ipe.rst 41 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835
  1. .. SPDX-License-Identifier: GPL-2.0
  2. Integrity Policy Enforcement (IPE)
  3. ==================================
  4. .. NOTE::
  5. This is the documentation for admins, system builders, or individuals
  6. attempting to use IPE. If you're looking for more developer-focused
  7. documentation about IPE please see :doc:`the design docs </security/ipe>`.
  8. Overview
  9. --------
  10. Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a
  11. complementary approach to access control. Unlike traditional access control
  12. mechanisms that rely on labels and paths for decision-making, IPE focuses
  13. on the immutable security properties inherent to system components. These
  14. properties are fundamental attributes or features of a system component
  15. that cannot be altered, ensuring a consistent and reliable basis for
  16. security decisions.
  17. To elaborate, in the context of IPE, system components primarily refer to
  18. files or the devices these files reside on. However, this is just a
  19. starting point. The concept of system components is flexible and can be
  20. extended to include new elements as the system evolves. The immutable
  21. properties include the origin of a file, which remains constant and
  22. unchangeable over time. For example, IPE policies can be crafted to trust
  23. files originating from the initramfs. Since initramfs is typically verified
  24. by the bootloader, its files are deemed trustworthy; "file is from
  25. initramfs" becomes an immutable property under IPE's consideration.
  26. The immutable property concept extends to the security features enabled on
  27. a file's origin, such as dm-verity or fs-verity, which provide a layer of
  28. integrity and trust. For example, IPE allows the definition of policies
  29. that trust files from a dm-verity protected device. dm-verity ensures the
  30. integrity of an entire device by providing a verifiable and immutable state
  31. of its contents. Similarly, fs-verity offers filesystem-level integrity
  32. checks, allowing IPE to enforce policies that trust files protected by
  33. fs-verity. These two features cannot be turned off once established, so
  34. they are considered immutable properties. These examples demonstrate how
  35. IPE leverages immutable properties, such as a file's origin and its
  36. integrity protection mechanisms, to make access control decisions.
  37. For the IPE policy, specifically, it grants the ability to enforce
  38. stringent access controls by assessing security properties against
  39. reference values defined within the policy. This assessment can be based on
  40. the existence of a security property (e.g., verifying if a file originates
  41. from initramfs) or evaluating the internal state of an immutable security
  42. property. The latter includes checking the roothash of a dm-verity
  43. protected device, determining whether dm-verity possesses a valid
  44. signature, assessing the digest of a fs-verity protected file, or
  45. determining whether fs-verity possesses a valid built-in signature. This
  46. nuanced approach to policy enforcement enables a highly secure and
  47. customizable system defense mechanism, tailored to specific security
  48. requirements and trust models.
  49. To enable IPE, ensure that ``CONFIG_SECURITY_IPE`` (under
  50. :menuselection:`Security -> Integrity Policy Enforcement (IPE)`) config
  51. option is enabled.
  52. Use Cases
  53. ---------
  54. IPE works best in fixed-function devices: devices in which their purpose
  55. is clearly defined and not supposed to be changed (e.g. network firewall
  56. device in a data center, an IoT device, etcetera), where all software and
  57. configuration is built and provisioned by the system owner.
  58. IPE is a long-way off for use in general-purpose computing: the Linux
  59. community as a whole tends to follow a decentralized trust model (known as
  60. the web of trust), which IPE has no support for it yet. Instead, IPE
  61. supports PKI (public key infrastructure), which generally designates a
  62. set of trusted entities that provide a measure of absolute trust.
  63. Additionally, while most packages are signed today, the files inside
  64. the packages (for instance, the executables), tend to be unsigned. This
  65. makes it difficult to utilize IPE in systems where a package manager is
  66. expected to be functional, without major changes to the package manager
  67. and ecosystem behind it.
  68. The digest_cache LSM [#digest_cache_lsm]_ is a system that when combined with IPE,
  69. could be used to enable and support general-purpose computing use cases.
  70. Known Limitations
  71. -----------------
  72. IPE cannot verify the integrity of anonymous executable memory, such as
  73. the trampolines created by gcc closures and libffi (<3.4.2), or JIT'd code.
  74. Unfortunately, as this is dynamically generated code, there is no way
  75. for IPE to ensure the integrity of this code to form a trust basis.
  76. IPE cannot verify the integrity of programs written in interpreted
  77. languages when these scripts are invoked by passing these program files
  78. to the interpreter. This is because the way interpreters execute these
  79. files; the scripts themselves are not evaluated as executable code
  80. through one of IPE's hooks, but they are merely text files that are read
  81. (as opposed to compiled executables). However, with the introduction of the
  82. ``AT_EXECVE_CHECK`` flag (:doc:`AT_EXECVE_CHECK </userspace-api/check_exec>`),
  83. interpreters can use it to signal the kernel that a script file will be executed,
  84. and request the kernel to perform LSM security checks on it.
  85. IPE's EXECUTE operation enforcement differs between compiled executables and
  86. interpreted scripts: For compiled executables, enforcement is triggered
  87. automatically by the kernel during ``execve()``, ``execveat()``, ``mmap()``
  88. and ``mprotect()`` syscalls when loading executable content. For interpreted
  89. scripts, enforcement requires explicit interpreter integration using
  90. ``execveat()`` with ``AT_EXECVE_CHECK`` flag. Unlike exec syscalls that IPE
  91. intercepts during the execution process, this mechanism needs the interpreter
  92. to take the initiative, and existing interpreters won't be automatically
  93. supported unless the signal call is added.
  94. Threat Model
  95. ------------
  96. IPE specifically targets the risk of tampering with user-space executable
  97. code after the kernel has initially booted, including the kernel modules
  98. loaded from userspace via ``modprobe`` or ``insmod``.
  99. To illustrate, consider a scenario where an untrusted binary, possibly
  100. malicious, is downloaded along with all necessary dependencies, including a
  101. loader and libc. The primary function of IPE in this context is to prevent
  102. the execution of such binaries and their dependencies.
  103. IPE achieves this by verifying the integrity and authenticity of all
  104. executable code before allowing them to run. It conducts a thorough
  105. check to ensure that the code's integrity is intact and that they match an
  106. authorized reference value (digest, signature, etc) as per the defined
  107. policy. If a binary does not pass this verification process, either
  108. because its integrity has been compromised or it does not meet the
  109. authorization criteria, IPE will deny its execution. Additionally, IPE
  110. generates audit logs which may be utilized to detect and analyze failures
  111. resulting from policy violation.
  112. Tampering threat scenarios include modification or replacement of
  113. executable code by a range of actors including:
  114. - Actors with physical access to the hardware
  115. - Actors with local network access to the system
  116. - Actors with access to the deployment system
  117. - Compromised internal systems under external control
  118. - Malicious end users of the system
  119. - Compromised end users of the system
  120. - Remote (external) compromise of the system
  121. IPE does not mitigate threats arising from malicious but authorized
  122. developers (with access to a signing certificate), or compromised
  123. developer tools used by them (i.e. return-oriented programming attacks).
  124. Additionally, IPE draws hard security boundary between userspace and
  125. kernelspace. As a result, kernel-level exploits are considered outside
  126. the scope of IPE and mitigation is left to other mechanisms.
  127. Policy
  128. ------
  129. IPE policy is a plain-text [#devdoc]_ policy composed of multiple statements
  130. over several lines. There is one required line, at the top of the
  131. policy, indicating the policy name, and the policy version, for
  132. instance::
  133. policy_name=Ex_Policy policy_version=0.0.0
  134. The policy name is a unique key identifying this policy in a human
  135. readable name. This is used to create nodes under securityfs as well as
  136. uniquely identify policies to deploy new policies vs update existing
  137. policies.
  138. The policy version indicates the current version of the policy (NOT the
  139. policy syntax version). This is used to prevent rollback of policy to
  140. potentially insecure previous versions of the policy.
  141. The next portion of IPE policy are rules. Rules are formed by key=value
  142. pairs, known as properties. IPE rules require two properties: ``action``,
  143. which determines what IPE does when it encounters a match against the
  144. rule, and ``op``, which determines when the rule should be evaluated.
  145. The ordering is significant, a rule must start with ``op``, and end with
  146. ``action``. Thus, a minimal rule is::
  147. op=EXECUTE action=ALLOW
  148. This example will allow any execution. Additional properties are used to
  149. assess immutable security properties about the files being evaluated.
  150. These properties are intended to be descriptions of systems within the
  151. kernel that can provide a measure of integrity verification, such that IPE
  152. can determine the trust of the resource based on the value of the property.
  153. Rules are evaluated top-to-bottom. As a result, any revocation rules,
  154. or denies should be placed early in the file to ensure that these rules
  155. are evaluated before a rule with ``action=ALLOW``.
  156. IPE policy supports comments. The character '#' will function as a
  157. comment, ignoring all characters to the right of '#' until the newline.
  158. The default behavior of IPE evaluations can also be expressed in policy,
  159. through the ``DEFAULT`` statement. This can be done at a global level,
  160. or a per-operation level::
  161. # Global
  162. DEFAULT action=ALLOW
  163. # Operation Specific
  164. DEFAULT op=EXECUTE action=ALLOW
  165. A default must be set for all known operations in IPE. If you want to
  166. preserve older policies being compatible with newer kernels that can introduce
  167. new operations, set a global default of ``ALLOW``, then override the
  168. defaults on a per-operation basis (as above).
  169. With configurable policy-based LSMs, there's several issues with
  170. enforcing the configurable policies at startup, around reading and
  171. parsing the policy:
  172. 1. The kernel *should* not read files from userspace, so directly reading
  173. the policy file is prohibited.
  174. 2. The kernel command line has a character limit, and one kernel module
  175. should not reserve the entire character limit for its own
  176. configuration.
  177. 3. There are various boot loaders in the kernel ecosystem, so handing
  178. off a memory block would be costly to maintain.
  179. As a result, IPE has addressed this problem through a concept of a "boot
  180. policy". A boot policy is a minimal policy which is compiled into the
  181. kernel. This policy is intended to get the system to a state where
  182. userspace is set up and ready to receive commands, at which point a more
  183. complex policy can be deployed via securityfs. The boot policy can be
  184. specified via ``SECURITY_IPE_BOOT_POLICY`` config option, which accepts
  185. a path to a plain-text version of the IPE policy to apply. This policy
  186. will be compiled into the kernel. If not specified, IPE will be disabled
  187. until a policy is deployed and activated through securityfs.
  188. Deploying Policies
  189. ~~~~~~~~~~~~~~~~~~
  190. Policies can be deployed from userspace through securityfs. These policies
  191. are signed through the PKCS#7 message format to enforce some level of
  192. authorization of the policies (prohibiting an attacker from gaining
  193. unconstrained root, and deploying an "allow all" policy). These
  194. policies must be signed by a certificate that chains to the
  195. ``SYSTEM_TRUSTED_KEYRING``, or to the secondary and/or platform keyrings if
  196. ``CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING`` and/or
  197. ``CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING`` are enabled, respectively.
  198. With openssl, the policy can be signed by::
  199. openssl smime -sign \
  200. -in "$MY_POLICY" \
  201. -signer "$MY_CERTIFICATE" \
  202. -inkey "$MY_PRIVATE_KEY" \
  203. -noattr \
  204. -nodetach \
  205. -nosmimecap \
  206. -outform der \
  207. -out "$MY_POLICY.p7b"
  208. Deploying the policies is done through securityfs, through the
  209. ``new_policy`` node. To deploy a policy, simply cat the file into the
  210. securityfs node::
  211. cat "$MY_POLICY.p7b" > /sys/kernel/security/ipe/new_policy
  212. Upon success, this will create one subdirectory under
  213. ``/sys/kernel/security/ipe/policies/``. The subdirectory will be the
  214. ``policy_name`` field of the policy deployed, so for the example above,
  215. the directory will be ``/sys/kernel/security/ipe/policies/Ex_Policy``.
  216. Within this directory, there will be seven files: ``pkcs7``, ``policy``,
  217. ``name``, ``version``, ``active``, ``update``, and ``delete``.
  218. The ``pkcs7`` file is read-only. Reading it returns the raw PKCS#7 data
  219. that was provided to the kernel, representing the policy. If the policy being
  220. read is the boot policy, this will return ``ENOENT``, as it is not signed.
  221. The ``policy`` file is read only. Reading it returns the PKCS#7 inner
  222. content of the policy, which will be the plain text policy.
  223. The ``active`` file is used to set a policy as the currently active policy.
  224. This file is rw, and accepts a value of ``"1"`` to set the policy as active.
  225. Since only a single policy can be active at one time, all other policies
  226. will be marked inactive. The policy being marked active must have a policy
  227. version greater or equal to the currently-running version.
  228. The ``update`` file is used to update a policy that is already present
  229. in the kernel. This file is write-only and accepts a PKCS#7 signed
  230. policy. Two checks will always be performed on this policy: First, the
  231. ``policy_names`` must match with the updated version and the existing
  232. version. Second the updated policy must have a policy version greater than
  233. the currently-running version. This is to prevent rollback attacks.
  234. The ``delete`` file is used to remove a policy that is no longer needed.
  235. This file is write-only and accepts a value of ``1`` to delete the policy.
  236. On deletion, the securityfs node representing the policy will be removed.
  237. However, delete the current active policy is not allowed and will return
  238. an operation not permitted error.
  239. Similarly, writing to both ``update`` and ``new_policy`` could result in
  240. bad message(policy syntax error) or file exists error. The latter error happens
  241. when trying to deploy a policy with a ``policy_name`` while the kernel already
  242. has a deployed policy with the same ``policy_name``.
  243. Deploying a policy will *not* cause IPE to start enforcing the policy. IPE will
  244. only enforce the policy marked active. Note that only one policy can be active
  245. at a time.
  246. Once deployment is successful, the policy can be activated, by writing file
  247. ``/sys/kernel/security/ipe/policies/$policy_name/active``.
  248. For example, the ``Ex_Policy`` can be activated by::
  249. echo 1 > "/sys/kernel/security/ipe/policies/Ex_Policy/active"
  250. From above point on, ``Ex_Policy`` is now the enforced policy on the
  251. system.
  252. IPE also provides a way to delete policies. This can be done via the
  253. ``delete`` securityfs node,
  254. ``/sys/kernel/security/ipe/policies/$policy_name/delete``.
  255. Writing ``1`` to that file deletes the policy::
  256. echo 1 > "/sys/kernel/security/ipe/policies/$policy_name/delete"
  257. There is only one requirement to delete a policy: the policy being deleted
  258. must be inactive.
  259. .. NOTE::
  260. If a traditional MAC system is enabled (SELinux, apparmor, smack), all
  261. writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
  262. Modes
  263. ~~~~~
  264. IPE supports two modes of operation: permissive (similar to SELinux's
  265. permissive mode) and enforced. In permissive mode, all events are
  266. checked and policy violations are logged, but the policy is not really
  267. enforced. This allows users to test policies before enforcing them.
  268. The default mode is enforce, and can be changed via the kernel command
  269. line parameter ``ipe.enforce=(0|1)``, or the securityfs node
  270. ``/sys/kernel/security/ipe/enforce``.
  271. .. NOTE::
  272. If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera),
  273. all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
  274. Audit Events
  275. ~~~~~~~~~~~~
  276. 1420 AUDIT_IPE_ACCESS
  277. ^^^^^^^^^^^^^^^^^^^^^
  278. Event Examples::
  279. type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-linux.so" path="/deny/lib/libc.so.6" dev="sda2" ino=14549020 rule="DEFAULT action=DENY"
  280. type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a28000 a1=195000 a2=5 a3=812 items=0 ppid=2219 pid=2241 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null)
  281. type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00
  282. type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_test" path=? dev=? ino=? rule="DEFAULT action=DENY"
  283. type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000 a2=4 a3=21 items=0 ppid=2219 pid=2472 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="mmap_test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null)
  284. type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00
  285. This event indicates that IPE made an access control decision; the IPE
  286. specific record (1420) is always emitted in conjunction with a
  287. ``AUDITSYSCALL`` record.
  288. Determining whether IPE is in permissive or enforced mode can be derived
  289. from ``success`` property and exit code of the ``AUDITSYSCALL`` record.
  290. Field descriptions:
  291. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  292. | Field | Value Type | Optional? | Description of Value |
  293. +===========+============+===========+=================================================================================+
  294. | ipe_op | string | No | The IPE operation name associated with the log |
  295. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  296. | ipe_hook | string | No | The name of the LSM hook that triggered the IPE event |
  297. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  298. | enforcing | integer | No | The current IPE enforcing state 1 is in enforcing mode, 0 is in permissive mode |
  299. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  300. | pid | integer | No | The pid of the process that triggered the IPE event. |
  301. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  302. | comm | string | No | The command line program name of the process that triggered the IPE event |
  303. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  304. | path | string | Yes | The absolute path to the evaluated file |
  305. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  306. | ino | integer | Yes | The inode number of the evaluated file |
  307. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  308. | dev | string | Yes | The device name of the evaluated file, e.g. vda |
  309. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  310. | rule | string | No | The matched policy rule |
  311. +-----------+------------+-----------+---------------------------------------------------------------------------------+
  312. 1421 AUDIT_IPE_CONFIG_CHANGE
  313. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  314. Event Example::
  315. type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 old_policy_digest=sha256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 new_active_pol_name="boot_verified" new_active_pol_version=0.0.0 new_policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1
  316. type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=5596fcae1fb0 a2=2 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null)
  317. type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2
  318. This event indicates that IPE switched the active poliy from one to another
  319. along with the version and the hash digest of the two policies.
  320. Note IPE can only have one policy active at a time, all access decision
  321. evaluation is based on the current active policy.
  322. The normal procedure to deploy a new policy is loading the policy to deploy
  323. into the kernel first, then switch the active policy to it.
  324. This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
  325. Field descriptions:
  326. +------------------------+------------+-----------+---------------------------------------------------+
  327. | Field | Value Type | Optional? | Description of Value |
  328. +========================+============+===========+===================================================+
  329. | old_active_pol_name | string | Yes | The name of previous active policy |
  330. +------------------------+------------+-----------+---------------------------------------------------+
  331. | old_active_pol_version | string | Yes | The version of previous active policy |
  332. +------------------------+------------+-----------+---------------------------------------------------+
  333. | old_policy_digest | string | Yes | The hash of previous active policy |
  334. +------------------------+------------+-----------+---------------------------------------------------+
  335. | new_active_pol_name | string | No | The name of current active policy |
  336. +------------------------+------------+-----------+---------------------------------------------------+
  337. | new_active_pol_version | string | No | The version of current active policy |
  338. +------------------------+------------+-----------+---------------------------------------------------+
  339. | new_policy_digest | string | No | The hash of current active policy |
  340. +------------------------+------------+-----------+---------------------------------------------------+
  341. | auid | integer | No | The login user ID |
  342. +------------------------+------------+-----------+---------------------------------------------------+
  343. | ses | integer | No | The login session ID |
  344. +------------------------+------------+-----------+---------------------------------------------------+
  345. | lsm | string | No | The lsm name associated with the event |
  346. +------------------------+------------+-----------+---------------------------------------------------+
  347. | res | integer | No | The result of the audited operation(success/fail) |
  348. +------------------------+------------+-----------+---------------------------------------------------+
  349. 1422 AUDIT_IPE_POLICY_LOAD
  350. ^^^^^^^^^^^^^^^^^^^^^^^^^^
  351. Event Example::
  352. type=1422 audit(1653425529.927:53): policy_name="boot_verified" policy_version=0.0.0 policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1 errno=0
  353. type=1300 audit(1653425529.927:53): arch=c000003e syscall=1 success=yes exit=2567 a0=3 a1=5596fcae1fb0 a2=a07 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null)
  354. type=1327 audit(1653425529.927:53): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2E
  355. This record indicates a new policy has been loaded into the kernel with the policy name, policy version and policy hash.
