• T
    dm ima: measure data on table load · 91ccbbac
    Tushar Sugandhi 提交于
    DM configures a block device with various target specific attributes
    passed to it as a table.  DM loads the table, and calls each target’s
    respective constructors with the attributes as input parameters.
    Some of these attributes are critical to ensure the device meets
    certain security bar.  Thus, IMA should measure these attributes, to
    ensure they are not tampered with, during the lifetime of the device.
    So that the external services can have high confidence in the
    configuration of the block-devices on a given system.
    
    Some devices may have large tables.  And a given device may change its
    state (table-load, suspend, resume, rename, remove, table-clear etc.)
    many times.  Measuring these attributes each time when the device
    changes its state will significantly increase the size of the IMA logs.
    Further, once configured, these attributes are not expected to change
    unless a new table is loaded, or a device is removed and recreated.
    Therefore the clear-text of the attributes should only be measured
    during table load, and the hash of the active/inactive table should be
    measured for the remaining device state changes.
    
    Export IMA function ima_measure_critical_data() to allow measurement
    of DM device parameters, as well as target specific attributes, during
    table load.  Compute the hash of the inactive table and store it for
    measurements during future state change.  If a load is called multiple
    times, update the inactive table hash with the hash of the latest
    populated table.  So that the correct inactive table hash is measured
    when the device transitions to different states like resume, remove,
    rename, etc.
    Signed-off-by: NTushar Sugandhi <tusharsu@linux.microsoft.com>
    Signed-off-by: Colin Ian King <colin.king@canonical.com> # leak fix
    Signed-off-by: NMike Snitzer <snitzer@redhat.com>
    91ccbbac
device-mapper.h 18.8 KB