Re: [Linux-ima-user] Deadlock after enabling EVM in fix mode

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 14/02/14 17:06, Mimi Zohar wrote:
> On Fri, 2014-02-14 at 13:21 +0000, Lipinski, MarekX wrote: 
>>> On 12/02/14 16:09, Mimi Zohar wrote:
>>>> I guess we'll find out. :)   Is there any reason for attempting to load
>>>> a kernel module, when hmac(sha1) should be built in?  We really want
>>>> to skip the modprobe entirely.  Wondering what would happen if the
>>>> modprobe proc entry was NULL...  It looks like the modprobe would be
>>> skipped.
>>>> The last line of crypto/api.c: crypto_larval_lookup() will simply call
>>>> crypto_larval_add() to add it.
>>> I actually have the same deadlock problem on Tizen platform when not using
>>> initramfs.
>> I tried to go through the crypto API and understand the process of
>> registering algorithms but it looks bit complex to me. 
> I'm guessing the modprobe is to find HW versions, before using the
> builtin one.
>
>>> For hacking purpose and not to mess up with modprobe I just added
>> this at
>>> the beginning of the evm_init_key().
>>> (...)
>> Other workaround, without modifying the code, is to build-in trusted
>> keys as they register hmac(sha1) during initialization stage. 
> Yes, but without an initramfs, it would be using the system's modprobe.
>
>>> But in real system, you still need to enable IMA/EVM BEFORE reading
>>> anything from storage....
>>> initramfs is one of the choices...
>> My plan is to inject the secured key inside the kernel during boot. I
>> hope that will work fine. 
> A 'real' solution will need to be compatible with secure boot.  I'm not
> sure this solution would be.
>
>> Regarding EVM I'm wondering why the hash/hmac algorithm is initialized
>> and freed every time the calculation is requested (init_desc/kfree). I
>> noticed that in IMA this approach was changed around 3.9 to single
>> initialization at startup. Wouldn't it bring performance improvement
>> if EVM is implemented the same way? Also for trusted keys crypto
>> algorithm initialization is done once, during startup. 
> Will add to the 'todo' list...
>
> thanks,
>
> Mimi
>
>

Hello,

In fact very early EVM code did preloading of crypto alg.
That was done probably due to this reason.
And executing modprobe before EVM is initialized is as safe as executing
EVM initialization script itself.
The bottom line is that nothing has to be executed from "unverified"
storage before IMA/EVM is initialized.

- Dmitry

------------------------------------------------------
+static struct crypto_hash *tfm_hmac;    /* preload crypto alg */
+static int __init init_evm(void)
+{
+    int error;
+
+    tfm_hmac = crypto_alloc_hash(evm_hmac, 0, CRYPTO_ALG_ASYNC);
+    error = evm_init_secfs();
+    if (error < 0) {
+        printk(KERN_INFO "EVM: Error registering secfs\n");
+        goto err;
+    }
+err:
+    return error;
+}
+
--------------------------------------------------------------------------------