Inter-revision diff: cover letter

Comparing v2 (message) to v3 (message) 

--- v2
+++ v3
@@ -1,3 +1,26 @@
+Hello,
+
+The main change in this version is that the process of first trying to
+verify a modsig and then trying an xattr sig if the former fails is now done
+in ima_appraise_measurement instead of process_measurement. As a result, the
+changes needed in the latter are small.
+
+This is possible because the file hash used to verify the modsig isn't used
+by IMA's collect step at all anymore. It's not suitable because the hash
+doesn't cover the appended signature at the end of the file.
+
+The hash algorithm used by ima_collect_measurement in the case of a file
+with a modsig will be the same one used before these patches: if there is an
+xattr signature its hash algorithm will be used, otherwise the IMA default
+hash algorithm will be used.
+
+Another noteworthy change is in ima_template_lib.c's ima_eventsig_init, to
+allow storing the modsig if the template requires storing the signature
+contents.
+
+There's a detailed changelog after the original cover letter describing the
+feature below:
+
 On the OpenPOWER platform, secure boot and trusted boot are being
 implemented using IMA for taking measurements and verifying signatures.
 Since the kernel image on Power servers is an ELF binary, kernels are
@@ -8,10 +31,6 @@
 It adds flexibility to OpenPOWER secure boot, because it allows it to boot
 kernels with the signature appended to them as well as kernels where the
 signature is stored in the IMA extended attribute.
-
-The first four patches are cleanups and improvements that can be taken
-independently from the others (and from each other as well). The last two
-are the ones actually focused on this feature.
 
 Since modsig is only supported on some specific hooks which don't get
 called often (cf. ima_hook_supports_modsig), it's possible to always check
@@ -29,6 +48,56 @@
 uses a different hash algorithm.
 
 These patches apply on top of today's linux-integrity/next.
+
+Changes since v2:
+- Patch "MODSIGN: Export module signature definitions."
+  - Put change introducing function verify_pkcs7_message_signature into
+    its own patch (suggested by Mimi Zohar).
+  - Shortened validate_module_signature to validate_module_sig.
+
+- Patch "PKCS#7: Introduce verify_pkcs7_message_sig"
+  - New patch in this series.
+  - Shortened verify_pkcs7_message_signature to verify_pkcs7_message_sig.
+
+- Patch "integrity: Introduce integrity_keyring_from_id"
+  - New patch in this series.
+
+- Patch "integrity: Select CONFIG_KEYS instead of depending on it"
+  - New patch in this series.
+
+- Patch "ima: Store measurement after appraisal"
+  - New patch in this series.
+  - Instead of creating function measure_and_appraise, simply call
+    ima_appraise_measurement before ima_store_measurement in
+    process_measurement (suggested by Mimi Zohar).
+
+- Patch "ima: Support appended signatures for appraisal"
+  - Put change introducing function integrity_keyring_from_id into
+    its own patch (suggested by Mimi Zohar).
+  - Put change to select CONFIG_KEYS in its own patch.
+  - Put change in the order of measure and appraise steps into
+    its own patch (suggested by Mimi Zohar).
+  - Add buf and size arguments to ima_appraise_measurement. Also,
+    pass xattr_value and xattr_len by reference so that the function can
+    change them to point to the modsig.
+  - Don't pass buf_len by reference in ima_read_modsig. It doesn't need
+    to be changed anymore now that the hash calculated by the collect step
+    covers the whole file instead of skipping the modsig at the end.
+  - Don't add pkcs7_get_message_sig. It's not necessary anymore. Ditto for
+    ima_get_modsig_hash_algo.
+  - Don't change ima_collect_measurement anymore to recalculate the file
+    hash if the algorithm is different, since now it doesn't have anything
+    to do with the hash used by the modsig.
+  - Don't change ima_get_hash_alog anymore to obtain the hash algo used by
+    the modsig, since it isn't used in the collect step.
+  - Change ima_appraise_measurement to check whether there is a modsig
+    before verifying the xattr if the policy rule allows a modsig.
+  - Use separate if clause to check result of evm_verifyxattr when
+    appraising modsig (suggested by Mimi Zohar).
+  - Use bool variable in ima_inode_setxattr to make code clearer (suggested
+    by Mimi Zohar).
+  - Don't define pr_fmt in ima_main.c.
+  - Renamed struct signature_modsig_hdr to modsig_hdr.
 
