Menu
▾
▴
linux-ima-user
|
From: hassan A. <has...@gm...> - 2014-01-09 19:41:58
|
Hi! Does IMA require prior installation of Trusted-Grub? What I have understood is that IMA starts the measurements from Kernel level, kernel is modified such that it measures itself and also measures the application loaded (and eventually gets executed). But in this case where is that immutable code or in other words the core root of trust which starts the measurement when system is booted, which measure BIOS and so on.. So long story short, how do I maintain this chain of trust (immutable code (TPM) --> bootloader Stage 1 --> Stage 2 --> kernel ---> Applications) with out trusted grub? *--> means 'measures' A second question: is there IMA package available for ubuntu and SE Linux? best, HK |
|
From: Mimi Z. <zo...@li...> - 2014-01-12 15:11:17
|
On Thu, 2014-01-09 at 20:41 +0100, hassan Ahamad wrote: > Hi! > > Does IMA require prior installation of Trusted-Grub? What I have understood > is that IMA starts the measurements from Kernel level, kernel is modified > such that it measures itself and also measures the application loaded (and > eventually gets executed). But in this case where is that immutable code or > in other words the core root of trust which starts the measurement when > system is booted, which measure BIOS and so on.. > > So long story short, how do I maintain this chain of trust (immutable code > (TPM) --> bootloader Stage 1 --> Stage 2 --> kernel ---> Applications) with > out trusted grub? > > *--> means 'measures' Right, each layer is suppose to measure the next layer before transferring control. So the boot loader needs to measure the kernel. As part of UEFI secure boot, grub2 calculates the kernel hash in order to verify the kernel signature. Whether or not the hash is also added to the PCR, I'm not sure. The boot-aggregrate, the first IMA measurement list entry, is a hash of the bios measurements (PCRs 0 - 7). Refer to the IMA LTP test cases for how to verify the boot-aggregate. > A second question: is there IMA package available for ubuntu and SE Linux? For measurement, the kernel needs to be configured with CONFIG_IMA enabled. The builtin policy 'ima_tcb' needs to be specified on the boot command line. There are dracut patches for loading a different policy, but unlike for appraisal, no other packages are required. thanks, Mimi |
|
From: Peter M. <pm...@go...> - 2014-01-12 19:13:39
|
On Sun, Jan 12 2014 at 07:11, Mimi Zohar wrote: > On Thu, 2014-01-09 at 20:41 +0100, hassan Ahamad wrote: >> A second question: is there IMA package available for ubuntu and SE Linux? > > For measurement, the kernel needs to be configured with CONFIG_IMA > enabled. The builtin policy 'ima_tcb' needs to be specified on the boot > command line. There are dracut patches for loading a different policy, > but unlike for appraisal, no other packages are required. IMA will be enabled in the ubuntu kernel starting with 14.04 (due to be released in April). You'll still need to include ima_tcb on the boot command line. Cheers, peter |
|
From: hassan A. <has...@gm...> - 2014-01-13 13:50:39
|
Are the linux - Debian distribution on which IMA is enabled? thanks! On Sun, Jan 12, 2014 at 7:19 PM, Peter Moody <pm...@go...> wrote: > > On Sun, Jan 12 2014 at 07:11, Mimi Zohar wrote: > > On Thu, 2014-01-09 at 20:41 +0100, hassan Ahamad wrote: > > >> A second question: is there IMA package available for ubuntu and SE > Linux? > > > > For measurement, the kernel needs to be configured with CONFIG_IMA > > enabled. The builtin policy 'ima_tcb' needs to be specified on the boot > > command line. There are dracut patches for loading a different policy, > > but unlike for appraisal, no other packages are required. > > IMA will be enabled in the ubuntu kernel starting with 14.04 (due to be > released in April). You'll still need to include ima_tcb on the boot > command line. > > Cheers, > peter > |
