[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-integrity
Subject:    Re: [PATCH 0/1] KEYS: Measure keys in trusted keyring
From:       Mimi Zohar <zohar () linux ! ibm ! com>
Date:       2019-08-30 18:41:47
Message-ID: 1567190507.10024.134.camel () linux ! ibm ! com
[Download RAW message or body]

[Cc'ing Monty, Roberto]

On Thu, 2019-08-29 at 19:43 -0700, Lakshmi Ramasubramanian wrote:
> >> Without this patch set, to attest the clients one needs to maintain
> >> an "allowed list" of file hashes of all versions of all client binaries
> >> that are deployed on the clients in the enterprise.  That is a huge
> >> operational challenge in a large scale environment of clients with
> >> heterogenous builds. This also limits scalability and agility of
> >> rolling out frequent client binary updates.
> > 
> > The purpose of the ima-sig template, which includes the file signature
> > and header containing the keyid, is to avoid needing to maintain a
> > white list as you described.
> 
> If the service were to validate the signature in the ima-sig template, 
> it needs to have the hash of the file. Using the keyid in ima-sig pick 
> the key, calculate the signed hash and compare it with the signed hash 
> in the ima-sig template. Correct?
> 
> Or, it has to maintain the signed hash of the file and compare it with 
> the signed hash in the ima-sig template.
> 
> In both the cases, the service needs to have the hash or signed hash for 
> all the client files (for all versions of that file). This the 
> maintenance overhead we are trying to avoid.

No, the measurement list ima-sig template record contains both the
file hash and signature.  There's no need to maintain a white list of
either the file hashes or signed hashes.  All that is needed is the
set of permitted public keys (eg. keys on the trusted IMA keyring).

> 
> > The concern isn't on the client side, but the server side.  Once the
> > ability of including measurements of keys on the builtin and/or
> > secondary keyrings on the client side exists, the attestation servers
> > can start requiring it.  Providing a means of disabling it on the
> > client side doesn't address this problem.
> 
> But, wouldn't this problem exist for any new measure we add on the 
> client side? Why is it particularly an issue for measuring trusted keys?
> 
> > 
> > No, there is no need for maintaining a binary hash white list.  The
> > attestation server requires a set of trusted keys used to sign
> > software.
> > 
> > The only reason for measuring the keys on the builtin and/or secondary
> > keyrings is to prevent system owners from signing and running
> > applications on their own systems.
> > 
> > Since you obviously disagree, I'd really like to hear other people's thoughts.
> 
> Actually I am agreeing with you - the reason we want to measure the keys 
> in the trusted keyring is to ensure that the system binaries running on 
> the client are signed by trusted keys only.

The .builtin, .secondary, .ima, and .evm keyrings are all trusted
keyrings, based on a signature chain of trust rooted in the signed
Linux kernel.

Even though on the local system, files signed by the system owner
would be permitted, the attestation server would be able to control
access to whatever service.  For example, Trusted Network Connect
(TNC) could control network access.  By measuring the keys on the
builtin/secondary keyrings, that control is not based on who signed
the software package, but based on who signed the certificate of the
key that signed the software package.  My concern is how this level of
indirection could be abused.

> Please see below:
> 
> We let IMA verify the integrity of the system files on the client using 
> IMA key(s). The IMA key(s) are themselves signed by "Trusted Key(s)" - 
> unsigned IMA key or IMA key signed by keys not in the trusted keyring 
> are not even allowed to be added to the IMA keyring.
> 
> And, on the server we validate the "Trusted Keyring" contains only 
> known\trusted keys.
> 
> Through the above process - the server does not need to know the signed 
> file hash. It only needs to keep a list of trusted keys and verify if 
> the keys reported by the client is in that trusted keys set.
> 
> Please let me know if that answers your questions.

All of this would still be true, if you measured the keys on the
trusted IMA keyring, but without the level of indirection described
above.  Depending on your use case scenario, the problem with this
approach is maintaining a list of all the certificates that have been
signed by keys on the builtin, and if enabled, the secondary keyrings.

In the last LSS-NA BoF, Monty suggested, for a different use case, one
that needs to seal keys, measuring keys and extending a separate PCR.

Mimi

[prev in list] [next in list] [prev in thread] [next in thread]