1 .. SPDX-License-Identifier: GPL-2.0 2 3 Integrity Policy Enforcement (IPE) 4 ================================== 5 6 .. NOTE:: 7 8 This is the documentation for admins, system builders, or individuals 9 attempting to use IPE. If you're looking for more developer-focused 10 documentation about IPE please see :doc:`the design docs </security/ipe>`. 11 12 Overview 13 -------- 14 15 Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a 16 complementary approach to access control. Unlike traditional access control 17 mechanisms that rely on labels and paths for decision-making, IPE focuses 18 on the immutable security properties inherent to system components. These 19 properties are fundamental attributes or features of a system component 20 that cannot be altered, ensuring a consistent and reliable basis for 21 security decisions. 22 23 To elaborate, in the context of IPE, system components primarily refer to 24 files or the devices these files reside on. However, this is just a 25 starting point. The concept of system components is flexible and can be 26 extended to include new elements as the system evolves. The immutable 27 properties include the origin of a file, which remains constant and 28 unchangeable over time. For example, IPE policies can be crafted to trust 29 files originating from the initramfs. Since initramfs is typically verified 30 by the bootloader, its files are deemed trustworthy; "file is from 31 initramfs" becomes an immutable property under IPE's consideration. 32 33 The immutable property concept extends to the security features enabled on 34 a file's origin, such as dm-verity or fs-verity, which provide a layer of 35 integrity and trust. For example, IPE allows the definition of policies 36 that trust files from a dm-verity protected device. dm-verity ensures the 37 integrity of an entire device by providing a verifiable and immutable state 38 of its contents. Similarly, fs-verity offers filesystem-level integrity 39 checks, allowing IPE to enforce policies that trust files protected by 40 fs-verity. These two features cannot be turned off once established, so 41 they are considered immutable properties. These examples demonstrate how 42 IPE leverages immutable properties, such as a file's origin and its 43 integrity protection mechanisms, to make access control decisions. 44 45 For the IPE policy, specifically, it grants the ability to enforce 46 stringent access controls by assessing security properties against 47 reference values defined within the policy. This assessment can be based on 48 the existence of a security property (e.g., verifying if a file originates 49 from initramfs) or evaluating the internal state of an immutable security 50 property. The latter includes checking the roothash of a dm-verity 51 protected device, determining whether dm-verity possesses a valid 52 signature, assessing the digest of a fs-verity protected file, or 53 determining whether fs-verity possesses a valid built-in signature. This 54 nuanced approach to policy enforcement enables a highly secure and 55 customizable system defense mechanism, tailored to specific security 56 requirements and trust models. 57 58 To enable IPE, ensure that ``CONFIG_SECURITY_IPE`` (under 59 :menuselection:`Security -> Integrity Policy Enforcement (IPE)`) config 60 option is enabled. 61 62 Use Cases 63 --------- 64 65 IPE works best in fixed-function devices: devices in which their purpose 66 is clearly defined and not supposed to be changed (e.g. network firewall 67 device in a data center, an IoT device, etcetera), where all software and 68 configuration is built and provisioned by the system owner. 69 70 IPE is a long-way off for use in general-purpose computing: the Linux 71 community as a whole tends to follow a decentralized trust model (known as 72 the web of trust), which IPE has no support for it yet. Instead, IPE 73 supports PKI (public key infrastructure), which generally designates a 74 set of trusted entities that provide a measure of absolute trust. 75 76 Additionally, while most packages are signed today, the files inside 77 the packages (for instance, the executables), tend to be unsigned. This 78 makes it difficult to utilize IPE in systems where a package manager is 79 expected to be functional, without major changes to the package manager 80 and ecosystem behind it. 81 82 The digest_cache LSM [#digest_cache_lsm]_ is a system that when combined with IPE, 83 could be used to enable and support general-purpose computing use cases. 