From patchwork Mon Jul 27 22:30:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1337381 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BFvfj48b7z9sRN for ; Tue, 28 Jul 2020 08:31:25 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id D48853C4CA9 for ; Tue, 28 Jul 2020 00:31:22 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it [217.194.8.2]) by picard.linux.it (Postfix) with ESMTP id 4ECBA3C26BF for ; Tue, 28 Jul 2020 00:30:53 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-2.smtp.seeweb.it (Postfix) with ESMTPS id 6C24560137E for ; Tue, 28 Jul 2020 00:30:52 +0200 (CEST) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 258DBAC37; Mon, 27 Jul 2020 22:31:02 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Tue, 28 Jul 2020 00:30:38 +0200 Message-Id: <20200727223041.13110-2-pvorel@suse.cz> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727223041.13110-1-pvorel@suse.cz> References: <20200727223041.13110-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.99.2 at in-2.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=7.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-2.smtp.seeweb.it Subject: [LTP] [PATCH v5 1/4] IMA: Rename helper to require_ima_policy_cmdline X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lakshmi Ramasubramanian , balajib@linux.microsoft.com, Mimi Zohar , linux-integrity@vger.kernel.org Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" To be clear we check /proc/cmdline. There will be another helper function require_ima_policy_content(). Signed-off-by: Petr Vorel --- New in v5. testcases/kernel/security/integrity/ima/tests/evm_overlay.sh | 2 +- .../kernel/security/integrity/ima/tests/ima_measurements.sh | 2 +- testcases/kernel/security/integrity/ima/tests/ima_setup.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/evm_overlay.sh b/testcases/kernel/security/integrity/ima/tests/evm_overlay.sh index ac209e430..9d86778b6 100755 --- a/testcases/kernel/security/integrity/ima/tests/evm_overlay.sh +++ b/testcases/kernel/security/integrity/ima/tests/evm_overlay.sh @@ -19,7 +19,7 @@ setup() [ -f "$EVM_FILE" ] || tst_brk TCONF "EVM not enabled in kernel" [ $(cat $EVM_FILE) -eq 1 ] || tst_brk TCONF "EVM not enabled for this boot" - check_ima_policy "appraise_tcb" + require_ima_policy_cmdline "appraise_tcb" lower="$TST_MNTPOINT/lower" upper="$TST_MNTPOINT/upper" diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh index 04d8e6353..9a7500c76 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh @@ -15,7 +15,7 @@ TST_NEEDS_DEVICE=1 setup() { - check_ima_policy "tcb" + require_ima_policy_cmdline "tcb" TEST_FILE="$PWD/test.txt" POLICY="$IMA_DIR/policy" diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh index 8ae477c1c..975ce9cbb 100644 --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -54,7 +54,7 @@ compute_digest() return 1 } -check_ima_policy() +require_ima_policy_cmdline() { local policy="$1" local i From patchwork Mon Jul 27 22:30:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1337378 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BFvfK4tbrz9sRN for ; Tue, 28 Jul 2020 08:31:03 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 049723C26CD for ; Tue, 28 Jul 2020 00:30:55 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-3.smtp.seeweb.it (in-3.smtp.seeweb.it [IPv6:2001:4b78:1:20::3]) by picard.linux.it (Postfix) with ESMTP id 2B5DA3C0488 for ; Tue, 28 Jul 2020 00:30:53 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-3.smtp.seeweb.it (Postfix) with ESMTPS id AE1F21A0110D for ; Tue, 28 Jul 2020 00:30:52 +0200 (CEST) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 47999AEB6; Mon, 27 Jul 2020 22:31:02 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Tue, 28 Jul 2020 00:30:39 +0200 Message-Id: <20200727223041.13110-3-pvorel@suse.cz> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727223041.13110-1-pvorel@suse.cz> References: <20200727223041.13110-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.99.2 at in-3.