|
From: Mimi Z. <zo...@li...> - 2014-01-13 14:49:10
|
On Mon, 2014-01-13 at 14:50 +0100, hassan Ahamad wrote: > Are the linux - Debian distribution on which IMA is enabled? > > thanks! Unless something has recently changed, Debian has not enabled IMA/IMA-appraisal. A direct-io lockdep prevents Debian from even booting with 'CONCURENNCY=Makefile' specified in /etc/init.d/rc. Dmitry Kasatkin posted a method for resolving the direct-io lockdep. I recently posted a different method for resolving it - http://marc.info/?l=linux-security-module&m=138919062430367&w=2 Still waiting for comments... thanks, Mimi > On Sun, Jan 12, 2014 at 7:19 PM, Peter Moody <pm...@go...> wrote: > > > > > On Sun, Jan 12 2014 at 07:11, Mimi Zohar wrote: > > > On Thu, 2014-01-09 at 20:41 +0100, hassan Ahamad wrote: > > > > >> A second question: is there IMA package available for ubuntu and SE > > Linux? > > > > > > For measurement, the kernel needs to be configured with CONFIG_IMA > > > enabled. The builtin policy 'ima_tcb' needs to be specified on the boot > > > command line. There are dracut patches for loading a different policy, > > > but unlike for appraisal, no other packages are required. > > > > IMA will be enabled in the ubuntu kernel starting with 14.04 (due to be > > released in April). You'll still need to include ima_tcb on the boot > > command line. > > > > Cheers, > > peter |
|
From: hassan A. <has...@gm...> - 2014-01-14 12:41:00
|
I somehow made IMA work on Ubuntu by compiling the kernel. However I can see the measurements from IMA by using this command "sudo cat /sys/kernel/security/ima/ascii_runtime_measurements", But I haven't installed trusted-grub, this again confuses me that how the chain of trust will establish now and are the measurements trusted in this case. My PCR values are as follows, PCR-00: 85 E6 B9 77 94 E3 82 BE 32 4E 41 2D 95 B2 4E 1E AD F9 56 43 PCR-01: B8 BA F4 EE 74 F6 80 D0 D4 CB 63 A0 2F EF EF 8E 47 84 75 40 PCR-02: A8 05 55 7E 91 15 7A 6A 4B BA EA 1A ED 27 24 49 85 B7 C1 53 PCR-03: B2 A8 3B 0E BF 2F 83 74 29 9A 5B 2B DF C3 1E A9 55 AD 72 36 PCR-04: AE BB AA DE 80 69 6A FA A5 C8 FD 3B 7C 7D 20 65 DE D4 76 7A PCR-05: 45 A3 23 38 2B D9 33 F0 8E 7F 0E 25 6B C8 24 9E 40 95 B1 EC PCR-06: B2 A8 3B 0E BF 2F 83 74 29 9A 5B 2B DF C3 1E A9 55 AD 72 36 PCR-07: 34 48 2A E9 49 56 72 4C 0D FD C3 EB 58 59 6A D5 43 73 DC A2 PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-10: 91 66 AE 16 0D E4 00 44 51 C0 19 71 6B 90 19 BA 08 65 7C D2 PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-21: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 thanks, HK On Mon, Jan 13, 2014 at 3:48 PM, Mimi Zohar <zo...@li...>wrote: > On Mon, 2014-01-13 at 14:50 +0100, hassan Ahamad wrote: > > Are the linux - Debian distribution on which IMA is enabled? > > > > thanks! > > Unless something has recently changed, Debian has not enabled > IMA/IMA-appraisal. A direct-io lockdep prevents Debian from even > booting with 'CONCURENNCY=Makefile' specified in /etc/init.d/rc. Dmitry > Kasatkin posted a method for resolving the direct-io lockdep. I > recently posted a different method for resolving it - > http://marc.info/?l=linux-security-module&m=138919062430367&w=2 > > Still waiting for comments... > > thanks, > > Mimi > > > On Sun, Jan 12, 2014 at 7:19 PM, Peter Moody <pm...@go...> wrote: > > > > > > > > On Sun, Jan 12 2014 at 07:11, Mimi Zohar wrote: > > > > On Thu, 2014-01-09 at 20:41 +0100, hassan Ahamad wrote: > > > > > > >> A second question: is there IMA package available for ubuntu and SE > > > Linux? > > > > > > > > For measurement, the kernel needs to be configured with CONFIG_IMA > > > > enabled. The builtin policy 'ima_tcb' needs to be specified on the > boot > > > > command line. There are dracut patches for loading a different > policy, > > > > but unlike for appraisal, no other packages are required. > > > > > > IMA will be enabled in the ubuntu kernel starting with 14.04 (due to be > > > released in April). You'll still need to include ima_tcb on the boot > > > command line. > > > > > > Cheers, > > > peter > > |