84 85 Known Limitations 86 ----------------- 87 88 IPE cannot verify the integrity of anonymous executable memory, such as 89 the trampolines created by gcc closures and libffi (<3.4.2), or JIT'd code. 90 Unfortunately, as this is dynamically generated code, there is no way 91 for IPE to ensure the integrity of this code to form a trust basis. 92 93 IPE cannot verify the integrity of programs written in interpreted 94 languages when these scripts are invoked by passing these program files 95 to the interpreter. This is because the way interpreters execute these 96 files; the scripts themselves are not evaluated as executable code 97 through one of IPE's hooks, but they are merely text files that are read 98 (as opposed to compiled executables) [#interpreters]_. 99 100 Threat Model 101 ------------ 102 103 IPE specifically targets the risk of tampering with user-space executable 104 code after the kernel has initially booted, including the kernel modules 105 loaded from userspace via ``modprobe`` or ``insmod``. 106 107 To illustrate, consider a scenario where an untrusted binary, possibly 108 malicious, is downloaded along with all necessary dependencies, including a 109 loader and libc. The primary function of IPE in this context is to prevent 110 the execution of such binaries and their dependencies. 111 112 IPE achieves this by verifying the integrity and authenticity of all 113 executable code before allowing them to run. It conducts a thorough 114 check to ensure that the code's integrity is intact and that they match an 115 authorized reference value (digest, signature, etc) as per the defined 116 policy. If a binary does not pass this verification process, either 117 because its integrity has been compromised or it does not meet the 118 authorization criteria, IPE will deny its execution. Additionally, IPE 119 generates audit logs which may be utilized to detect and analyze failures 120 resulting from policy violation. 121 122 Tampering threat scenarios include modification or replacement of 123 executable code by a range of actors including: 124 125 - Actors with physical access to the hardware 126 - Actors with local network access to the system 127 - Actors with access to the deployment system 128 - Compromised internal systems under external control 129 - Malicious end users of the system 130 - Compromised end users of the system 131 - Remote (external) compromise of the system 132 133 IPE does not mitigate threats arising from malicious but authorized 134 developers (with access to a signing certificate), or compromised 135 developer tools used by them (i.e. return-oriented programming attacks). 136 Additionally, IPE draws hard security boundary between userspace and 137 kernelspace. As a result, kernel-level exploits are considered outside 138 the scope of IPE and mitigation is left to other mechanisms. 139 140 Policy 141 ------ 142 143 IPE policy is a plain-text [#devdoc]_ policy composed of multiple statements 144 over several lines. There is one required line, at the top of the 145 policy, indicating the policy name, and the policy version, for 146 instance:: 147 148 policy_name=Ex_Policy policy_version=0.0.0 149 150 The policy name is a unique key identifying this policy in a human 151 readable name. This is used to create nodes under securityfs as well as 152 uniquely identify policies to deploy new policies vs update existing 153 policies. 154 155 The policy version indicates the current version of the policy (NOT the 156 policy syntax version). This is used to prevent rollback of policy to 157 potentially insecure previous versions of the policy. 158 159 The next portion of IPE policy are rules. Rules are formed by key=value 160 pairs, known as properties. IPE rules require two properties: ``action``, 161 which determines what IPE does when it encounters a match against the 162 rule, and ``op``, which determines when the rule should be evaluated. 163 The ordering is significant, a rule must start with ``op``, and end with 164 ``action``. Thus, a minimal rule is:: 165 166 op=EXECUTE action=ALLOW 167 168 This example will allow any execution. Additional properties are used to 169 assess immutable security properties about the files being evaluated. 170 These properties are intended to be descriptions of systems within the 171 kernel that can provide a measure of integrity verification, such that IPE 172 can determine the trust of the resource based on the value of the property. 173 174 Rules are evaluated top-to-bottom. As a result, any revocation rules, 175 or denies should be placed early in the file to ensure that these rules 176 are evaluated before a rule with ``action=ALLOW``. 177 178 IPE policy supports comments. The character '#' will function as a 179 comment, ignoring all characters to the right of '#' until the newline. 180 181 The default behavior of IPE evaluations can also be expressed in policy, 182 through the ``DEFAULT`` statement. This can be done at a global level, 183 or a per-operation level:: 184 185 # Global 186 DEFAULT action=ALLOW 187 188 # Operation Specific 189 DEFAULT op=EXECUTE action=ALLOW 190 191 A default must be set for all known operations in IPE. If you want to 192 preserve older policies being compatible with newer kernels that can introduce 193 new operations, set a global default of ``ALLOW``, then override the 194 defaults on a per-operation basis (as above). 195 196 With configurable policy-based LSMs, there's several issues with 197 enforcing the configurable policies at startup, around reading and 198 parsing the policy: 199 200 1. The kernel *should* not read files from userspace, so directly reading 201 the policy file is prohibited. 202 2. The kernel command line has a character limit, and one kernel module 203 should not reserve the entire character limit for its own 204 configuration. 205 3. There are various boot loaders in the kernel ecosystem, so handing 206 off a memory block would be costly to maintain. 207 208 As a result, IPE has addressed this problem through a concept of a "boot 209 policy". A boot policy is a minimal policy which is compiled into the 210 kernel. This policy is intended to get the system to a state where 211 userspace is set up and ready to receive commands, at which point a more 212 complex policy can be deployed via securityfs. The boot policy can be 213 specified via ``SECURITY_IPE_BOOT_POLICY`` config option, which accepts 214 a path to a plain-text version of the IPE policy to apply. This policy 215 will be compiled into the kernel. If not specified, IPE will be disabled 216 until a policy is deployed and activated through securityfs. 217 218 Deploying Policies 219 ~~~~~~~~~~~~~~~~~~ 220 221 Policies can be deployed from userspace through securityfs. These policies 222 are signed through the PKCS#7 message format to enforce some level of 223 authorization of the policies (prohibiting an attacker from gaining 224 unconstrained root, and deploying an "allow all" policy). These 225 policies must be signed by a certificate that chains to the 226 ``SYSTEM_TRUSTED_KEYRING``, or to the secondary and/or platform keyrings if 227 ``CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING`` and/or 228 ``CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING`` are enabled, respectively. 229 With openssl, the policy can be signed by:: 230 231 openssl smime -sign \ 232 -in "$MY_POLICY" \ 233 -signer "$MY_CERTIFICATE" \ 234 -inkey "$MY_PRIVATE_KEY" \ 235 -noattr \ 236 -nodetach \ 237 -nosmimecap \ 238 -outform der \ 239 -out "$MY_POLICY.p7b" 240 241 Deploying the policies is done through securityfs, through the 242 ``new_policy`` node. To deploy a policy, simply cat the file into the 243 securityfs node:: 244 245 cat "$MY_POLICY.p7b" > /sys/kernel/security/ipe/new_policy 246 247 Upon success, this will create one subdirectory under 248 ``/sys/kernel/security/ipe/policies/``. The subdirectory will be the 249 ``policy_name`` field of the policy deployed, so for the example above, 250 the directory will be ``/sys/kernel/security/ipe/policies/Ex_Policy``. 251 Within this directory, there will be seven files: ``pkcs7``, ``policy``, 252 ``name``, ``version``, ``active``, ``update``, and ``delete``. 253 254 The ``pkcs7`` file is read-only. Reading it returns the raw PKCS#7 data 255 that was provided to the kernel, representing the policy. If the policy being 256 read is the boot policy, this will return ``ENOENT``, as it is not signed. 257 258 The ``policy`` file is read only. Reading it returns the PKCS#7 inner 259 content of the policy, which will be the plain text policy. 260 261 The ``active`` file is used to set a policy as the currently active policy. 262 This file is rw, and accepts a value of ``"1"`` to set the policy as active. 263 Since only a single policy can be active at one time, all other policies 264 will be marked inactive. The policy being marked active must have a policy 265 version greater or equal to the currently-running version. 266 267 The ``update`` file is used to update a policy that is already present 268 in the kernel. This file is write-only and accepts a PKCS#7 signed 269 policy. Two checks will always be performed on this policy: First, the 270 ``policy_names`` must match with the updated version and the existing 271 version. Second the updated policy must have a policy version greater than 272 the currently-running version. This is to prevent rollback attacks. 273 274 The ``delete`` file is used to remove a policy that is no longer needed. 275 This file is write-only and accepts a value of ``1`` to delete the policy. 276 On deletion, the securityfs node representing the policy will be removed. 277 However, delete the current active policy is not allowed and will return 278 an operation not permitted error. 279 280 Similarly, writing to both ``update`` and ``new_policy`` could result in 281 bad message(policy syntax error) or file exists error. The latter error happens 282 when trying to deploy a policy with a ``policy_name`` while the kernel already 283 has a deployed policy with the same ``policy_name``. 284 285 Deploying a policy will *not* cause IPE to start enforcing the policy. IPE will 286 only enforce the policy marked active. Note that only one policy can be active 287 at a time. 288 289 Once deployment is successful, the policy can be activated, by writing file 290 ``/sys/kernel/security/ipe/policies/$policy_name/active``. 291 For example, the ``Ex_Policy`` can be activated by:: 292 293 echo 1 > "/sys/kernel/security/ipe/policies/Ex_Policy/active" 294 295 From above point on, ``Ex_Policy`` is now the enforced policy on the 296 system. 297 298 IPE also provides a way to delete policies. This can be done via the 299 ``delete`` securityfs node, 300 ``/sys/kernel/security/ipe/policies/$policy_name/delete``. 301 Writing ``1`` to that file deletes the policy:: 302 303 echo 1 > "/sys/kernel/security/ipe/policies/$policy_name/delete" 304 305 There is only one requirement to delete a policy: the policy being deleted 306 must be inactive. 307 308 .. NOTE:: 309 310 If a traditional MAC system is enabled (SELinux, apparmor, smack), all 311 writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 312 313 Modes 314 ~~~~~ 315 316 IPE supports two modes of operation: permissive (similar to SELinux's 317 permissive mode) and enforced. In permissive mode, all events are 318 checked and policy violations are logged, but the policy is not really 319 enforced. This allows users to test policies before enforcing them. 320 321 The default mode is enforce, and can be changed via the kernel command 322 line parameter ``ipe.enforce=(0|1)``, or the securityfs node 323 ``/sys/kernel/security/ipe/enforce``. 324 325 .. NOTE:: 326 327 If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera), 328 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 329 330 Audit Events 331 ~~~~~~~~~~~~ 332 333 1420 AUDIT_IPE_ACCESS 334 ^^^^^^^^^^^^^^^^^^^^^ 335 Event Examples:: 336 337 type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-linux.so" path="/deny/lib/libc.so.6" dev="sda2" ino=14549020 rule="DEFAULT action=DENY" 338 type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a28000 a1=195000 a2=5 a3=812 items=0 ppid=2219 pid=2241 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null) 339 type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00 340 341 type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_test" path=? dev=? ino=? rule="DEFAULT action=DENY" 342 type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000 a2=4 a3=21 items=0 ppid=2219 pid=2472 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="mmap_test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null) 343 type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00 344 345 This event indicates that IPE made an access control decision; the IPE 346 specific record (1420) is always emitted in conjunction with a 347 ``AUDITSYSCALL`` record. 348 349 Determining whether IPE is in permissive or enforced mode can be derived 350 from ``success`` property and exit code of the ``AUDITSYSCALL`` record. 351 352 353 Field descriptions: 354 355 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 356 | Field | Value Type | Optional? | Description of Value | 357 +===========+============+===========+=================================================================================+ 358 | ipe_op | string | No | The IPE operation name associated with the log | 359 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 360 | ipe_hook | string | No | The name of the LSM hook that triggered the IPE event | 361 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 362 | enforcing | integer | No | The current IPE enforcing state 1 is in enforcing mode, 0 is in permissive mode | 363 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 364 | pid | integer | No | The pid of the process that triggered the IPE event. | 365 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 366 | comm | string | No | The command line program name of the process that triggered the IPE event | 367 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 368 | path | string | Yes | The absolute path to the evaluated file | 369 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 370 | ino | integer | Yes | The inode number of the evaluated file | 371 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 372 | dev | string | Yes | The device name of the evaluated file, e.g. vda | 373 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 374 | rule | string | No | The matched policy rule | 375 +-----------+------------+-----------+---------------------------------------------------------------------------------+ 376 377 1421 AUDIT_IPE_CONFIG_CHANGE 378 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 379 380 Event Example:: 381 382 type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 old_policy_digest=sha256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 new_active_pol_name="boot_verified" new_active_pol_version=0.0.0 new_policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1 383 type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=5596fcae1fb0 a2=2 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null) 384 type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2 385 386 This event indicates that IPE switched the active poliy from one to another 387 along with the version and the hash digest of the two policies. 388 Note IPE can only have one policy active at a time, all access decision 389 evaluation is based on the current active policy. 390 The normal procedure to deploy a new policy is loading the policy to deploy 391 into the kernel first, then switch the active policy to it. 392 393 This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 394 395 Field descriptions: 396 397 +------------------------+------------+-----------+---------------------------------------------------+ 398 | Field | Value Type | Optional? | Description of Value | 399 +========================+============+===========+===================================================+ 400 | old_active_pol_name | string | Yes | The name of previous active policy | 401 +------------------------+------------+-----------+---------------------------------------------------+ 402 | old_active_pol_version | string | Yes | The version of previous active policy | 403 +------------------------+------------+-----------+---------------------------------------------------+ 404 | old_policy_digest | string | Yes | The hash of previous active policy | 405 +------------------------+------------+-----------+---------------------------------------------------+ 406 | new_active_pol_name | string | No | The name of current active policy | 407 +------------------------+------------+-----------+---------------------------------------------------+ 408 | new_active_pol_version | string | No | The version of current active policy | 409 +------------------------+------------+-----------+---------------------------------------------------+ 410 | new_policy_digest | string | No | The hash of current active policy | 411 +------------------------+------------+-----------+---------------------------------------------------+ 412 | auid | integer | No | The login user ID | 413 +------------------------+------------+-----------+---------------------------------------------------+ 414 | ses | integer | No | The login session ID | 415 +------------------------+------------+-----------+---------------------------------------------------+ 416 | lsm | string | No | The lsm name associated with the event | 417 +------------------------+------------+-----------+---------------------------------------------------+ 418 | res | integer | No | The result of the audited operation(success/fail) | 419 +------------------------+------------+-----------+---------------------------------------------------+ 420 421 1422 AUDIT_IPE_POLICY_LOAD 422 ^^^^^^^^^^^^^^^^^^^^^^^^^^ 423 424 Event Example:: 425 426 type=1422 audit(1653425529.927:53): policy_name="boot_verified" policy_version=0.0.0 policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1 427 type=1300 audit(1653425529.927:53): arch=c000003e syscall=1 success=yes exit=2567 a0=3 a1=5596fcae1fb0 a2=a07 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null) 428 type=1327 audit(1653425529.927:53): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2E 429 430 This record indicates a new policy has been loaded into the kernel with the policy name, policy version and policy hash. 431 432 This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 433 434 Field descriptions: 435 436 +----------------+------------+-----------+---------------------------------------------------+ 437 | Field | Value Type | Optional? | Description of Value | 438 +================+============+===========+===================================================+ 439 | policy_name | string | No | The policy_name | 440 +----------------+------------+-----------+---------------------------------------------------+ 441 | policy_version | string | No | The policy_version | 442 +----------------+------------+-----------+---------------------------------------------------+ 443 | policy_digest | string | No | The policy hash | 444 +----------------+------------+-----------+---------------------------------------------------+ 445 | auid | integer | No | The login user ID | 446 +----------------+------------+-----------+---------------------------------------------------+ 447 | ses | integer | No | The login session ID | 448 +----------------+------------+-----------+---------------------------------------------------+ 449 | lsm | string | No | The lsm name associated with the event | 450 +----------------+------------+-----------+---------------------------------------------------+ 451 | res | integer | No | The result of the audited operation(success/fail) | 452 +----------------+------------+-----------+---------------------------------------------------+ 453 454 455 1404 AUDIT_MAC_STATUS 456 ^^^^^^^^^^^^^^^^^^^^^ 457 458 Event Examples:: 459 460 type=1404 audit(1653425689.008:55): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 461 type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=) 462 type=1327 audit(1653425689.008:55): proctitle="-bash" 463 464 type=1404 audit(1653425689.008:55): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 465 type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=) 466 type=1327 audit(1653425689.008:55): proctitle="-bash" 467 468 This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 469 470 Field descriptions: 471 472 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 473 | Field | Value Type | Optional? | Description of Value | 474 +===============+============+===========+=================================================================================================+ 475 | enforcing | integer | No | The enforcing state IPE is being switched to, 1 is in enforcing mode, 0 is in permissive mode | 476 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 477 | old_enforcing | integer | No | The enforcing state IPE is being switched from, 1 is in enforcing mode, 0 is in permissive mode | 478 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 479 | auid | integer | No | The login user ID | 480 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 481 | ses | integer | No | The login session ID | 482 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 483 | enabled | integer | No | The new TTY audit enabled setting | 484 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 485 | old-enabled | integer | No | The old TTY audit enabled setting | 486 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 487 | lsm | string | No | The lsm name associated with the event | 488 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 489 | res | integer | No | The result of the audited operation(success/fail) | 490 +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 491 492 493 Success Auditing 494 ^^^^^^^^^^^^^^^^ 495 496 IPE supports success auditing. When enabled, all events that pass IPE 497 policy and are not blocked will emit an audit event. This is disabled by 498 default, and can be enabled via the kernel command line 499 ``ipe.success_audit=(0|1)`` or 500 ``/sys/kernel/security/ipe/success_audit`` securityfs file. 501 502 This is *very* noisy, as IPE will check every userspace binary on the 503 system, but is useful for debugging policies. 504 505 .. NOTE:: 506 507 If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera), 508 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 509 510 Properties 511 ---------- 512 513 As explained above, IPE properties are ``key=value`` pairs expressed in IPE 514 policy. Two properties are built-into the policy parser: 'op' and 'action'. 515 The other properties are used to restrict immutable security properties 516 about the files being evaluated. Currently those properties are: 517 '``boot_verified``', '``dmverity_signature``', '``dmverity_roothash``', 518 '``fsverity_signature``', '``fsverity_digest``'. A description of all 519 properties supported by IPE are listed below: 520 521 op 522 ~~ 523 524 Indicates the operation for a rule to apply to. Must be in every rule, 525 as the first token. IPE supports the following operations: 526 527 ``EXECUTE`` 528 529 Pertains to any file attempting to be executed, or loaded as an 530 executable. 531 532 ``FIRMWARE``: 533 534 Pertains to firmware being loaded via the firmware_class interface. 535 This covers both the preallocated buffer and the firmware file 536 itself. 537 538 ``KMODULE``: 539 540 Pertains to loading kernel modules via ``modprobe`` or ``insmod``. 541 542 ``KEXEC_IMAGE``: 543 544 Pertains to kernel images loading via ``kexec``. 545 546 ``KEXEC_INITRAMFS`` 547 548 Pertains to initrd images loading via ``kexec --initrd``. 549 550 ``POLICY``: 551 552 Controls loading policies via reading a kernel-space initiated read. 553 554 An example of such is loading IMA policies by writing the path 555 to the policy file to ``$securityfs/ima/policy`` 556 557 ``X509_CERT``: 558 559 Controls loading IMA certificates through the Kconfigs, 560 ``CONFIG_IMA_X509_PATH`` and ``CONFIG_EVM_X509_PATH``. 561 562 action 563 ~~~~~~ 564 565 Determines what IPE should do when a rule matches. Must be in every 566 rule, as the final clause. Can be one of: 567 568 ``ALLOW``: 569 570 If the rule matches, explicitly allow access to the resource to proceed 571 without executing any more rules. 572 573 ``DENY``: 574 575 If the rule matches, explicitly prohibit access to the resource to 576 proceed without executing any more rules. 577 578 boot_verified 579 ~~~~~~~~~~~~~ 580 581 This property can be utilized for authorization of files from initramfs. 582 The format of this property is:: 583 584 boot_verified=(TRUE|FALSE) 585 586 587 .. WARNING:: 588 589 This property will trust files from initramfs(rootfs). It should 590 only be used during early booting stage. Before mounting the real 591 rootfs on top of the initramfs, initramfs script will recursively 592 remove all files and directories on the initramfs. This is typically 593 implemented by using switch_root(8) [#switch_root]_. Therefore the 594 initramfs will be empty and not accessible after the real 595 rootfs takes over. It is advised to switch to a different policy 596 that doesn't rely on the property after this point. 597 This ensures that the trust policies remain relevant and effective 598 throughout the system's operation. 599 600 dmverity_roothash 601 ~~~~~~~~~~~~~~~~~ 602 603 This property can be utilized for authorization or revocation of 604 specific dm-verity volumes, identified via their root hashes. It has a 605 dependency on the DM_VERITY module. This property is controlled by 606 the ``IPE_PROP_DM_VERITY`` config option, it will be automatically 607 selected when ``SECURITY_IPE`` and ``DM_VERITY`` are all enabled. 608 The format of this property is:: 609 610 dmverity_roothash=DigestName:HexadecimalString 611 612 The supported DigestNames for dmverity_roothash are [#dmveritydigests]_ 613 614 + blake2b-512 615 + blake2s-256 616 + sha256 617 + sha384 618 + sha512 619 + sha3-224 620 + sha3-256 621 + sha3-384 622 + sha3-512 623 + sm3 624 + rmd160 625 626 dmverity_signature 627 ~~~~~~~~~~~~~~~~~~ 628 629 This property can be utilized for authorization of all dm-verity 630 volumes that have a signed roothash that validated by a keyring 631 specified by dm-verity's configuration, either the system trusted 632 keyring, or the secondary keyring. It depends on 633 ``DM_VERITY_VERIFY_ROOTHASH_SIG`` config option and is controlled by 634 the ``IPE_PROP_DM_VERITY_SIGNATURE`` config option, it will be automatically 635 selected when ``SECURITY_IPE``, ``DM_VERITY`` and 636 ``DM_VERITY_VERIFY_ROOTHASH_SIG`` are all enabled. 637 The format of this property is:: 638 639 dmverity_signature=(TRUE|FALSE) 640 641 fsverity_digest 642 ~~~~~~~~~~~~~~~ 643 644 This property can be utilized for authorization of specific fsverity 645 enabled files, identified via their fsverity digests. 646 It depends on ``FS_VERITY`` config option and is controlled by 647 the ``IPE_PROP_FS_VERITY`` config option, it will be automatically 648 selected when ``SECURITY_IPE`` and ``FS_VERITY`` are all enabled. 