~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/security/ipe.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/security/ipe.rst (Version linux-6.12-rc7) and /Documentation/security/ipe.rst (Version linux-2.6.0)


  1 .. SPDX-License-Identifier: GPL-2.0               
  2                                                   
  3 Integrity Policy Enforcement (IPE) - Kernel Do    
  4 ==============================================    
  5                                                   
  6 .. NOTE::                                         
  7                                                   
  8    This is documentation targeted at developer    
  9    If you're looking for documentation on the     
 10    :doc:`IPE admin guide </admin-guide/LSM/ipe    
 11                                                   
 12 Historical Motivation                             
 13 ---------------------                             
 14                                                   
 15 The original issue that prompted IPE's impleme    
 16 of a locked-down system. This system would be     
 17 strong integrity guarantees over both the exec    
 18 *data files* on the system, that were critical    
 19 specific data files would not be readable unle    
 20 policy. A mandatory access control system woul    
 21 as a result, xattrs would have to be protected    
 22 of what would provide the integrity claims. At    
 23 main mechanisms considered that could guarante    
 24 with these requirements:                          
 25                                                   
 26   1. IMA + EVM Signatures                         
 27   2. DM-Verity                                    
 28                                                   
 29 Both options were carefully considered, howeve    
 30 over IMA+EVM as the *integrity mechanism* in t    
 31 was due to three main reasons:                    
 32                                                   
 33   1. Protection of additional attack vectors:     
 34                                                   
 35     * With IMA+EVM, without an encryption solu    
 36       to offline attack against the aforementi    
 37                                                   
 38       Unlike executables, read operations (lik    
 39       files), cannot be enforced to be globall    
 40       there must be some form of selector to d    
 41       enforce the integrity policy, or it shou    
 42                                                   
 43       At the time, this was done with mandator    
 44       policy would indicate what labels requir    
 45       presented an issue: EVM would protect th    
 46       modify filesystem offline, the attacker     
 47       including the SELinux labels that would     
 48       file should be subject to integrity poli    
 49                                                   
 50       With DM-Verity, as the xattrs are saved     
 51       offline mount occurs against the filesys    
 52       checksum no longer matches and the file     
 53                                                   
 54     * As userspace binaries are paged in Linux    
 55       additional protection against a hostile     
 56       the block device reports the appropriate    
 57       initially, passing the required integrit    
 58       that accesses the real data, will report    
 59       dm-verity will check the data when the p    
 60       access), this attack is mitigated.          
 61                                                   
 62   2. Performance:                                 
 63                                                   
 64     * dm-verity provides integrity verificatio    
 65       read versus requiring the entire file be    
 66       validation.                                 
 67                                                   
 68   3. Simplicity of signing:                       
 69                                                   
 70     * No need for two signatures (IMA, then EV    
 71       an entire block device.                     
 72     * Signatures can be stored externally to t    
 73     * The signature supports an x.509-based si    
 74                                                   
 75 The next step was to choose a *policy* to enfo    
 76 The minimum requirements for the policy were:     
 77                                                   
 78   1. The policy itself must be integrity verif    
 79      attack against it).                          
 80   2. The policy itself must be resistant to ro    
 81   3. The policy enforcement must have a permis    
 82   4. The policy must be able to be updated, in    
 83      a reboot.                                    
 84   5. Policy updates must be atomic.               
 85   6. The policy must support *revocations* of     
 86      components.                                  
 87   7. The policy must be auditable, at any poin    
 88                                                   
 89 IMA, as the only integrity policy mechanism at    
 90 considered against these list of requirements,    
 91 all of the minimum requirements. Extending IMA    
 92 requirements was considered, but ultimately di    
 93 two reasons:                                      
 94                                                   
 95   1. Regression risk; many of these changes wo    
 96      dramatic code changes to IMA, which is al    
 97      kernel, and therefore might impact users.    
 98                                                   
 99   2. IMA was used in the system for measuremen    
100      separation of measurement policy from loc    
101      enforcement was considered favorable.        
102                                                   
103 Due to these reasons, it was decided that a ne    
104 whose responsibility would be only the local i    
105                                                   
106 Role and Scope                                    
107 --------------                                    
108                                                   
109 IPE, as its name implies, is fundamentally an     
110 solution; IPE does not mandate how integrity i    
111 leaves that decision to the system administrat    
112 via the mechanisms that they select that suit     
113 There are several different integrity solution    
114 level of security guarantees; and IPE allows s    
115 theoretically all of them.                        
116                                                   
117 IPE does not have an inherent mechanism to ens    
118 Instead, there are more effective layers avail    
119 can guarantee integrity. It's important to not    
120 integrity is independent of the policy for enf    
121                                                   
122 Therefore, IPE was designed around:               
123                                                   
124   1. Easy integrations with integrity provider    
125   2. Ease of use for platform administrators/s    
126                                                   
127 Design Rationale:                                 
128 -----------------                                 
129                                                   
130 IPE was designed after evaluating existing int    
131 in other operating systems and environments. I    
132 implementations, there were a few pitfalls ide    
133                                                   
134   1. Policies were not readable by humans, usu    
135      intermediary format.                         
136   2. A single, non-customizable action was imp    
137   3. Debugging the policy required manual step    
138   4. Authoring a policy required an in-depth k    
139      or operating system.                         
140                                                   
141 IPE attempts to avoid all of these pitfalls.      
142                                                   
143 Policy                                            
144 ~~~~~~                                            
145                                                   
146 Plain Text                                        
147 ^^^^^^^^^^                                        
148                                                   
149 IPE's policy is plain-text. This introduces sl    
150 other LSMs, but solves two major problems that    
151 solutions on other platforms.                     
152                                                   
153 The first issue is one of code maintenance and    
154 the policy has to be some form of string repre    
155 through XML, JSON, YAML, etcetera), to allow t    
156 what is being written. In a hypothetical binar    
157 is necessary to write the policy from the huma    
158 form, and a deserializer is needed to interpre    
159 structure in the kernel.                          
160                                                   
161 Eventually, another deserializer will be neede    
162 back into the human-readable form with as much    
163 user of this access control system will have t    
164 and the original file itself to try to underst    
165 on this system and what policies have not. For    
166 as old policies can be discarded almost immedi    
167 For users that manage computer fleets in the t    
168 with multiple different operating systems, and    
169 this quickly becomes an issue, as stale polici    
170 quickly resulting in the need to recover the p    
171 to track what each policy contains.               
172                                                   
173 With now three separate serializer/deserialize    
174 policy avoids the binary format, there is only    
175 human-readable form to the data structure in k    
176 and retaining operability.                        
177                                                   
178 The second issue with a binary format is one o    
179 access based on the trust of the system's reso    
180 trusted to be changed. This is done through si    
181 signing as a process. Signing, as a process, i    
182 high security bar, as anything signed can be u    
183 enforcement systems. It is also important that    
184 the signer is aware of what they are signing.     
185 obfuscation of that fact; what signers see is     
186 plain-text policy, on the other hand, the sign    
187 submitted for signing.                            
188                                                   
189 Boot Policy                                       
190 ~~~~~~~~~~~                                       
191                                                   
192 IPE, if configured appropriately, is able to e    
193 kernel is booted and usermode starts. That imp    
194 of the policy to apply the minute usermode sta    
195 can be handled in one of three ways:              
196                                                   
197   1. The policy file(s) live on disk and the k    
198      to an code path that would result in an e    
199   2. The policy file(s) are passed by the boot    
200      parses the policy.                           
201   3. There is a policy file that is compiled i    
202      parsed and enforced on initialization.       
203                                                   
204 The first option has problems: the kernel read    
205 is typically discouraged and very uncommon in     
206                                                   
207 The second option also has problems: Linux sup    
208 across its entire ecosystem - every bootloader    
209 new methodology or there must be an independen    
210 result in more drastic changes to the kernel s    
211                                                   
212 The third option is the best but it's importan    
213 will take disk space against the kernel it's c    
214 keep this policy generalized enough that users    
215 complicated policy, but restrictive enough tha    
216 and cause security issues.                        
217                                                   
218 The initramfs provides a way that this bootup     
219 kernel starts with a minimal policy, that trus    
220 the initramfs, when the real rootfs is mounted    
221 it deploys and activates a policy that trusts     
222 This prevents overauthorization at any step, a    
223 to a minimal size.                                
224                                                   
225 Startup                                           
226 ^^^^^^^                                           
227                                                   
228 Not every system, however starts with an initr    
229 compiled into the kernel will need some flexib    
230 is established for the next phase of the bootu    
231 make the compiled-in policy a full IPE policy,    
232 to express the first stage bootup requirements    
233                                                   
234 Updatable, Rebootless Policy                      
235 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~                      
236                                                   
237 As requirements change over time (vulnerabilit    
238 trusted applications, keys roll, etcetera). Up    
239 meet those security goals is not always a suit    
240 always risk-free, and blocking a security upda    
241 This means IPE requires a policy that can be c    
242 revocations of existing policy) from a source     
243 policies to be updated without updating the ke    
244                                                   
245 Additionally, since the kernel is stateless be    
246 policy files off the disk from kernel space is    
247 policy updates have to be done rebootlessly.      
248                                                   
249 To allow an update from an external source, it    
250 so this policy needs to have a way to be ident    
251 done via a signature chained to a trust source    
252 this is  the ``SYSTEM_TRUSTED_KEYRING``, a key    
253 populated at kernel compile-time, as this matc    
254 author of the compiled-in policy described abo    
255 deploy policy updates.                            
256                                                   
257 Anti-Rollback / Anti-Replay                       
258 ~~~~~~~~~~~~~~~~~~~~~~~~~~~                       
259                                                   
260 Over time, vulnerabilities are found and trust    
261 trusted anymore. IPE's policy has no exception    
262 instances where a mistaken policy author deplo    
263 before correcting it with a secure policy.        
264                                                   
265 Assuming that as soon as the insecure policy i    
266 acquires the insecure policy, IPE needs a way     
267 from the secure policy update to the insecure     
268                                                   
269 Initially, IPE's policy can have a policy_vers    
270 minimum required version across all policies t    
271 the system. This will prevent rollback while t    
272                                                   
273 .. WARNING::                                      
274                                                   
275   However, since the kernel is stateless acros    
276   version will be reset to 0.0.0 on the next b    
277   need to be aware of this, and ensure the new    
278   deployed ASAP after a boot to ensure that th    
279   opportunity is minimal for an attacker to de    
280                                                   
281 Implicit Actions:                                 
282 ~~~~~~~~~~~~~~~~~                                 
283                                                   
284 The issue of implicit actions only becomes vis    
285 a mixed level of security bars across multiple    
286 For example, consider a system that has strong    
287 over both the executable code, and specific *d    
288 that were critical to its function. In this sy    
289 are possible:                                     
290                                                   
291   1. A policy in which failure to match any ru    
292      in the action being denied.                  
293   2. A policy in which failure to match any ru    
294      in the action being allowed.                 
295   3. A policy in which the action taken when n    
296      specified by the policy author.              
297                                                   
298 The first option could make a policy like this    
299                                                   
300   op=EXECUTE integrity_verified=YES action=ALL    
301                                                   
302 In the example system, this works well for the    
303 executables should have integrity guarantees,     
304 issue becomes with the second requirement abou    
305 This would result in a policy like this (assum    
306 evaluated in order)::                             
307                                                   
308   op=EXECUTE integrity_verified=YES action=ALL    
309                                                   
310   op=READ integrity_verified=NO label=critical    
311   op=READ action=ALLOW                            
312                                                   
313 This is somewhat clear if you read the docs, u    
314 is executed in order and that the default is a    
315 last line effectively changes that default to     
316 required, because in a realistic system, there    
317 reads (imagine appending to a log file).          
318                                                   
319 The second option, matching no rules results i    
320 for the specific data files::                     
321                                                   
322   op=READ integrity_verified=NO label=critical    
323                                                   
324 And, like the first option, falls short with t    
325 effectively needing to override the default::     
326                                                   
327   op=EXECUTE integrity_verified=YES action=ALL    
328   op=EXECUTE action=DENY                          
329                                                   
330   op=READ integrity_verified=NO label=critical    
331                                                   
332 This leaves the third option. Instead of makin    
333 and override the default with an empty rule, f    
334 to consider what the appropriate default shoul    
335 scenario and explicitly state it::                
336                                                   
337   DEFAULT op=EXECUTE action=DENY                  
338   op=EXECUTE integrity_verified=YES action=ALL    
339                                                   
340   DEFAULT op=READ action=ALLOW                    
341   op=READ integrity_verified=NO label=critical    
342                                                   
343 Policy Debugging:                                 
344 ~~~~~~~~~~~~~~~~~                                 
345                                                   
346 When developing a policy, it is useful to know    
347 is being violated to reduce debugging costs; n    
348 investigation to the exact line that resulted     
349 policy systems do not provide this information    
350 information that was used in the evaluation. T    
351 with the policy to evaluate what went wrong.      
