[PATCH] Carry forward IMA measurement log on kexec on x86_64

Jonathan McDowell noodles at fb.com
Thu Apr 28 10:40:52 UTC 2022


On Tue, Apr 26, 2022 at 02:10:58PM -0400, Mimi Zohar wrote:
> On Tue, 2022-04-26 at 16:48 +0000, Jonathan McDowell wrote:
> > Also there's an issue about the fact that we measure the kexec pieces
> > even if we don't actually do the kexec; there's no marker that confirms
> > the kexec took place. It's separate to this patch (in that it affects
> > the device tree kexec infrastructure too) but it's conceivable that an
> > attacker could measure in the new kernel details and not actually do the
> > kexec, and that's not distinguishable from the kexec happening.
> > 
> > One approach might be to add a marker in the kexec ima buffer such that
> > if it's not present we know the kexec hasn't happened, but I need to
> > think through that a bit more.
> 
> I'm not quite sure what you mean by "we measure the kexec pieces".  The
> kexec file load syscall calls kernel_read_file_from_fd() to read the
> kernel image into a buffer.  The measurement record included in the IMA
> measurement list a hash of the buffer data, which is exactly the same
> as the hash of the kernel image.
> 
> The kernel kexec self tests only do the kexec load, not the execute. 
> For each kexec execute you'll see an additional "boot_aggregate" record
> in the IMA measurement list.  At least for the moment I don't see a
> need for additional marker.

You're right, of course. I'd missed the fact we measure the
boot_aggregate into IMA_MEASURE_PCR_IDX on boot, so although we'll
update PCRs related to the kexec on load the IMA PCR won't get updated
until we've actually done the reboot. So no need for anything extra.

J.



More information about the Linux-security-module-archive mailing list