 Changes since v1:
 - Patch "integrity: Small code improvements"
@@ -66,44 +135,40 @@
   - Put modsig to measurement list if the template requires the signature
     contents. (suggested by Mimi).
 
-Thiago Jung Bauermann (6):
-  integrity: Small code improvements
-  ima: Simplify policy_func_show.
-  ima: Log the same audit cause whenever a file has no signature
+Thiago Jung Bauermann (7):
   integrity: Introduce struct evm_hmac_xattr
   MODSIGN: Export module signature definitions.
+  PKCS#7: Introduce verify_pkcs7_message_sig
+  integrity: Introduce integrity_keyring_from_id
+  integrity: Select CONFIG_KEYS instead of depending on it
+  ima: Store measurement after appraisal
   ima: Support module-style appended signatures for appraisal
 
- certs/system_keyring.c                    |  62 ++++++++---
- crypto/asymmetric_keys/pkcs7_parser.c     |  12 +++
- include/crypto/pkcs7.h                    |   3 +
+ certs/system_keyring.c                    |  60 ++++++++----
  include/linux/module.h                    |   3 -
- include/linux/module_signature.h          |  48 +++++++++
+ include/linux/module_signature.h          |  47 ++++++++++
  include/linux/verification.h              |  10 ++
  init/Kconfig                              |   6 +-
  kernel/Makefile                           |   2 +-
  kernel/module.c                           |   1 +
- kernel/module_signing.c                   |  74 ++++++-------
+ kernel/module_signing.c                   |  74 +++++++--------
  security/integrity/Kconfig                |   2 +-
- security/integrity/digsig.c               |  28 +++--
- security/integrity/digsig_asymmetric.c    |   4 +-
+ security/integrity/digsig.c               |  28 ++++--
  security/integrity/evm/evm.h              |   5 +
  security/integrity/evm/evm_crypto.c       |   2 +-
  security/integrity/evm/evm_main.c         |   8 +-
- security/integrity/iint.c                 |   2 +-
  security/integrity/ima/Kconfig            |  13 +++
  security/integrity/ima/Makefile           |   1 +
- security/integrity/ima/ima.h              |  78 ++++++++++++--
- security/integrity/ima/ima_api.c          |   2 +-
- security/integrity/ima/ima_appraise.c     |  52 +++++++---
- security/integrity/ima/ima_main.c         |  91 ++++++++++++----
- security/integrity/ima/ima_modsig.c       | 167 ++++++++++++++++++++++++++++++
- security/integrity/ima/ima_policy.c       |  82 ++++-----------
+ security/integrity/ima/ima.h              |  60 ++++++++++--
+ security/integrity/ima/ima_appraise.c     | 109 +++++++++++++++++++---
+ security/integrity/ima/ima_main.c         |   9 +-
+ security/integrity/ima/ima_modsig.c       | 147 ++++++++++++++++++++++++++++++
+ security/integrity/ima/ima_policy.c       |  26 ++++--
  security/integrity/ima/ima_template_lib.c |  14 ++-
- security/integrity/integrity.h            |  14 ++-
- 27 files changed, 591 insertions(+), 195 deletions(-)
+ security/integrity/integrity.h            |   7 +-
+ 22 files changed, 519 insertions(+), 115 deletions(-)
  create mode 100644 include/linux/module_signature.h
  create mode 100644 security/integrity/ima/ima_modsig.c
 
 -- 
-2.7.4
+2.13.0
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help