Re: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key... | linux-security-module

[PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
[PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-21
RE: [PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Roberto Sassu <roberto.sassu@huawei.com> · 2020-08-31
Re: [PATCH 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-31
[PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-21
RE: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-08-31
Re: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-31
[PATCH 04/11] evm: Check size of security.evm before using it · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 04/11] evm: Check size of security.evm before using it · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-24
[PATCH 05/11] evm: Allow xattr/attr operations for portable signatures if check fails · Roberto Sassu <roberto.sassu@huawei.com> · 2020-06-18
Re: [PATCH 05/11] evm: Allow xattr/attr operations for portable signatures if check fails · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-24
Re: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-21
Re: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-08-24
RE: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Roberto Sassu <roberto.sassu@huawei.com> · 2020-09-02
Re: [PATCH 01/11] evm: Execute evm_inode_init_security() only when the HMAC key is loaded · Mimi Zohar <zohar@linux.ibm.com> · 2020-09-02

Re: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2020-08-31 21:31:39
Also in: linux-integrity, lkml, stable

On Mon, 2020-08-31 at 08:24 +0000, Roberto Sassu wrote:

quoted

From: Mimi Zohar [mailto:zohar@linux.ibm.com]
Sent: Friday, August 21, 2020 10:15 PM
Hi Roberto,

On Thu, 2020-06-18 at 18:01 +0200, Roberto Sassu wrote:

quoted

Granting metadata write is safe if the HMAC key is not loaded, as it won't
let an attacker obtain a valid HMAC from corrupted xattrs.

evm_write_key()

quoted

however does not allow it if any key is loaded, including a public key,
which should not be a problem.

Why is the existing hebavior a problem?  What is the problem being
solved?

Hi Mimi

currently it is not possible to set EVM_ALLOW_METADATA_WRITES when
only a public key is loaded and the HMAC key is not. The patch removes
this limitation.

Yes, I understand.  You're describing "what" the problem is, not "why"
this is a problem.  Support for loading EVM HMAC and x509 certificates
isn't new.  Please add a line or two prior to this paragraph providing
the context for why this is now a problem.

Is the problem related to previoulsy not beginning EVM verification
until after the EVM HMAC key was loaded?  Or perhaps EVM signatures
were not that common since they weren't portable.   Now, with portable
and immutable signatures loading x509 certificates is more common.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help