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=7.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-3.smtp.seeweb.it Subject: [LTP] [PATCH v5 2/4] IMA: Add policy related helpers X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lakshmi Ramasubramanian , balajib@linux.microsoft.com, Mimi Zohar , linux-integrity@vger.kernel.org Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Petr Vorel Reviewed-by: Mimi Zohar --- New in v5. .../security/integrity/ima/tests/ima_setup.sh | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh index 975ce9cbb..c46f273ab 100644 --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -54,6 +54,45 @@ compute_digest() return 1 } +check_policy_readable() +{ + if [ -f $IMA_POLICY ]; then + tst_res TINFO "missing $IMA_POLICY (reboot or CONFIG_IMA_WRITE_POLICY=y required)" + return 1 + fi + cat $IMA_POLICY > /dev/null 2>/dev/null +} + +require_policy_readable() +{ + if [ -f $IMA_POLICY ]; then + tst_brk TCONF "missing $IMA_POLICY (reboot or CONFIG_IMA_WRITE_POLICY=y required)" + fi + if ! check_policy_readable; then + tst_brk TCONF "cannot read IMA policy (CONFIG_IMA_READ_POLICY=y required)" + fi +} + +check_ima_policy_content() +{ + local pattern="$1" + local grep_params="${2--q}" + + check_policy_readable || return 1 + grep $grep_params "$pattern" $IMA_POLICY +} + +require_ima_policy_content() +{ + local pattern="$1" + local grep_params="${2--q}" + + require_policy_readable + if ! grep $grep_params "$pattern" $IMA_POLICY; then + tst_brk TCONF "IMA policy does not specify '$pattern'" + fi +} + require_ima_policy_cmdline() { local policy="$1" From patchwork Mon Jul 27 22:30:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1337379 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BFvfN1L36z9sRN for ; Tue, 28 Jul 2020 08:31:08 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 9C33F3C4CA2 for ; Tue, 28 Jul 2020 00:31:05 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [217.194.8.4]) by picard.linux.it (Postfix) with ESMTP id 32F083C232B for ; Tue, 28 Jul 2020 00:30:53 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id A290F1000A41 for ; Tue, 28 Jul 2020 00:30:52 +0200 (CEST) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 6C933AF36; Mon, 27 Jul 2020 22:31:02 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Tue, 28 Jul 2020 00:30:40 +0200 Message-Id: <20200727223041.13110-4-pvorel@suse.cz> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727223041.13110-1-pvorel@suse.cz> References: <20200727223041.13110-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.99.2 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=7.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH v5 3/4] IMA/ima_keys.sh: Fix policy readability check X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lakshmi Ramasubramanian , balajib@linux.microsoft.com, Mimi Zohar , linux-integrity@vger.kernel.org Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Using a proper check with cat, because file attributes were fixed in ffb122de9a60 ("ima: Reflect correct permissions for policy") in v4.18. Fixes: d2768c84e ("IMA: Add a test to verify measurement of keys") Signed-off-by: Petr Vorel --- Changes v4->v5: * use require_ima_policy_content * moved helper function to previous commit .../kernel/security/integrity/ima/tests/ima_keys.sh | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh index 2f6c2b027..5a77deec1 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh @@ -19,15 +19,7 @@ test1() tst_res TINFO "verifying key measurement for keyrings and templates specified in IMA policy file" - [ -f $IMA_POLICY ] || tst_brk TCONF "missing $IMA_POLICY" - - [ -r $IMA_POLICY ] || tst_brk TCONF "cannot read IMA policy (CONFIG_IMA_READ_POLICY=y required)" - - keycheck_lines=$(grep "func=KEY_CHECK" $IMA_POLICY) - if [ -z "$keycheck_lines" ]; then - tst_brk TCONF "ima policy does not specify \"func=KEY_CHECK\"" - fi - + keycheck_lines=$(require_ima_policy_content "func=KEY_CHECK" "") keycheck_line=$(echo "$keycheck_lines" | grep "keyrings" | head -n1) if [ -z "$keycheck_line" ]; then From patchwork Mon Jul 27 22:30:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1337380 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BFvfZ5JkCz9sRk for ; Tue, 28 Jul 2020 08:31:18 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 504F13C27D0 for ; Tue, 28 Jul 2020 00:31:14 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5]) by picard.linux.it (Postfix) with ESMTP id 406003C2690 for ; Tue, 28 Jul 2020 00:30:53 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 02CCE600A5B for ; Tue, 28 Jul 2020 00:29:30 +0200 (CEST) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 9CF7FB5DA; Mon, 27 Jul 2020 22:31:02 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Tue, 28 Jul 2020 00:30:41 +0200 Message-Id: <20200727223041.13110-5-pvorel@suse.cz> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727223041.13110-1-pvorel@suse.cz> References: <20200727223041.13110-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.99.2 at in-5.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=7.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-5.smtp.seeweb.it Subject: [LTP] [PATCH v5 4/4] IMA: Add test for kexec cmdline measurement X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: balajib@linux.microsoft.com, Lakshmi Ramasubramanian , Mimi Zohar , linux-integrity@vger.kernel.org Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Lachlan Sneff IMA policy can be set to measure the command line passed in the kexec system call. Add a testcase that verifies that the IMA subsystem correctly measure the cmdline specified during a kexec. Reviewed-by: Petr Vorel Reviewed-by: Mimi Zohar Signed-off-by: Lachlan Sneff [ pvorel: improved setup, various LTP API cleanup ] Signed-off-by: Petr Vorel --- Changes v4->v5: * added kexec.policy, please check it (for lazy people, I still plan some automatic mechanism for loading policies on CONFIG_IMA_WRITE_POLICY) * rewritten checks in setup: - simplify secure boot bootctl verification - try dmesg when bootctl not available - check on failure also ^appraise.*func=KEXEC_KERNEL_CHECK policy - improve logic for func=KEXEC_CMDLINE check (instead of requiring policy to be readable check only when readable, otherwise TWARN, ...) - TWARN on failures in setup => TWARN is kind of error as it exit with non-zero, but these cases are failures thus don't hide them) * added cleanup commit (adding helpers) * various LTP API cleanup: - added setup into separate function - reuse test code with kexec_test() Kind regards, Petr runtest/ima | 1 + .../kernel/security/integrity/ima/README.md | 8 ++ .../integrity/ima/datafiles/kexec.policy | 1 + .../security/integrity/ima/tests/ima_kexec.sh | 111 ++++++++++++++++++ 4 files changed, 121 insertions(+) create mode 100644 testcases/kernel/security/integrity/ima/datafiles/kexec.policy create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_kexec.sh diff --git a/runtest/ima b/runtest/ima index 309d47420..5f4b4a7a1 100644 --- a/runtest/ima +++ b/runtest/ima @@ -4,4 +4,5 @@ ima_policy ima_policy.sh ima_tpm ima_tpm.sh ima_violations ima_violations.sh ima_keys ima_keys.sh +ima_kexec ima_kexec.sh evm_overlay evm_overlay.sh diff --git a/testcases/kernel/security/integrity/ima/README.md b/testcases/kernel/security/integrity/ima/README.md index 732cd912f..d4644ba39 100644 --- a/testcases/kernel/security/integrity/ima/README.md +++ b/testcases/kernel/security/integrity/ima/README.md @@ -36,6 +36,14 @@ CONFIG_SYSTEM_TRUSTED_KEYS="/etc/keys/ima-local-ca.pem" Test also requires loaded policy with `func=KEY_CHECK`, see example in `keycheck.policy`. +### IMA kexec test + +`ima_kexec.sh` requires loaded policy which contains `measure func=KEXEC_CMDLINE`, +see example in `kexec.policy`. + +The test attempts to kexec the existing running kernel image. +To kexec a different kernel image export `IMA_KEXEC_IMAGE=`. + ## EVM tests `evm_overlay.sh` requires a builtin IMA appraise tcb policy (e.g. `ima_policy=appraise_tcb` diff --git a/testcases/kernel/security/integrity/ima/datafiles/kexec.policy b/testcases/kernel/security/integrity/ima/datafiles/kexec.policy new file mode 100644 index 000000000..58d66369e --- /dev/null +++ b/testcases/kernel/security/integrity/ima/datafiles/kexec.policy @@ -0,0 +1 @@ +measure func=KEXEC_CMDLINE diff --git a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh new file mode 100755 index 000000000..fbad9b425 --- /dev/null +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh @@ -0,0 +1,111 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2020 Microsoft Corporation +# Copyright (c) 2020 Petr Vorel +# Author: Lachlan Sneff +# +# Verify that kexec cmdline is measured correctly. +# Test attempts to kexec the existing running kernel image. +# To kexec a different kernel image export IMA_KEXEC_IMAGE=. + +TST_NEEDS_CMDS="grep kexec sed" +TST_CNT=2 +TST_NEEDS_DEVICE=1 +TST_SETUP="setup" + +. ima_setup.sh + +IMA_KEXEC_IMAGE="${IMA_KEXEC_IMAGE:-/boot/vmlinuz-$(uname -r)}" + +measure() +{ + local cmdline="$1" + local algorithm digest expected_digest found + + printf "$cmdline" > file1 + grep "kexec-cmdline" $ASCII_MEASUREMENTS > file2 + + while read found + do + algorithm=$(echo "$found" | cut -d' ' -f4 | cut -d':' -f1) + digest=$(echo "$found" | cut -d' ' -f4 | cut -d':' -f2) + + expected_digest=$(compute_digest $algorithm file1) + + if [ "$digest" = "$expected_digest" ]; then + return 0 + fi + done < file2 + + return 1 +} + +setup() +{ + local cmdline="$(sed 's/BOOT_IMAGE=[^ ]* //' /proc/cmdline)" + local res=TBROK + local sb_enabled + + if [ ! -f "$IMA_KEXEC_IMAGE" ]; then + tst_brk TCONF "kernel image not found, specify path in \$IMA_KEXEC_IMAGE" + fi + + if check_policy_readable; then + require_ima_policy_content '^measure.*func=KEXEC_CMDLINE' + res=TFAIL + fi + + tst_res TINFO "loading kernel $IMA_KEXEC_IMAGE, cmdline: $cmdline" + if kexec -s -l $IMA_KEXEC_IMAGE --reuse-cmdline 2>err; then + ROD kexec -su + if ! measure "$cmdline"; then + if [ "$res" = TBROK ]; then + tst_res TWARN "policy not readable, it might not contain required measure func=KEXEC_CMDLINE" + fi + tst_brk $res "unable to find a correct entry for --reuse-cmdline" + fi + return + fi + + if tst_cmd_available bootctl; then + if bootctl status 2>/dev/null | grep -qi 'Secure Boot: enabled'; then + sb_enabled=1 + fi + elif tst_cmd_available dmesg; then + if dmesg | grep -qi 'Secure boot enabled'; then + sb_enabled=1 + fi + fi + if [ "$sb_enabled" ]; then + tst_res TWARN "secure boot is enabled, kernel image may not be signed" + fi + + if check_ima_policy_content '^appraise.*func=KEXEC_KERNEL_CHECK'; then + tst_res TWARN "'func=KEXEC_KERNEL_CHECK' appraise policy loaded, kernel image may not be signed" + fi + + tst_brk TBROK "kexec failed: $(cat err)" +} + +kexec_test() +{ + local cmdline="$1" + local param="$2" + + EXPECT_PASS_BRK kexec -s -l $IMA_KEXEC_IMAGE $param=$cmdline + ROD kexec -su + if ! measure "$cmdline"; then + tst_brk TFAIL "unable to find a correct entry for $param=$cmdline" + fi + tst_res TPASS "kexec cmdline for $param=$cmdline was measured correctly" +} + +test() +{ + case $1 in + 1) kexec_test 'foo' '--append';; + 2) kexec_test 'bar' '--command-line';; + esac +} + +tst_run