linux_dsm_epyc7002/security/integrity/ima
Mimi Zohar 4f0496d8ff ima: based on policy warn about loading firmware (pre-allocated buffer)
Some systems are memory constrained but they need to load very large
firmwares.  The firmware subsystem allows drivers to request this
firmware be loaded from the filesystem, but this requires that the
entire firmware be loaded into kernel memory first before it's provided
to the driver.  This can lead to a situation where we map the firmware
twice, once to load the firmware into kernel memory and once to copy the
firmware into the final resting place.

To resolve this problem, commit a098ecd2fa ("firmware: support loading
into a pre-allocated buffer") introduced request_firmware_into_buf() API
that allows drivers to request firmware be loaded directly into a
pre-allocated buffer.

Do devices using pre-allocated memory run the risk of the firmware being
accessible to the device prior to the completion of IMA's signature
verification any more than when using two buffers? (Refer to mailing list
discussion[1]).

Only on systems with an IOMMU can the access be prevented.  As long as
the signature verification completes prior to the DMA map is performed,
the device can not access the buffer.  This implies that the same buffer
can not be re-used.  Can we ensure the buffer has not been DMA mapped
before using the pre-allocated buffer?

[1] https://lkml.org/lkml/2018/7/10/56

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: Stephen Boyd <sboyd@kernel.org>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
2018-07-16 12:31:57 -07:00
..
ima_api.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
ima_appraise.c ima: Improvements in ima_appraise_measurement() 2018-03-25 07:26:30 -04:00
ima_crypto.c ima: Fallback to the builtin hash algorithm 2018-03-25 07:26:32 -04:00
ima_fs.c integrity: Add an integrity directory in securityfs 2018-05-17 08:03:07 -04:00
ima_init.c tpm: use struct tpm_chip for tpm_chip_find_get() 2018-01-08 12:58:36 +02:00
ima_kexec.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_main.c ima: based on policy warn about loading firmware (pre-allocated buffer) 2018-07-16 12:31:57 -07:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c ima: add build time policy 2018-07-16 12:31:57 -07:00
ima_queue.c tpm: use struct tpm_chip for tpm_chip_find_get() 2018-01-08 12:58:36 +02:00
ima_template_lib.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template.c ima: Fix line continuation format 2017-12-18 09:43:47 -05:00
ima.h ima: based on policy require signed kexec kernel images 2018-07-16 12:31:57 -07:00
Kconfig ima: add build time policy 2018-07-16 12:31:57 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00