|
From: Mimi Z. <zo...@li...> - 2014-01-14 14:43:31
|
On Tue, 2014-01-14 at 13:40 +0100, hassan Ahamad wrote: > I somehow made IMA work on Ubuntu by compiling the kernel. However I can > see the measurements from IMA by using this command "sudo cat > /sys/kernel/security/ima/ascii_runtime_measurements", But I haven't > installed trusted-grub, this again confuses me that how the chain of trust > will establish now and are the measurements trusted in this case. You're absolutely correct, something needs to measure the kernel and initramfs for there to be a measurement chain of trust. The problem is that trusted grub has been around for years, but has not been upstreamed for, lets leave it as, "political" reasons. The community has moved on to secure-boot, using grub2. For secure boot, a hash of the kernel image has to be calculated. The question is whether grub2 adds the measurement to a PCR. > My PCR values are as follows, A hash of the PCR 0 - 7 measurements are included in the IMA measurement list as the first entry. thanks, Mimi |
|
From: Peter J. <pj...@re...> - 2014-01-14 15:59:49
|
On Tue, Jan 14, 2014 at 09:43:16AM -0500, Mimi Zohar wrote:
> On Tue, 2014-01-14 at 13:40 +0100, hassan Ahamad wrote:
> > I somehow made IMA work on Ubuntu by compiling the kernel. However I can
> > see the measurements from IMA by using this command "sudo cat
> > /sys/kernel/security/ima/ascii_runtime_measurements", But I haven't
> > installed trusted-grub, this again confuses me that how the chain of trust
> > will establish now and are the measurements trusted in this case.
>
> You're absolutely correct, something needs to measure the kernel and
> initramfs for there to be a measurement chain of trust. The problem is
> that trusted grub has been around for years, but has not been upstreamed
> for, lets leave it as, "political" reasons. The community has moved on
> to secure-boot, using grub2. For secure boot, a hash of the kernel
> image has to be calculated. The question is whether grub2 adds the
> measurement to a PCR.
So it's not currently /quite/ that simple on a Secure Boot system, but
there's some chance we'll get closer to it being just that. Right now
you'd have to make shim also hash grub2 and add its measurement to a
PCR, as well as having grub2 do so for its config, the kernel, and any
initramfses to be loaded. Doing so on a UEFI machine isn't a particularly
difficult change to grub2 - but you may face the same political
problems. It's probably worth asking Vladimir Serbinenko, who I've
Cced, as he's the upstream maintainer of grub2.
That all being said, on a UEFI machine, the firmware normally starts a
binary using a pair of calls named LoadImage() and StartImage().
During normal operation, if a system is configured to use a TPM, these
calls will be doing the hashing and adding to the PCR. Currently, though,
if you're on a Secure Boot enabled system, shim is being loaded through
those, and then it's emulating those calls when verifying and loading
grub2. Currently shim isn't adding things to the PCR either, so that's
one more place that needs to do better. It's not particularly
difficult, though, we just haven't done it.
