@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
> > This is documentation targeted at developers, instead of administrators.
> > If you're looking for documentation on the usage of IPE, please see
> > - Documentation/admin-guide/LSM/ipe.rst
> > + `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
> > Historical Motivation
> > ---------------------
> >
> > Thanks.
> >
>
> My apologies for these format issues and thanks for the suggestions. I will
> fix them.

Oh, I forgot to also add :doc: directive for the last reference link:

---- >8 ----
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index fd1b1a852d2165..aa2e64d4119f3e 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation

This is documentation targeted at developers, instead of administrators.
If you're looking for documentation on the usage of IPE, please see
- `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
+ :doc:`IPE admin guide </admin-guide/LSM/ipe>`.

Historical Motivation
---------------------

Thanks.

--
An old man doll... just what I always wanted! - Clara

Attachment: signature.asc
Description: PGP signature