On Thu, Oct 17, 2024 at 09:55:08 -0600, Eric Snowberg wrote:
> Introduce a new key type for keyring access control. The new key type
> is called clavis_key_acl. The clavis_key_acl contains the subject key
> identifier along with the allowed usage type for the key.
>
> The format is as follows:
>
On Thu, 2024-10-17 at 21:42 +, Eric Snowberg wrote:
>
>
> > On Oct 17, 2024, at 1:20 PM, Jarkko Sakkinen
> > wrote:
> >
> > On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> > > Add a new verification type called VERIFYING_CLAVIS_SIGNATURE.
> > > This
> > > new
> > > usage will be
> On Oct 17, 2024, at 1:20 PM, Jarkko Sakkinen wrote:
>
> On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
>> Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This
>> new
>> usage will be used for validating keys added to the new clavis LSM
>> keyring.
>> This will be intr
On Thu, 2024-10-17 at 20:34 +, Eric Snowberg wrote:
>
>
> > On Oct 17, 2024, at 10:50 AM, Jarkko Sakkinen
> > wrote:
> >
> > On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> > > +static struct asymmetric_key_id *clavis_parse_boot_param(char
> > > *kid,
> > > struct asymmetric_key_i
> On Oct 17, 2024, at 10:50 AM, Jarkko Sakkinen wrote:
>
> On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
>> +static struct asymmetric_key_id *clavis_parse_boot_param(char *kid,
>> struct asymmetric_key_id *akid,
>> + int
>> akid_max_len)
>> +{
>> + int error, hex_len;
>> +
>> + if (!k
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> If the kernel is built with CONFIG_MODULE_SIG_KEY, get the subject
> key identifier and add an ACL for it within the .clavis keyring.
>
> Signed-off-by: Eric Snowberg
Super sound splits! Nice to review, have to give credit on this
:-)
>
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This
> new
> usage will be used for validating keys added to the new clavis LSM
> keyring.
> This will be introduced in a follow-on patch.
>
> Signed-off-by: Eric Snowberg
> -
> On Oct 17, 2024, at 10:13 AM, Jarkko Sakkinen wrote:
>
> On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
>> Remove the CONFIG_INTEGRITY_PLATFORM_KEYRING ifdef check so this
>> pattern does not need to be repeated with new code.
>>
>> Signed-off-by: Eric Snowberg
>> ---
>> certs/syst
> On Oct 17, 2024, at 10:16 AM, Jarkko Sakkinen wrote:
>
> On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
>> Introduce system_key_link(), a new function to allow a keyring to
>> link
>> to a key contained within one of the system keyrings (builtin,
>> secondary,
>> or platform). Depend
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> +static struct asymmetric_key_id *clavis_parse_boot_param(char *kid,
> struct asymmetric_key_id *akid,
> + int
> akid_max_len)
> +{
> + int error, hex_len;
> +
> + if (!kid)
> +
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> Introduce system_key_link(), a new function to allow a keyring to
> link
> to a key contained within one of the system keyrings (builtin,
> secondary,
> or platform). Depending on how the kernel is built, if the machine
> keyring is availabl
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> Remove the CONFIG_INTEGRITY_PLATFORM_KEYRING ifdef check so this
> pattern does not need to be repeated with new code.
>
> Signed-off-by: Eric Snowberg
> ---
> certs/system_keyring.c | 6 --
> 1 file changed, 6 deletions(-)
>
> diff
Add Kunit coverage to Clavis.
The Makefile will generate multiple test vectors. All test vectors will
end up in the x509.h, acl.h or signed_data.h file.
The clavis test vectors (ctv) include:
6 different x509 certs. One for each of the different key usage types.
This will be loa
Remove the CONFIG_INTEGRITY_PLATFORM_KEYRING ifdef check so this
pattern does not need to be repeated with new code.
Signed-off-by: Eric Snowberg
---
certs/system_keyring.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 9de610bf1f4b
Introduce a new LSM called clavis. The motivation behind this LSM is to
provide access control for system keys. The access control list is
contained within a keyring call .clavis. During boot if the clavis= boot
arg is supplied with a key id contained within any of the current system
keyrings (b
Add two new fields in public_key_signature to track the intended usage of
the signature. Also add a flag for the revocation pass. During signature
validation, two verifications can take place for the same signature. One
to see if it verifies against something on the .blacklist keyring and
the ot
Add a new Kconfig called Security_CLAVIS_ACL_LIST. If set, this option
should be the file name of a list of clavis ACL entries. This will be
included into a C wrapper to incorporate the acl list into the kernel.
The file contents must be in the following format: :. If more than one entry is added,
Introduce system_key_link(), a new function to allow a keyring to link
to a key contained within one of the system keyrings (builtin, secondary,
or platform). Depending on how the kernel is built, if the machine
keyring is available, it will be checked as well, since it is linked to
the secondary k
If found, use the new Clavis EFI RT variable to validate the clavis boot
param didn't change during a reboot. If the boot param is different or
missing, use the one stored in EFI instead. This will prevent a pivot
in the root of trust for the upcoming Clavis LSM. If CONFIG_EARLY_CLAVIS
is not ena
Introduce a new key type for keyring access control. The new key type
is called clavis_key_acl. The clavis_key_acl contains the subject key
identifier along with the allowed usage type for the key.
The format is as follows:
XX:YYY
XX - Single byte of the key type
VERIFYING_MODU
If the kernel is built with CONFIG_MODULE_SIG_KEY, get the subject
key identifier and add an ACL for it within the .clavis keyring.
Signed-off-by: Eric Snowberg
---
certs/.gitignore | 1 +
certs/Makefile | 20
certs/clavis_module_acl.c
In preparation for Kunit support within Clavis, add function redirection
for some of the static functions. Also Add KUNIT_STATIC_STUB_REDIRECT
to a few functions that will be redirected in the future. This should
have no functional change.
Signed-off-by: Eric Snowberg
---
security/clavis/clavi
Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This new
usage will be used for validating keys added to the new clavis LSM keyring.
This will be introduced in a follow-on patch.
Signed-off-by: Eric Snowberg
---
crypto/asymmetric_keys/asymmetric_type.c | 1 +
crypto/asymmetric_ke
Add the ability for the clavis boot param to persist across kexec. This is
done by creating a RT variable before ExitBootServices is called. The new
variable is called Clavis with a new GUID
193ccef6-348b-4f1f-a81b-0ea4b899dbf2. This variable does not have NVRAM
set, signifying it was created dur
Introduce a new system keyring called clavis. This keyring shall contain
a single asymmetric key. This key may be a linked to a key already
contained in one of the system keyrings (builtin, secondary, or platform).
One way to add this key into this keyring is during boot by passing in the
asymmetr
Motivation:
Each end-user has their own security threat model. What is important to one
end-user may not be important to another. There is not a right or wrong threat
model.
A common request made when adding new kernel changes that could impact the
threat model around system kernel keys is to add
26 matches
Mail list logo
