RE: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA

[PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
[PATCH v2 1/6] ima: Fix documentation-related warnings in ima_main.c · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
Re: [PATCH v2 1/6] ima: Fix documentation-related warnings in ima_main.c · Shuah Khan <skhan@linuxfoundation.org> · 2022-02-15
RE: [PATCH v2 1/6] ima: Fix documentation-related warnings in ima_main.c · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
[PATCH v2 2/6] ima: Always return a file measurement in ima_file_hash() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
[PATCH v2 3/6] bpf-lsm: Introduce new helper bpf_ima_file_hash() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
Re: [PATCH v2 3/6] bpf-lsm: Introduce new helper bpf_ima_file_hash() · Yonghong Song <hidden> · 2022-02-15
RE: [PATCH v2 3/6] bpf-lsm: Introduce new helper bpf_ima_file_hash() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
[PATCH v2 4/6] selftests/bpf: Add test for bpf_ima_file_hash() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
Re: [PATCH v2 4/6] selftests/bpf: Add test for bpf_ima_file_hash() · Shuah Khan <skhan@linuxfoundation.org> · 2022-02-15
[PATCH v2 5/6] bpf-lsm: Make bpf_lsm_kernel_read_file() as sleepable · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
[PATCH v2 6/6] selftests/bpf: Add test for bpf_lsm_kernel_read_file() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
Re: [PATCH v2 6/6] selftests/bpf: Add test for bpf_lsm_kernel_read_file() · Shuah Khan <skhan@linuxfoundation.org> · 2022-02-15
RE: [PATCH v2 6/6] selftests/bpf: Add test for bpf_lsm_kernel_read_file() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-15
RE: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-18
Re: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-25
RE: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-25
Re: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-25
Re: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-02-26
Re: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-27
RE: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-28
RE: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-02-28
Re: [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-02-28

From: Roberto Sassu <roberto.sassu@huawei.com>
Date: 2022-02-28 09:07:45
Also in: bpf, linux-integrity, linux-kselftest, lkml, netdev

From: Mimi Zohar [mailto:zohar@linux.ibm.com]
Sent: Friday, February 25, 2022 8:11 PM
On Fri, 2022-02-25 at 08:41 +0000, Roberto Sassu wrote:

quoted

From: Mimi Zohar [mailto:zohar@linux.ibm.com]
Sent: Friday, February 25, 2022 1:22 AM
Hi Roberto,

On Tue, 2022-02-15 at 13:40 +0100, Roberto Sassu wrote:

quoted

Extend the interoperability with IMA, to give wider flexibility for the
implementation of integrity-focused LSMs based on eBPF.

I've previously requested adding eBPF module measurements and signature
verification support in IMA.  There seemed to be some interest, but
nothing has been posted.

Hi Mimi

for my use case, DIGLIM eBPF, IMA integrity verification is
needed until the binary carrying the eBPF program is executed
as the init process. I've been thinking to use an appended
signature to overcome the limitation of lack of xattrs in the
initial ram disk.

I would still like to see xattrs supported in the initial ram disk.
Assuming you're still interested in pursuing it, someone would need to
review and upstream it.  Greg?

I could revise this work. However, since appended signatures
would work too, I would propose to extend this appraisal
mode to executables, if it is fine for you.

quoted

At that point, the LSM is attached and it can enforce an
execution policy, allowing or denying execution and mmap
of files depending on the digest lists (reference values) read
by the user space side.

After the LSM is attached, IMA's job would be just to calculate
the file digests (currently, I'm using an audit policy to ensure
that the digest is available when the eBPF program calls
bpf_ima_inode_hash()).

The main benefit of this patch set is that the audit policy
would not be required and digests are calculated only when
requested by the eBPF program.

Roberto, there's an existing eBPF integrity gap that needs to be
closed, perhaps not for your usecase, but in general.  Is that
something you can look into?

It could be possible I look into it.

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Zhong Ronghua

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help