[PATCH v7 0/7] ima: kexec: measure events between kexec load and excute
steven chen
chenste at linux.microsoft.com
Mon Feb 3 10:52:55 PST 2025
On 2/3/2025 10:42 AM, steven chen wrote:
> The current kernel behavior is IMA measurements snapshot is taken at
> kexec 'load' and not at kexec 'execute'. IMA log is then carried
> over to the new kernel after kexec 'execute'.
>
> New events can be measured during/after the IMA log snapshot at kexec
> 'load' and before the system boots to the new kernel. In this scenario,
> the TPM PCRs are extended with these events, but they are not carried
> over to the new kernel after kexec soft reboot since the snapshot is
> already taken. This results in mismatch between TPM PCR quotes and the
> actual IMA measurements list after kexec soft reboot, which in turn
> results in remote attestation failure.
>
> To solve this problem -
> - allocate the necessary buffer at kexec 'load' time,
> - populate the buffer with the IMA measurements at kexec 'execute' time,
> - and measure two new IMA events 'kexec_load' and 'kexec_execute' as
> critical data to help detect missing events after kexec soft reboot.
>
> The solution details include:
> - refactoring the existing code to allocate a buffer to hold IMA
> measurements at kexec 'load', and dump the measurements at kexec
> 'execute'
>
> - IMA functionality to suspend and resume measurements as needed during
> buffer copy at kexec 'execute',
>
> - kexec functionality for mapping the segments from the current kernel
> to the subsequent one,
>
> - necessary changes to the kexec_file_load syscall, enabling it to call
> the ima functions,
>
> - registering a reboot notifier which gets called during kexec
> 'execute',
>
> - introducing a new Kconfig option to configure the extra memory to be
> allocated for passing IMA log from the current Kernel to the next,
>
> - introducing two new events to be measured by IMA during kexec, to
> help diagnose if the IMA log was copied fully or partially, from the
> current Kernel to the next,
>
> - excluding IMA segment while calculating and storing digest in function
> kexec_calculate_store_digests(), since IMA segment can be modified
> after the digest is computed during kexec 'load'. This will ensure
> that the segment is not added to the 'purgatory_sha_regions', and thus
> not verified by verify_sha256_digest().
>
> The changes proposed in this series ensure the integrity of the IMA
> measurements is preserved across kexec soft reboots, thus significantly
> improving the security of the kernel post kexec soft reboots.
>
> There were previous attempts to fix this issue [1], [2], [3]. But they
> were not merged into the mainline kernel.
>
> We took inspiration from the past work [1] and [2] while working on this
> patch series.
>
> V4 of this series is available here[6] for reference.
>
> V5 of this series is available here[7] for reference.
>
> V6 of this series is available here[8] for reference.
>
> References:
> -----------
>
> [1] [PATHC v2 5/9] ima: on soft reboot, save the measurement list
> https://lore.kernel.org/lkml/1472596811-9596-6-git-send-email-zohar@linux.vnet.ibm.com/
>
> [2] PATCH v2 4/6] kexec_file: Add mechanism to update kexec segments.
> https://lkml.org/lkml/2016/8/16/577
>
> [3] [PATCH 1/6] kexec_file: Add buffer hand-over support
> https://lore.kernel.org/linuxppc-dev/1466473476-10104-6-git-send-email-bauerman@linux.vnet.ibm.com/T/
>
> [4] [PATCH v2 0/7] ima: kexec: measure events between kexec load and execute
> https://lore.kernel.org/all/20231005182602.634615-1-tusharsu@linux.microsoft.com/
>
> [5] [PATCH v3 0/7] ima: kexec: measure events between kexec load and execute
> https://lore.kernel.org/all/20231216010729.2904751-1-tusharsu@linux.microsoft.com/
>
> [6] [PATCH v4 0/7] ima: kexec: measure events between kexec load and execute
> https://lore.kernel.org/all/20240122183804.3293904-1-tusharsu@linux.microsoft.com/
>
> [7] [PATCH v5 0/8] ima: kexec: measure events between kexec load and execute
> https://lore.kernel.org/all/20240214153827.1087657-1-tusharsu@linux.microsoft.com/
>
> [8] [PATCH v6 0/7] ima: kexec: measure events between kexec load and execute
> https://lore.kernel.org/all/20250124225547.22684-1-chenste@linux.microsoft.com/
>
> Change Log v7:
> - Incorporated feedback from the community (Stefan Berger, Tyler Hicks)
> on v6 of this series[8].
> - Verified all the patches are bisect-safe by booting into each
> patch and verifying multiple kexec 'load' operations work,
> and also verifying kexec soft reboot works, and IMA log gets
> carried over for each patch.
>
> Change Log v6:
> - Incorporated feedback from the community (Stefan Berger, Mimi Zohar,
> and Petr Tesařík) on v5 of this series[7].
> - Rebased the patch series to mainline 6.12.0.
> - Verified all the patches are bisect-safe by booting into each
> patch and verifying multiple kexec 'load' operations work,
> and also verifying kexec soft reboot works, and IMA log gets
> carried over for each patch.
> - Compared the memory size allocated with memory size of the entire
> measurement record. If there is not enough memory, it will copy as many
> IMA measurement records as possible, and this situation will result
> in a failure of remote attestation.
