Commit 7f313ff0 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity 

Pull integrity subsystem updates from Mimi Zohar:
 "Except for extending the 'encrypted' key type to support user provided
  data, the rest is code cleanup, __setup() usage bug fix, and a trivial
  change"

* tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  MAINTAINERS: add missing security/integrity/platform_certs
  EVM: fix the evm= __setup handler return value
  KEYS: encrypted: Instantiate key with user-provided decrypted data
  ima: define ima_max_digest_data struct without a flexible array variable
  ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS
  ima: Return error code obtained from securityfs functions
  MAINTAINERS: add missing "security/integrity" directory
  ima: Fix trivial typos in the comments
parents 2c5a5358 4a48b4c4

Documentation/security/keys/trusted-encrypted.rst

+19 −6
Original line number Diff line number Diff line
@@ -107,12 +107,13 @@ Encrypted Keys 
--------------



Encrypted keys do not depend on a trust source, and are faster, as they use AES

for encryption/decryption. New keys are created from kernel-generated random

numbers, and are encrypted/decrypted using a specified ‘master’ key. The

‘master’ key can either be a trusted-key or user-key type. The main disadvantage

of encrypted keys is that if they are not rooted in a trusted key, they are only

as secure as the user key encrypting them. The master user key should therefore

be loaded in as secure a way as possible, preferably early in boot.

for encryption/decryption. New keys are created either from kernel-generated

random numbers or user-provided decrypted data, and are encrypted/decrypted

using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or

user-key type. The main disadvantage of encrypted keys is that if they are not

rooted in a trusted key, they are only as secure as the user key encrypting

them. The master user key should therefore be loaded in as secure a way as

possible, preferably early in boot.





Usage
@@ -199,6 +200,8 @@ Usage:: 


    keyctl add encrypted name "new [format] key-type:master-key-name keylen"

        ring

    keyctl add encrypted name "new [format] key-type:master-key-name keylen

        decrypted-data" ring

    keyctl add encrypted name "load hex_blob" ring

    keyctl update keyid "update key-type:master-key-name"
@@ -303,6 +306,16 @@ Load an encrypted key "evm" from saved blob:: 
    82dbbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0

    24717c64 5972dcb82ab2dde83376d82b2e3c09ffc



Instantiate an encrypted key "evm" using user-provided decrypted data::



    $ keyctl add encrypted evm "new default user:kmk 32 `cat evm_decrypted_data.blob`" @u

    794890253



    $ keyctl print 794890253

    default user:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b382d

    bbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0247

    17c64 5972dcb82ab2dde83376d82b2e3c09ffc



Other uses for trusted and encrypted keys, such as for disk and file encryption

are anticipated.  In particular the new format 'ecryptfs' has been defined

in order to use encrypted keys to mount an eCryptfs filesystem.  More details

MAINTAINERS

+11 −0
Original line number Diff line number Diff line
@@ -7280,7 +7280,9 @@ Extended Verification Module (EVM) 
M:	Mimi Zohar <zohar@linux.ibm.com>

L:	linux-integrity@vger.kernel.org

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git

F:	security/integrity/evm/

F:	security/integrity/









EXTENSIBLE FIRMWARE INTERFACE (EFI)









M:	Ard Biesheuvel <ardb@kernel.org>








@@ -9537,6 +9539,7 @@ L:	linux-integrity@vger.kernel.org







S:	Supported









T:	git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git









F:	security/integrity/ima/









F:	security/integrity/

















INTEL 810/815 FRAMEBUFFER DRIVER









M:	Antonino Daplas <adaplas@gmail.com>








@@ -10675,6 +10678,14 @@ F:	include/linux/keyctl.h







F:	include/uapi/linux/keyctl.h









F:	security/keys/

















KEYS/KEYRINGS_INTEGRITY









M:	Jarkko Sakkinen <jarkko@kernel.org>









M:	Mimi Zohar <zohar@linux.ibm.com>









L:	linux-integrity@vger.kernel.org









L:	keyrings@vger.kernel.org









S:	Supported









F:	security/integrity/platform_certs

















KFENCE









M:	Alexander Potapenko <glider@google.com>









M:	Marco Elver <elver@google.com>
































security/integrity/evm/evm_main.c



+1
−1






























Original line number
Diff line number
Diff line







@@ -86,7 +86,7 @@ static int __init evm_set_fixmode(char *str)







	else









		pr_err("invalid \"%s\" mode", str);



















	return 0;









	return 1;









}









__setup("evm=", evm_set_fixmode);










































security/integrity/ima/ima_api.c



+5
−7






























Original line number
Diff line number
Diff line







@@ -217,14 +217,11 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,







	const char *audit_cause = "failed";









	struct inode *inode = file_inode(file);









	const char *filename = file->f_path.dentry->d_name.name;









	struct ima_max_digest_data hash;









	int result = 0;









	int length;









	void *tmpbuf;









	u64 i_version;









	struct {









		struct ima_digest_data hdr;









		char digest[IMA_MAX_DIGEST_SIZE];









	} hash;



















	/*









	 * Always collect the modsig, because IMA might have already collected








@@ -238,9 +235,10 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,







		goto out;



















	/*









	 * Dectecting file change is based on i_version. On filesystems









	 * which do not support i_version, support is limited to an initial









	 * measurement/appraisal/audit.









	 * Detecting file change is based on i_version. On filesystems









	 * which do not support i_version, support was originally limited









	 * to an initial measurement/appraisal/audit, but was modified to









	 * assume the file changed.









	 */









	i_version = inode_query_iversion(inode);









	hash.hdr.algo = algo;
































security/integrity/ima/ima_fs.c



+23
−8






























Original line number
Diff line number
Diff line







@@ -452,47 +452,61 @@ static const struct file_operations ima_measure_policy_ops = {

















int __init ima_fs_init(void)









{









	int ret;



















	ima_dir = securityfs_create_dir("ima", integrity_dir);









	if (IS_ERR(ima_dir))









		return -1;









		return PTR_ERR(ima_dir);



















	ima_symlink = securityfs_create_symlink("ima", NULL, "integrity/ima",









						NULL);









	if (IS_ERR(ima_symlink))









	if (IS_ERR(ima_symlink)) {









		ret = PTR_ERR(ima_symlink);









		goto out;









	}



















	binary_runtime_measurements =









	    securityfs_create_file("binary_runtime_measurements",









				   S_IRUSR | S_IRGRP, ima_dir, NULL,









				   &ima_measurements_ops);









	if (IS_ERR(binary_runtime_measurements))









	if (IS_ERR(binary_runtime_measurements)) {









		ret = PTR_ERR(binary_runtime_measurements);









		goto out;









	}



















	ascii_runtime_measurements =









	    securityfs_create_file("ascii_runtime_measurements",









				   S_IRUSR | S_IRGRP, ima_dir, NULL,









				   &ima_ascii_measurements_ops);









	if (IS_ERR(ascii_runtime_measurements))









	if (IS_ERR(ascii_runtime_measurements)) {









		ret = PTR_ERR(ascii_runtime_measurements);









		goto out;









	}



















	runtime_measurements_count =









	    securityfs_create_file("runtime_measurements_count",









				   S_IRUSR | S_IRGRP, ima_dir, NULL,









				   &ima_measurements_count_ops);









	if (IS_ERR(runtime_measurements_count))









	if (IS_ERR(runtime_measurements_count)) {









		ret = PTR_ERR(runtime_measurements_count);









		goto out;









	}



















	violations =









	    securityfs_create_file("violations", S_IRUSR | S_IRGRP,









				   ima_dir, NULL, &ima_htable_violations_ops);









	if (IS_ERR(violations))









	if (IS_ERR(violations)) {









		ret = PTR_ERR(violations);









		goto out;









	}



















	ima_policy = securityfs_create_file("policy", POLICY_FILE_FLAGS,









					    ima_dir, NULL,









					    &ima_measure_policy_ops);









	if (IS_ERR(ima_policy))









	if (IS_ERR(ima_policy)) {









		ret = PTR_ERR(ima_policy);









		goto out;









	}



















	return 0;









out:








@@ -503,5 +517,6 @@ int __init ima_fs_init(void)







	securityfs_remove(binary_runtime_measurements);









	securityfs_remove(ima_symlink);









	securityfs_remove(ima_dir);









	return -1;



















	return ret;









}