evm: Verify portable signatures against all protected xattrs
Currently, the evm_config_default_xattrnames array contains xattr names only related to LSMs which are enabled in the kernel configuration. However, EVM portable signatures do not depend on local information and a vendor might include in the signature calculation xattrs that are not enabled in the target platform. Just including all xattrs names in evm_config_default_xattrnames is not a safe approach, because a target system might have already calculated signatures or HMACs based only on the enabled xattrs. After applying this patch, EVM would verify those signatures and HMACs with all xattrs instead. The non-enabled ones, which could possibly exist, would cause a verification error. Thus, this patch adds a new field named enabled to the xattr_list structure, which is set to true if the LSM associated to a given xattr name is enabled in the kernel configuration. The non-enabled xattrs are taken into account only in evm_calc_hmac_or_hash(), if the passed security.evm type is EVM_XATTR_PORTABLE_DIGSIG. The new function evm_protected_xattr_if_enabled() has been defined so that IMA can include all protected xattrs and not only the enabled ones in the measurement list, if the new template fields xattrnames, xattrlengths or xattrvalues have been included in the template format. Signed-off-by:Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by:
Showing
- include/linux/evm.h 6 additions, 0 deletionsinclude/linux/evm.h
- security/integrity/evm/evm.h 1 addition, 0 deletionssecurity/integrity/evm/evm.h
- security/integrity/evm/evm_crypto.c 7 additions, 0 deletionssecurity/integrity/evm/evm_crypto.c
- security/integrity/evm/evm_main.c 46 additions, 10 deletionssecurity/integrity/evm/evm_main.c
- security/integrity/evm/evm_secfs.c 14 additions, 2 deletionssecurity/integrity/evm/evm_secfs.c
Loading
Please register or sign in to comment