352                                                   
353 Instead, IPE just emits the rule that was matc    
354 of the investigation to the exact policy line     
355 rule), or the section (in the case of a DEFAUL    
356 and investigation times when policy failures a    
357 policies.                                         
358                                                   
359 IPE's policy engine is also designed in a way     
360 a human of how to investigate a policy failure    
361 the sequence that is written, so the algorithm    
362 for humans to recreate the steps and could hav    
363 surveyed systems, optimizations occur (sorting    
364 the policy. In those systems, it requires mult    
365 algorithm may not always be clear to the end-u    
366                                                   
367 Simplified Policy:                                
368 ~~~~~~~~~~~~~~~~~~                                
369                                                   
370 Finally, IPE's policy is designed for sysadmin    
371 of covering individual LSM hooks (or syscalls)    
372 instead of sysadmins needing to know that the     
373 ``execve``, and ``uselib`` must have rules pro    
374 that they want to restrict code execution. Thi    
375 could occur due to a lack of knowledge of the     
376 maintainers of IPE, being kernel developers ca    
377 whether something maps to these operations, an    
378                                                   
379 Implementation Notes                              
380 --------------------                              
381                                                   
382 Anonymous Memory                                  
383 ~~~~~~~~~~~~~~~~                                  
384                                                   
385 Anonymous memory isn't treated any differently    
386 When anonymous memory is mapped with ``+X``, i    
387 or ``file_mprotect`` hook, but with a ``NULL``    
388 the evaluation, like any other file. However,     
389 evaluate to false, as they are all file-based     
390 associated with a file.                           
391                                                   
392 .. WARNING::                                      
393                                                   
394   This also occurs with the ``kernel_load_data    
395   loading data from a userspace buffer that is    
396   scenario all current trust properties will a    
397                                                   
398 Securityfs Interface                              
399 ~~~~~~~~~~~~~~~~~~~~                              
400                                                   
401 The per-policy securityfs tree is somewhat uni    
402 a standard securityfs policy tree::               
403                                                   
404   MyPolicy                                        
405     |- active                                     
406     |- delete                                     
407     |- name                                       
408     |- pkcs7                                      
409     |- policy                                     
410     |- update                                     
411     |- version                                    
412                                                   
413 The policy is stored in the ``->i_private`` da    
414                                                   
415 Tests                                             
416 -----                                             
417                                                   
418 IPE has KUnit Tests for the policy parser. Rec    
419                                                   
420   CONFIG_KUNIT=y                                  
421   CONFIG_SECURITY=y                               
422   CONFIG_SECURITYFS=y                             
423   CONFIG_PKCS7_MESSAGE_PARSER=y                   
424   CONFIG_SYSTEM_DATA_VERIFICATION=y               
425   CONFIG_FS_VERITY=y                              
426   CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y           
427   CONFIG_BLOCK=y                                  
428   CONFIG_MD=y                                     
429   CONFIG_BLK_DEV_DM=y                             
430   CONFIG_DM_VERITY=y                              
431   CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y          
432   CONFIG_NET=y                                    
433   CONFIG_AUDIT=y                                  
434   CONFIG_AUDITSYSCALL=y                           
435   CONFIG_BLK_DEV_INITRD=y                         
436                                                   
437   CONFIG_SECURITY_IPE=y                           
438   CONFIG_IPE_PROP_DM_VERITY=y                     
439   CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y           
440   CONFIG_IPE_PROP_FS_VERITY=y                     
441   CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y         
442   CONFIG_SECURITY_IPE_KUNIT_TEST=y                
443                                                   
444 In addition, IPE has a python based integratio    
445 `test suite <https://github.com/microsoft/ipe/    
446 can test both user interfaces and enforcement     
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php