[PATCH v3 00/10] Add CA enforcement keyring restrictions
Eric Snowberg
eric.snowberg at oracle.com
Wed Dec 14 00:33:51 UTC 2022
Prior to the introduction of the machine keyring, most distros simply
allowed all keys contained within the platform keyring to be used
for both kernel and module verification. This was done by an out of
tree patch. Some distros took it even further and loaded all these keys
into the secondary trusted keyring. This also allowed the system owner
to add their own key for IMA usage.
Each distro contains similar documentation on how to sign kernel modules
and enroll the key into the MOK. The process is fairly straightforward.
With the introduction of the machine keyring, the process remains
basically the same, without the need for any out of tree patches.
The machine keyring allowed distros to eliminate the out of tree patches
for kernel module signing. However, it falls short in allowing the end
user to add their own keys for IMA. Currently the machine keyring can not
be used as another trust anchor for adding keys to the ima keyring, since
CA enforcement does not currently exist. This would expand the current
integrity gap. The IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
Kconfig states that keys may be added to the ima keyrings if the key is
validly signed by a CA cert in the system built-in or secondary trusted
keyring. Currently there is not code that enforces the contents of a
CA cert. Any key in the builtin or secondary keyring can be used.
To allow IMA to be enabled with the machine keyring, this series introduces
enforcement of key usage in the certificate. This series also applies
this enforcement across all kernel keyrings.
The machine keyring shares similarities with both the builtin and
secondary keyrings. Similar to the builtin, no keys may be added to the
machine keyring following boot. The secondary keyring allows user
provided keys to be added following boot; however, a previously enrolled
kernel key must vouch for the key before it may be included. The system
owner may include their own keys into the machine keyring prior to boot.
If the end-user is not the system owner, they may not add their own keys
to the machine keyring.
The machine keyring is only populated when Secure Boot is enabled. A
system owner has the ability to control the entire Secure Boot keychain
(PK, KEK, DB, and DBX). The system owner can also turn Secure Boot off.
With this control, they may use insert-sys-cert to include their own key
and re-sign their kernel and have it boot. The system owner also has
control to include or exclude MOK keys. This series does not try to
interpret how a system owner has configured their machine. If the system
owner has taken the steps to add their own MOK keys, they will be
included in the machine keyring and used for verification, exactly
the same way as keys contained in the builtin and secondary keyrings.
Since the system owner has the ability to add keys before booting to
either the machine or builtin keyrings, it is viewed as inconsequential
if the key originated from one or the other.
This series introduces two different ways to configure the machine keyring.
By default, nothing changes and all MOK keys are loaded into it. Whenever
a CA cert is found within the machine, builtin, or secondary, a flag
indicating this is stored in the public key struct. The other option is
if the new Kconfig INTEGRITY_CA_MACHINE_KEYRING is enabled, only CA certs
will be loaded into the machine keyring. All remaining MOK keys will be
loaded into the platform keyring.
A CA cert shall be defined as any X509 certificate that contains the
keyCertSign key usage and has the CA bit set to true.
With this series applied, CA enforcement is in place whenever
IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is enabled. Meaning,
before any key can be included into the ima keyring, it must be
vouched for by a CA key contained within the builtin, secondary, or
machine keyrings.
IMA allows userspace applications to be signed. The enduser may sign
their own application, however they may also want to use an application
provided by a 3rd party. The entity building the kernel, may not be the
same entity building the userspace program. The system owner may also
be a third entity. If the system owner trusts the entity building the
userspace program, they will include their public key within the MOK.
This key would be used to sign the key added to the ima keyring. Not all
3rd party userspace providers have the capability to properly manage a
root CA. Some may outsource to a different code signing provider. Many
code signing providers use Intermediate CA certificates. Therefore, this
series also includes support for Intermediate CA certificates.
This series could be broken up into 3 different parts. The first two
patches could be taken now. They solve current issues that will be
triggered by the build robots. Patches 3-8 add CA enforcement for the
ima keyring. Patches 9-10 restrict the machine keyring to only load CA
certs into it. Patches 9-10 require all the previous patches.
Changelog:
v3:
- Allow Intermediate CA certs to be enrolled through the MOK. The
Intermediate CA cert must contain keyCertSign key usage and have the
CA bit set to true. This was done by removing the self signed
requirement.
Eric Snowberg (10):
KEYS: Create static version of public_key_verify_signature
KEYS: Add missing function documentation
KEYS: X.509: Parse Basic Constraints for CA
KEYS: X.509: Parse Key Usage
KEYS: Introduce a CA endorsed flag
KEYS: Introduce keyring restriction that validates ca trust
KEYS: X.509: Flag Intermediate CA certs as endorsed
integrity: Use root of trust signature restriction
KEYS: CA link restriction
integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca
certs/system_keyring.c | 32 +++++++++-
crypto/asymmetric_keys/restrict.c | 76 +++++++++++++++++++++++
crypto/asymmetric_keys/x509_cert_parser.c | 31 +++++++++
crypto/asymmetric_keys/x509_parser.h | 2 +
crypto/asymmetric_keys/x509_public_key.c | 16 +++++
include/crypto/public_key.h | 30 +++++++++
include/keys/system_keyring.h | 12 +++-
include/linux/ima.h | 11 ++++
include/linux/key-type.h | 3 +
include/linux/key.h | 2 +
security/integrity/Kconfig | 11 +++-
security/integrity/digsig.c | 12 ++--
security/integrity/ima/Kconfig | 6 +-
security/keys/key.c | 13 ++++
14 files changed, 245 insertions(+), 12 deletions(-)
base-commit: 830b3c68c1fb1e9176028d02ef86f3cf76aa2476
--
2.27.0
More information about the Linux-security-module-archive
mailing list