LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

ima: extending secure boot certifcate chain of trust

From:  Mimi Zohar <zohar@linux.vnet.ibm.com>
To:  linux-security-module@vger.kernel.org
Subject:  [PATCH 0/5] ima: extending secure boot certifcate chain of trust
Date:  Tue, 20 Aug 2013 14:36:25 -0400
Message-ID:  <1377023790-7611-1-git-send-email-zohar@linux.vnet.ibm.com>
Cc:  Mimi Zohar <zohar@linux.vnet.ibm.com>, keyrings <keyrings@linux-nfs.org>, David Howells <dhowells@redhat.com>
Archive-link:  Article, Thread 

IMA-appraisal enforces local file integrity based on either a hash
or digital signature stored as an extended attribute.  The public
keys are loaded on the '_ima' keyring, as early as possible, normally
during the initramfs.

This patch set extends the secure boot chain of trust to IMA-appraisal,
based on David Howells proposed 'trusted' keyring patches. The idea is
that the '_ima' keyring will require 'trusted' public keys, to extend
the chain of trust up into the filesystem.

Initially, only those keys signed by a built-in key (eg. module, or
local-ca) can be loaded on the '_ima' keyring.  Subsequently, instead
of requiring the kernel to be recompiled to embed the public 'local-ca'
key, future patches could load the UEFI MoKlist key on the system
trusted keyring.

Defining a 'local-ca' permits the computer/device owner to decide
which, if any, third party keys should be 'trusted' for IMA-appraisal.

This patch set adds support to verify that an x509 certificate
has been signed by a key on the system 'trusted' keyring, and creates
a new built-in 'trusted' keyring named '_ima'.

Mimi

Mimi Zohar (5):
  KEYS: make the system 'trusted' keyring viewable by userspace
  KEYS: verify a certificate is signed by a 'trusted' key
  KEYS: prevent replacing existing trusted keyring
  KEYS: initialize root uid and session keyrings early
  ima: define '_ima' as a builtin 'trusted' keyring

 crypto/asymmetric_keys/x509_public_key.c | 70 +++++++++++++++++++++++++++++++-
 include/uapi/linux/keyctl.h              |  1 +
 kernel/system_keyring.c                  |  6 +--
 security/integrity/digsig.c              | 24 ++++++++++-
 security/integrity/ima/Kconfig           |  8 ++++
 security/integrity/ima/ima_appraise.c    | 11 +++++
 security/integrity/integrity.h           |  2 +
 security/keys/Makefile                   |  1 +
 security/keys/key.c                      | 16 ++++++++
 security/keys/process_keys.c             |  4 ++
 security/keys/root_keyring.c             | 18 ++++++++
 11 files changed, 155 insertions(+), 6 deletions(-)
 create mode 100644 security/keys/root_keyring.c

-- 
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds