[RFC] IMA: New IMA measurements for dm-crypt and selinux
tusharsu at linux.microsoft.com
Fri Apr 17 00:46:31 UTC 2020
On 2020-04-08 9:28 a.m., Milan Broz wrote:
> On 08/04/2020 12:19, Tushar Sugandhi wrote:
>> A. Measuring dmcrypt constructs:
>> We can add an IMA hook in crypt_ctr() present in
>> drivers/md/dm-crypt.c, so that IMA can start measuring the status of
>> various dm-crypt targets (represented by crypt_target struct - also
>> defined in dm-crypt.c).
> I do not think you should just cherry-pick dm-crypt here. What about other
> device-mapper targets? Apparently, dm-verity or dm-integrity are obvious
> candidates too.
> But device-mapper logic is based on stacking devices, so in generic case
> (not just in some very special embedded configuration) you need to measure
> the whole stack of devices.
> (Just imagine a target stacked below dm-crypt that decrypts the device or so. :-)
> Moreover, dm-crypt allows some specific actions like wiping and reloading
> of the encryption key through device-mapper dm-crypt message.
> If you check parameter only in crypt_ctr, this message path must be disabled,
> basically crippling dm-crypt functionality (it is intended to wipe key in-memory
> during hw suspend).
> IMO if you want implement something like IMA measurement, I think you should
> implement it in device-mapper core, and provide support for all targets.
I agree that this needs to be implemented in device-mapper core,
rather than highter applications like dm-crypt, dm-verity, or dm-integrity.
Functions like dm_table_create(), dm_table_destroy(),
dm_table_complete(), dm_table_add_target() etc. in drivers/md/dm-table.c
look like good
candidates to add hooks for IMA.
Please let me know if you have any other recommendations.
> I guess some new target specific callback is needed and some flags that
> could enforce/disable stacking if a IMA measurement is in place etc.
More information about the Linux-security-module-archive