> - [PATCH V5 6/8] was removed. Per petr comment on [PATCH V5 6/8], during
> the handover, other CPUs are taken offline (look for
> migrate_to_reboot_cpu() in kernel/kexec_core.c) and even the reboot CPU
> will be sufficiently shut down as not to be able to add any more
> measurements.
>
> Change Log v5:
> - Incorporated feedback from the community (Stefan Berger and
> Mimi Zohar) on v4 of this series[6].
> - Rebased the patch series to mainline 6.8.0-rc1.
> - Verified all the patches are bisect-safe by booting into each
> patch and verifying multiple kexec 'load' operations work,
> and also verifying kexec soft reboot works, and IMA log gets
> carried over for each patch.
> - Divided the patch #4 in the v4 of the series[6] into two separate
> patches. One to setup the infrastructure/stub functions to prepare
> the IMA log copy from Kexec 'load' to 'execute', and another one
> to actually copy the log.
> - Updated the config description for IMA_KEXEC_EXTRA_MEMORY_KB
> to remove unnecessary references related to backwards compatibility.
> - Fixed a typo in log message/removed an extra line etc.
> - Updated patch descriptions as necessary.
>
> Change Log v4:
> - Incorporated feedback from the community (Stefan Berger and
> Mimi Zohar) on v3 of this series[5].
> - Rearranged patches so that they remain bisect-safe i.e. the
> system can go through kexec soft reboot, and IMA log is carried
> over after each patch.
> - Verified all the patches are bisect-safe by booting into each
> patch and verifying kexec soft reboot works, and IMA log gets
> carried over.
> - Suspend-resume measurements is now a separate patch (patch #5)
> and all the relevant code is part of the same patch.
> - Excluding IMA segment from segment digest verification is now a
> separate patch. (patch #3).
> - Registering reboot notifier and functions related to move ima
> log copy from kexec load to execute are now part of the same
> patch (patch #4) to protect bisect-safeness of the series.
> - Updated the title of patch #6 as per the feedback.
> - The default value of kexec extra memory for IMA measurements
> is set to half the PAGESIZE to maintain backwards compatibility.
> - Added number of IMA measurement records as part of 'kexec_load'
> and 'kexec_execute' IMA critical data events.
> - Updated patch descriptions as necessary.
>
> Change Log v3:
> - Incorporated feedback from the community (Stefan Berger and
> Mimi Zohar) on v2 of this series[4].
> - Renamed functions and removed extraneous checks and code comments.
> - Updated patch descriptions and titles as necessary.
> - Updated kexec_calculate_store_digests() in patch 2/7 to exclude ima
> segment from calculating and storing digest.
> - Updated patch 3/7 to use kmalloc_array instead of kmalloc and freed
> memory early to avoid potential memory leak.
> - Updated patch 6/7 to change Kconfig option IMA_KEXEC_EXTRA_PAGES to
> IMA_KEXEC_EXTRA_MEMORY_KB to allocate the memory in kb rather than
> in number of pages.
> - Optimized patch 7/7 not to free and alloc memory if the buffer size
> hasn't changed during multiple kexec 'load' operations.
> - Fixed a bug in patch 7/7 to measure multiple 'kexec_load' events even
> if buffer size hasn't changed.
> - Verified the patches are bisect-safe by compiling and booting into
> each patch individually.
>
>
> Change Log v2:
> - Incorporated feedback from the community on v1 series.
> - Refactored the existing ima_dump_measurement_list to move buffer
> allocation functionality to ima_alloc_kexec_buf() function.
> - Introduced a new Kconfig option to configure the memory.
> - Updated the logic to copy the IMA log only in case of kexec soft
> reboot, and not on kexec crash.
> - Updated the logic to copy as many IMA events as possible in case of
> memory constraint, rather than just bailing out.
> - Introduced two new events to be measured by IMA during kexec, to
> help diagnose if the IMA log was copied fully or partially from the
> current Kernel to the next.
> - Refactored patches to ensure no warnings during individual patch
> compilation.
> - Used virt_to_page instead of phys_to_page.
> - Updated patch descriptions as necessary.
>
> steven chen (7):
> ima: define and call ima_alloc_kexec_file_buf
> kexec: define functions to map and unmap segments
> ima: kexec: skip IMA segment validation after kexec soft reboot
> ima: kexec: define functions to copy IMA log at soft boot
> ima: kexec: move IMA log copy from kexec load to execute
> ima: make the kexec extra memory configurable
> ima: measure kexec load and exec events as critical data
>
> include/linux/ima.h | 3 +
> include/linux/kexec.h | 10 ++
> kernel/kexec_core.c | 54 ++++++++
> kernel/kexec_file.c | 31 +++++
> security/integrity/ima/Kconfig | 10 ++
> security/integrity/ima/ima.h | 1 +
> security/integrity/ima/ima_kexec.c | 208 ++++++++++++++++++++++++-----
> security/integrity/ima/ima_queue.c | 4 +-
> 8 files changed, 284 insertions(+), 37 deletions(-)
>
Hi all,
The below is the correct version for review.
https://lore.kernel.org/linux-integrity/20250203184558.61367-1-chenste@linux.microsoft.com/T/#t
Please ignore the this version because I have a typo in linux-integrity mail
I am really sorry to have troubled you.
Steven
More information about the kexec
mailing list