--
Peter
|
|
From: Vladimir 'φ-coder/p. S. <ph...@gm...> - 2014-01-14 18:31:02
Attachments:
signature.asc
|
On 14.01.2014 16:59, Peter Jones wrote: > PCR, as well as having grub2 do so for its config, the kernel, and any > initramfses to be loaded. Doing so on a UEFI machine isn't a particularly > difficult change to grub2 - but you may face the same political > problems. It's probably worth asking Vladimir Serbinenko, who I've > Cced, as he's the upstream maintainer of grub2. GRUB2 has RSA/DSA gnupg signature checking. Currently in mainstream it supports only detached GPG signatures but I have a branch where I work on PE signatures (phcoder/file_types). For me we could use either. In the same branch I also work on implementing partial checks (check only files needed to satisfy EFI stuff). This approach gives similar (if not better) security gurantees (unless rollback is a problem, usually it's not and preventing it prevents normal activity as backup restore as well) but has no political problems. The only part which may be politically problematic is enforcing this check depending on EFI variables but this would be a tiny patch remaining. Another advantage of this approach is easy integration with coreboot (just use GRUB2 as payload) I didn't finish this approach yet. Missing parts are file types (I still wait for answer from Peter Jones as to which files needs to be checked) and PE signatures (WIP). |
|
From: Mimi Z. <zo...@li...> - 2014-01-14 20:21:33
|
On Tue, 2014-01-14 at 19:30 +0100, Vladimir 'φ-coder/phcoder' Serbinenko wrote: > On 14.01.2014 16:59, Peter Jones wrote: > > PCR, as well as having grub2 do so for its config, the kernel, and any > > initramfses to be loaded. Doing so on a UEFI machine isn't a particularly > > difficult change to grub2 - but you may face the same political > > problems. It's probably worth asking Vladimir Serbinenko, who I've > > Cced, as he's the upstream maintainer of grub2. > GRUB2 has RSA/DSA gnupg signature checking. Currently in mainstream it > supports only detached GPG signatures but I have a branch where I work > on PE signatures (phcoder/file_types). For me we could use either. In > the same branch I also work on implementing partial checks (check only > files needed to satisfy EFI stuff). This approach gives similar (if not > better) security gurantees (unless rollback is a problem, usually it's > not and preventing it prevents normal activity as backup restore as > well) but has no political problems. The only part which may be > politically problematic is enforcing this check depending on EFI > variables but this would be a tiny patch remaining. Another advantage of > this approach is easy integration with coreboot (just use GRUB2 as > payload) I didn't finish this approach yet. Missing parts are file types > (I still wait for answer from Peter Jones as to which files needs to be > checked) and PE signatures (WIP). Thanks for responding! In order to verify the signatures, you're already calculating file hashes. Would it be possible to also extend the TPM with these hashes and add them to the measurement list? thanks, Mimi |
|
From: Vladimir 'φ-coder/p. S. <ph...@gm...> - 2014-01-14 20:35:45
Attachments:
signature.asc
|
On 14.01.2014 21:21, Mimi Zohar wrote: > On Tue, 2014-01-14 at 19:30 +0100, Vladimir 'φ-coder/phcoder' Serbinenko > wrote: >> On 14.01.2014 16:59, Peter Jones wrote: >>> PCR, as well as having grub2 do so for its config, the kernel, and any >>> initramfses to be loaded. Doing so on a UEFI machine isn't a particularly >>> difficult change to grub2 - but you may face the same political >>> problems. It's probably worth asking Vladimir Serbinenko, who I've >>> Cced, as he's the upstream maintainer of grub2. > >> GRUB2 has RSA/DSA gnupg signature checking. Currently in mainstream it >> supports only detached GPG signatures but I have a branch where I work >> on PE signatures (phcoder/file_types). For me we could use either. In >> the same branch I also work on implementing partial checks (check only >> files needed to satisfy EFI stuff). This approach gives similar (if not >> better) security gurantees (unless rollback is a problem, usually it's >> not and preventing it prevents normal activity as backup restore as >> well) but has no political problems. The only part which may be >> politically problematic is enforcing this check depending on EFI >> variables but this would be a tiny patch remaining. Another advantage of >> this approach is easy integration with coreboot (just use GRUB2 as >> payload) I didn't finish this approach yet. Missing parts are file types >> (I still wait for answer from Peter Jones as to which files needs to be >> checked) and PE signatures (WIP). > > Thanks for responding! In order to verify the signatures, you're > already calculating file hashes. Would it be possible to also extend > the TPM with these hashes and add them to the measurement list? > It's difficult to see which modules GRUB loads and in which order. I'd prefer using a key to tie together kernel and modules. This way whole GRUB core+modules+signed kernel could be single block for TPM. GRUB is part of GNU. As FSF project whether it has any TPM depends on FSF politics. I'm not up to a flamewar of how and why, I'm just stating the fact that as long as FSF has anti-TPM policy any admission of TPM-related code needs approval by FSF (approval on generic functionality, not on details) and I'd recommend taking it to them. I'm open to extending signatures with additional features but not a single TPM hash write could occur in upstream GRUB without FSF approval. Neverthelss I'd like to be kept in the loop about any branch that would use TPM. > thanks, > > Mimi > > |
|
From: hassan A. <has...@gm...> - 2014-01-16 14:48:55
|
TrustedGRUB is measuring the Linux kernel (see: http://projects.sirrix.com/trac/trustedgrub/wiki/Documentation). Thus the chain-of-trust, I was talking about (BIOS->TrustedGRUB->Linux-Kernel (with IMA)->applications), is complete. I am curious as IMA is only extending PCR 10. Which piece of code is extending PCR 0 - 7? On Tue, Jan 14, 2014 at 3:43 PM, Mimi Zohar <zo...@li...>wrote: > On Tue, 2014-01-14 at 13:40 +0100, hassan Ahamad wrote: > > I somehow made IMA work on Ubuntu by compiling the kernel. However I can > > see the measurements from IMA by using this command "sudo cat > > /sys/kernel/security/ima/ascii_runtime_measurements", But I haven't > > installed trusted-grub, this again confuses me that how the chain of > trust > > will establish now and are the measurements trusted in this case. > > You're absolutely correct, something needs to measure the kernel and > initramfs for there to be a measurement chain of trust. The problem is > that trusted grub has been around for years, but has not been upstreamed > for, lets leave it as, "political" reasons. The community has moved on > to secure-boot, using grub2. For secure boot, a hash of the kernel > image has to be calculated. The question is whether grub2 adds the > measurement to a PCR. > > > My PCR values are as follows, > > A hash of the PCR 0 - 7 measurements are included in the IMA measurement > list as the first entry. > > thanks, > > Mimi > > |
|
From: Mimi Z. <zo...@li...> - 2014-01-16 16:41:51
|
On Thu, 2014-01-16 at 15:48 +0100, hassan Ahamad wrote: > TrustedGRUB is measuring the Linux kernel (see: > http://projects.sirrix.com/trac/trustedgrub/wiki/Documentation). Thus the > chain-of-trust, I was talking about (BIOS->TrustedGRUB->Linux-Kernel (with > IMA)->applications), is complete. > > I am curious as IMA is only extending PCR 10. Which piece of code is > extending PCR 0 - 7? <securityfs>/tpm0/binary_bios_measurements contains the measurements that extend the PCRs 0 - 7. The IMA LTP testsuite contains examples how to verify PCRs and the boot-aggregate. Mimi |
|
From: Tamleek A. <tam...@gm...> - 2014-01-17 04:48:50
|
Hi, I guess the IMA start extending PCR 10 with ''boot-aggregate'' that already contains the previous measurements i.e. BIOS->TrustedGRUB etc. so the chain gets completed. Regards, Tamleek Ali On Thu, Jan 16, 2014 at 9:41 PM, Mimi Zohar <zo...@li...>wrote: > On Thu, 2014-01-16 at 15:48 +0100, hassan Ahamad wrote: > > TrustedGRUB is measuring the Linux kernel (see: > > http://projects.sirrix.com/trac/trustedgrub/wiki/Documentation). Thus > the > > chain-of-trust, I was talking about (BIOS->TrustedGRUB->Linux-Kernel > (with > > IMA)->applications), is complete. > > > > I am curious as IMA is only extending PCR 10. Which piece of code is > > extending PCR 0 - 7? > > <securityfs>/tpm0/binary_bios_measurements contains the measurements > that extend the PCRs 0 - 7. The IMA LTP testsuite contains examples how > to verify PCRs and the boot-aggregate. > > Mimi > > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > |
