write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/security/integrity/ima/Kconfig
..
..
@@ -1,3 +1,4 @@
1
+# SPDX-License-Identifier: GPL-2.0-only
1
2
 # IBM Integrity Measurement Architecture
2
3
 #
3
4
 config IMA
..
..
@@ -7,7 +8,7 @@
7
8
 	select CRYPTO_HMAC
8
9
 	select CRYPTO_SHA1
9
10
 	select CRYPTO_HASH_INFO
10
-	select TCG_TPM if HAS_IOMEM && !UML
11
+	select TCG_TPM if HAS_IOMEM
11
12
 	select TCG_TIS if TCG_TPM && X86
12
13
 	select TCG_CRB if TCG_TPM && ACPI
13
14
 	select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
..
..
@@ -24,13 +25,15 @@
24
25
 	  an aggregate integrity value over this list inside the
25
26
 	  TPM hardware, so that the TPM can prove to a third party
26
27
 	  whether or not critical system files have been modified.
27
-	  Read <http://www.usenix.org/events/sec04/tech/sailer.html>
28
+	  Read <https://www.usenix.org/events/sec04/tech/sailer.html>
28
29
 	  to learn more about IMA.
29
30
 	  If unsure, say N.
30
31
 
32
+if IMA
33
+
31
34
 config IMA_KEXEC
32
35
 	bool "Enable carrying the IMA measurement list across a soft boot"
33
-	depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
36
+	depends on TCG_TPM && HAVE_IMA_KEXEC
34
37
 	default n
35
38
 	help
36
39
 	   TPM PCRs are only reset on a hard reboot.  In order to validate
..
..
@@ -42,7 +45,6 @@
42
45
 
43
46
 config IMA_MEASURE_PCR_IDX
44
47
 	int
45
-	depends on IMA
46
48
 	range 8 14
47
49
 	default 10
48
50
 	help
..
..
@@ -52,7 +54,7 @@
52
54
 
53
55
 config IMA_LSM_RULES
54
56
 	bool
55
-	depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
57
+	depends on AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR)
56
58
 	default y
57
59
 	help
58
60
 	  Disabling this option will disregard LSM based policy rules.
..
..
@@ -60,7 +62,6 @@
60
62
 choice
61
63
 	prompt "Default template"
62
64
 	default IMA_NG_TEMPLATE
63
-	depends on IMA
64
65
 	help
65
66
 	  Select the default IMA measurement template.
66
67
 
..
..
@@ -68,10 +69,9 @@
68
69
 	  hash, defined as 20 bytes, and a null terminated pathname,
69
70
 	  limited to 255 characters.  The 'ima-ng' measurement list
70
71
 	  template permits both larger hash digests and longer
71
-	  pathnames.
72
+	  pathnames. The configured default template can be replaced
73
+	  by specifying "ima_template=" on the boot command line.
72
74
 
73
-	config IMA_TEMPLATE
74
-		bool "ima"
75
75
 	config IMA_NG_TEMPLATE
76
76
 		bool "ima-ng (default)"
77
77
 	config IMA_SIG_TEMPLATE
..
..
@@ -80,15 +80,12 @@
80
80
 
81
81
 config IMA_DEFAULT_TEMPLATE
82
82
 	string
83
-	depends on IMA
84
-	default "ima" if IMA_TEMPLATE
85
83
 	default "ima-ng" if IMA_NG_TEMPLATE
86
84
 	default "ima-sig" if IMA_SIG_TEMPLATE
87
85
 
88
86
 choice
89
87
 	prompt "Default integrity hash algorithm"
90
88
 	default IMA_DEFAULT_HASH_SHA1
91
-	depends on IMA
92
89
 	help
93
90
 	   Select the default hash algorithm used for the measurement
94
91
 	   list, integrity appraisal and audit log.  The compiled default
..
..
@@ -101,28 +98,31 @@
101
98
 
102
99
 	config IMA_DEFAULT_HASH_SHA256
103
100
 		bool "SHA256"
104
-		depends on CRYPTO_SHA256=y && !IMA_TEMPLATE
101
+		depends on CRYPTO_SHA256=y
105
102
 
106
103
 	config IMA_DEFAULT_HASH_SHA512
107
104
 		bool "SHA512"
108
-		depends on CRYPTO_SHA512=y && !IMA_TEMPLATE
105
+		depends on CRYPTO_SHA512=y
109
106
 
110
107
 	config IMA_DEFAULT_HASH_WP512
111
108
 		bool "WP512"
112
-		depends on CRYPTO_WP512=y && !IMA_TEMPLATE
109
+		depends on CRYPTO_WP512=y
110
+
111
+	config IMA_DEFAULT_HASH_SM3
112
+		bool "SM3"
113
+		depends on CRYPTO_SM3=y
113
114
 endchoice
114
115
 
115
116
 config IMA_DEFAULT_HASH
116
117
 	string
117
-	depends on IMA
118
118
 	default "sha1" if IMA_DEFAULT_HASH_SHA1
119
119
 	default "sha256" if IMA_DEFAULT_HASH_SHA256
120
120
 	default "sha512" if IMA_DEFAULT_HASH_SHA512
121
121
 	default "wp512" if IMA_DEFAULT_HASH_WP512
122
+	default "sm3" if IMA_DEFAULT_HASH_SM3
122
123
 
123
124
 config IMA_WRITE_POLICY
124
125
 	bool "Enable multiple writes to the IMA policy"
125
-	depends on IMA
126
126
 	default n
127
127
 	help
128
128
 	  IMA policy can now be updated multiple times.  The new rules get
..
..
@@ -133,7 +133,6 @@
133
133
 
134
134
 config IMA_READ_POLICY
135
135
 	bool "Enable reading back the current IMA policy"
136
-	depends on IMA
137
136
 	default y if IMA_WRITE_POLICY
138
137
 	default n if !IMA_WRITE_POLICY
139
138
 	help
..
..
@@ -143,7 +142,6 @@
143
142
 
144
143
 config IMA_APPRAISE
145
144
 	bool "Appraise integrity measurements"
146
-	depends on IMA
147
145
 	default n
148
146
 	help
149
147
 	  This option enables local measurement integrity appraisal.
..
..
@@ -155,6 +153,15 @@
155
153
 	  For more information on integrity appraisal refer to:
156
154
 	  <http://linux-ima.sourceforge.net>
157
155
 	  If unsure, say N.
156
+
157
+config IMA_ARCH_POLICY
158
+        bool "Enable loading an IMA architecture specific policy"
159
+        depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \
160
+		   && INTEGRITY_ASYMMETRIC_KEYS
161
+        default n
162
+        help
163
+          This option enables loading an IMA architecture specific policy
164
+          based on run time secure boot flags.
158
165
 
159
166
 config IMA_APPRAISE_BUILD_POLICY
160
167
 	bool "IMA build time configured policy rules"
..
..
@@ -222,17 +229,18 @@
222
229
 	  This option enables the different "ima_appraise=" modes
223
230
 	  (eg. fix, log) from the boot command line.
224
231
 
225
-config IMA_TRUSTED_KEYRING
226
-	bool "Require all keys on the .ima keyring be signed (deprecated)"
227
-	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
232
+config IMA_APPRAISE_MODSIG
233
+	bool "Support module-style signatures for appraisal"
234
+	depends on IMA_APPRAISE
228
235
 	depends on INTEGRITY_ASYMMETRIC_KEYS
229
-	select INTEGRITY_TRUSTED_KEYRING
230
-	default y
236
+	select PKCS7_MESSAGE_PARSER
237
+	select MODULE_SIG_FORMAT
238
+	default n
231
239
 	help
232
-	   This option requires that all keys added to the .ima
233
-	   keyring be signed by a key on the system trusted keyring.
234
-
235
-	   This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
240
+	   Adds support for signatures appended to files. The format of the
241
+	   appended signature is the same used for signed kernel modules.
242
+	   The modsig keyword can be used in the IMA policy to allow a hook
243
+	   to accept such signatures.
236
244
 
237
245
 config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
238
246
 	bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
..
..
@@ -254,7 +262,7 @@
254
262
 config IMA_BLACKLIST_KEYRING
255
263
 	bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
256
264
 	depends on SYSTEM_TRUSTED_KEYRING
257
-	depends on IMA_TRUSTED_KEYRING
265
+	depends on INTEGRITY_TRUSTED_KEYRING
258
266
 	default n
259
267
 	help
260
268
 	   This option creates an IMA blacklist keyring, which contains all
..
..
@@ -264,7 +272,7 @@
264
272
 
265
273
 config IMA_LOAD_X509
266
274
 	bool "Load X509 certificate onto the '.ima' trusted keyring"
267
-	depends on IMA_TRUSTED_KEYRING
275
+	depends on INTEGRITY_TRUSTED_KEYRING
268
276
 	default n
269
277
 	help
270
278
 	   File signature verification is based on the public keys
..
..
@@ -286,3 +294,23 @@
286
294
 	default n
287
295
 	help
288
296
 	   This option requires user-space init to be signed.
297
+
298
+config IMA_MEASURE_ASYMMETRIC_KEYS
299
+	bool
300
+	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
301
+	default y
302
+
303
+config IMA_QUEUE_EARLY_BOOT_KEYS
304
+	bool
305
+	depends on IMA_MEASURE_ASYMMETRIC_KEYS
306
+	depends on SYSTEM_TRUSTED_KEYRING
307
+	default y
308
+
309
+config IMA_SECURE_AND_OR_TRUSTED_BOOT
310
+       bool
311
+       depends on IMA_ARCH_POLICY
312
+       help
313
+          This option is selected by architectures to enable secure and/or
314
+          trusted boot based on IMA runtime policies.
315
+
316
+endif