649 The format of this property is:: 650 651 fsverity_digest=DigestName:HexadecimalString 652 653 The supported DigestNames for fsverity_digest are [#fsveritydigest]_ 654 655 + sha256 656 + sha512 657 658 fsverity_signature 659 ~~~~~~~~~~~~~~~~~~ 660 661 This property is used to authorize all fs-verity enabled files that have 662 been verified by fs-verity's built-in signature mechanism. The signature 663 verification relies on a key stored within the ".fs-verity" keyring. It 664 depends on ``FS_VERITY_BUILTIN_SIGNATURES`` config option and 665 it is controlled by the ``IPE_PROP_FS_VERITY`` config option, 666 it will be automatically selected when ``SECURITY_IPE``, ``FS_VERITY`` 667 and ``FS_VERITY_BUILTIN_SIGNATURES`` are all enabled. 668 The format of this property is:: 669 670 fsverity_signature=(TRUE|FALSE) 671 672 Policy Examples 673 --------------- 674 675 Allow all 676 ~~~~~~~~~ 677 678 :: 679 680 policy_name=Allow_All policy_version=0.0.0 681 DEFAULT action=ALLOW 682 683 Allow only initramfs 684 ~~~~~~~~~~~~~~~~~~~~ 685 686 :: 687 688 policy_name=Allow_Initramfs policy_version=0.0.0 689 DEFAULT action=DENY 690 691 op=EXECUTE boot_verified=TRUE action=ALLOW 692 693 Allow any signed and validated dm-verity volume and the initramfs 694 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 695 696 :: 697 698 policy_name=Allow_Signed_DMV_And_Initramfs policy_version=0.0.0 699 DEFAULT action=DENY 700 701 op=EXECUTE boot_verified=TRUE action=ALLOW 702 op=EXECUTE dmverity_signature=TRUE action=ALLOW 703 704 Prohibit execution from a specific dm-verity volume 705 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 706 707 :: 708 709 policy_name=Deny_DMV_By_Roothash policy_version=0.0.0 710 DEFAULT action=DENY 711 712 op=EXECUTE dmverity_roothash=sha256:cd2c5bae7c6c579edaae4353049d58eb5f2e8be0244bf05345bc8e5ed257baff action=DENY 713 714 op=EXECUTE boot_verified=TRUE action=ALLOW 715 op=EXECUTE dmverity_signature=TRUE action=ALLOW 716 717 Allow only a specific dm-verity volume 718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 719 720 :: 721 722 policy_name=Allow_DMV_By_Roothash policy_version=0.0.0 723 DEFAULT action=DENY 724 725 op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW 726 727 Allow any fs-verity file with a valid built-in signature 728 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 729 730 :: 731 732 policy_name=Allow_Signed_And_Validated_FSVerity policy_version=0.0.0 733 DEFAULT action=DENY 734 735 op=EXECUTE fsverity_signature=TRUE action=ALLOW 736 737 Allow execution of a specific fs-verity file 738 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 739 740 :: 741 742 policy_name=ALLOW_FSV_By_Digest policy_version=0.0.0 743 DEFAULT action=DENY 744 745 op=EXECUTE fsverity_digest=sha256:fd88f2b8824e197f850bf4c5109bea5cf0ee38104f710843bb72da796ba5af9e action=ALLOW 746 747 Additional Information 748 ---------------------- 749 750 - `Github Repository <https://github.com/microsoft/ipe>`_ 751 - :doc:`Developer and design docs for IPE </security/ipe>` 752 753 FAQ 754 --- 755 756 Q: 757 What's the difference between other LSMs which provide a measure of 758 trust-based access control? 759 760 A: 761 762 In general, there's two other LSMs that can provide similar functionality: 763 IMA, and Loadpin. 764 765 IMA and IPE are functionally very similar. The significant difference between 766 the two is the policy. [#devdoc]_ 767 768 Loadpin and IPE differ fairly dramatically, as Loadpin only covers the IPE's 769 kernel read operations, whereas IPE is capable of controlling execution 770 on top of kernel read. The trust model is also different; Loadpin roots its 771 trust in the initial super-block, whereas trust in IPE is stemmed from kernel 772 itself (via ``SYSTEM_TRUSTED_KEYS``). 773 774 ----------- 775 776 .. [#digest_cache_lsm] https://lore.kernel.org/lkml/20240415142436.2545003-1-roberto.sassu@huaweicloud.com/ 777 778 .. [#interpreters] There is `some interest in solving this issue <https://lore.kernel.org/lkml/20220321161557.495388-1-mic@digikod.net/">https://lore.kernel.org/lkml/20220321161557.495388-1-mic@digikod.net/>`_. 779 780 .. [#devdoc] Please see :doc:`the design docs </security/ipe>` for more on 781 this topic. 782 783 .. [#switch_root] https://man7.org/linux/man-pages/man8/switch_root.8.html 784 785 .. [#dmveritydigests] These hash algorithms are based on values accepted by 786 the Linux crypto API; IPE does not impose any 787 restrictions on the digest algorithm itself; 788 thus, this list may be out of date. 789 790 .. [#fsveritydigest] These hash algorithms are based on values accepted by the 791 kernel's fsverity support; IPE does not impose any 792 restrictions on the digest algorithm itself; 793 thus, this list may be out of date.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.