ima: remove the IMA_TEMPLATE Kconfig option

The original 'ima' measurement list template contains a hash, defined
as 20 bytes, and a null terminated pathname, limited to 255
characters.  Other measurement list templates permit both larger hashes
and longer pathnames.  When the "ima" template is configured as the
default, a new measurement list template (ima_template=) must be
specified before specifying a larger hash algorithm (ima_hash=) on the
boot command line.

To avoid this boot command line ordering issue, remove the legacy "ima"
template configuration option, allowing it to still be specified on the
boot command line.

The root cause of this issue is that during the processing of ima_hash,
we would try to check whether the hash algorithm is compatible with the
template. If the template is not set at the moment we do the check, we
check the algorithm against the configured default template. If the
default template is "ima", then we reject any hash algorithm other than
sha1 and md5.

For example, if the compiled default template is "ima", and the default
algorithm is sha1 (which is the current default). In the cmdline, we put
in "ima_hash=sha256 ima_template=ima-ng". The expected behavior would be
that ima starts with ima-ng as the template and sha256 as the hash
algorithm. However, during the processing of "ima_hash=",
"ima_template=" has not been processed yet, and hash_setup would check
the configured hash algorithm against the compiled default: ima, and
reject sha256. So at the end, the hash algorithm that is actually used
will be sha1.

With template "ima" removed from the configured default, we ensure that
the default tempalte would at least be "ima-ng" which allows for
basically any hash algorithm.

This change would not break the algorithm compatibility checks for IMA.

Fixes: 4286587dcc ("ima: add Kconfig default measurement list template")
Signed-off-by: GUO Zihua <guozihua@huawei.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
GUO Zihua 2022-04-07 10:16:19 +08:00 committed by Mimi Zohar
parent 29d1c2b47e
commit 891163adf1

View File

@ -69,10 +69,9 @@ choice
hash, defined as 20 bytes, and a null terminated pathname, hash, defined as 20 bytes, and a null terminated pathname,
limited to 255 characters. The 'ima-ng' measurement list limited to 255 characters. The 'ima-ng' measurement list
template permits both larger hash digests and longer template permits both larger hash digests and longer
pathnames. pathnames. The configured default template can be replaced
by specifying "ima_template=" on the boot command line.
config IMA_TEMPLATE
bool "ima"
config IMA_NG_TEMPLATE config IMA_NG_TEMPLATE
bool "ima-ng (default)" bool "ima-ng (default)"
config IMA_SIG_TEMPLATE config IMA_SIG_TEMPLATE
@ -82,7 +81,6 @@ endchoice
config IMA_DEFAULT_TEMPLATE config IMA_DEFAULT_TEMPLATE
string string
depends on IMA depends on IMA
default "ima" if IMA_TEMPLATE
default "ima-ng" if IMA_NG_TEMPLATE default "ima-ng" if IMA_NG_TEMPLATE
default "ima-sig" if IMA_SIG_TEMPLATE default "ima-sig" if IMA_SIG_TEMPLATE
@ -102,19 +100,19 @@ choice
config IMA_DEFAULT_HASH_SHA256 config IMA_DEFAULT_HASH_SHA256
bool "SHA256" bool "SHA256"
depends on CRYPTO_SHA256=y && !IMA_TEMPLATE depends on CRYPTO_SHA256=y
config IMA_DEFAULT_HASH_SHA512 config IMA_DEFAULT_HASH_SHA512
bool "SHA512" bool "SHA512"
depends on CRYPTO_SHA512=y && !IMA_TEMPLATE depends on CRYPTO_SHA512=y
config IMA_DEFAULT_HASH_WP512 config IMA_DEFAULT_HASH_WP512
bool "WP512" bool "WP512"
depends on CRYPTO_WP512=y && !IMA_TEMPLATE depends on CRYPTO_WP512=y
config IMA_DEFAULT_HASH_SM3 config IMA_DEFAULT_HASH_SM3
bool "SM3" bool "SM3"
depends on CRYPTO_SM3=y && !IMA_TEMPLATE depends on CRYPTO_SM3=y
endchoice endchoice
config IMA_DEFAULT_HASH config IMA_DEFAULT_HASH