  356. This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
  357. Field descriptions:
  358. +----------------+------------+-----------+-------------------------------------------------------------+
  359. | Field | Value Type | Optional? | Description of Value |
  360. +================+============+===========+=============================================================+
  361. | policy_name | string | Yes | The policy_name |
  362. +----------------+------------+-----------+-------------------------------------------------------------+
  363. | policy_version | string | Yes | The policy_version |
  364. +----------------+------------+-----------+-------------------------------------------------------------+
  365. | policy_digest | string | Yes | The policy hash |
  366. +----------------+------------+-----------+-------------------------------------------------------------+
  367. | auid | integer | No | The login user ID |
  368. +----------------+------------+-----------+-------------------------------------------------------------+
  369. | ses | integer | No | The login session ID |
  370. +----------------+------------+-----------+-------------------------------------------------------------+
  371. | lsm | string | No | The lsm name associated with the event |
  372. +----------------+------------+-----------+-------------------------------------------------------------+
  373. | res | integer | No | The result of the audited operation(success/fail) |
  374. +----------------+------------+-----------+-------------------------------------------------------------+
  375. | errno | integer | No | Error code from policy loading operations (see table below) |
  376. +----------------+------------+-----------+-------------------------------------------------------------+
  377. Policy error codes (errno):
  378. The following table lists the error codes that may appear in the errno field while loading or updating the policy:
  379. +----------------+--------------------------------------------------------+
  380. | Error Code | Description |
  381. +================+========================================================+
  382. | 0 | Success |
  383. +----------------+--------------------------------------------------------+
  384. | -EPERM | Insufficient permission |
  385. +----------------+--------------------------------------------------------+
  386. | -EEXIST | Same name policy already deployed |
  387. +----------------+--------------------------------------------------------+
  388. | -EBADMSG | Policy is invalid |
  389. +----------------+--------------------------------------------------------+
  390. | -ENOMEM | Out of memory (OOM) |
  391. +----------------+--------------------------------------------------------+
  392. | -ERANGE | Policy version number overflow |
  393. +----------------+--------------------------------------------------------+
  394. | -EINVAL | Policy version parsing error |
  395. +----------------+--------------------------------------------------------+
  396. | -ENOKEY | Key used to sign the IPE policy not found in keyring |
  397. +----------------+--------------------------------------------------------+
  398. | -EKEYREJECTED | Policy signature verification failed |
  399. +----------------+--------------------------------------------------------+
  400. | -ESTALE | Attempting to update an IPE policy with older version |
  401. +----------------+--------------------------------------------------------+
  402. | -ENOENT | Policy was deleted while updating |
  403. +----------------+--------------------------------------------------------+
  404. 1404 AUDIT_MAC_STATUS
  405. ^^^^^^^^^^^^^^^^^^^^^
  406. Event Examples::
  407. type=1404 audit(1653425689.008:55): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
  408. type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=)
  409. type=1327 audit(1653425689.008:55): proctitle="-bash"
  410. type=1404 audit(1653425689.008:55): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
  411. type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=)
  412. type=1327 audit(1653425689.008:55): proctitle="-bash"
  413. This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
  414. Field descriptions:
  415. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  416. | Field | Value Type | Optional? | Description of Value |
  417. +===============+============+===========+=================================================================================================+
  418. | enforcing | integer | No | The enforcing state IPE is being switched to, 1 is in enforcing mode, 0 is in permissive mode |
  419. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  420. | old_enforcing | integer | No | The enforcing state IPE is being switched from, 1 is in enforcing mode, 0 is in permissive mode |
  421. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  422. | auid | integer | No | The login user ID |
  423. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  424. | ses | integer | No | The login session ID |
  425. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  426. | enabled | integer | No | The new TTY audit enabled setting |
  427. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  428. | old-enabled | integer | No | The old TTY audit enabled setting |
  429. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  430. | lsm | string | No | The lsm name associated with the event |
  431. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  432. | res | integer | No | The result of the audited operation(success/fail) |
  433. +---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
  434. Success Auditing
  435. ^^^^^^^^^^^^^^^^
  436. IPE supports success auditing. When enabled, all events that pass IPE
  437. policy and are not blocked will emit an audit event. This is disabled by
  438. default, and can be enabled via the kernel command line
  439. ``ipe.success_audit=(0|1)`` or
  440. ``/sys/kernel/security/ipe/success_audit`` securityfs file.
  441. This is *very* noisy, as IPE will check every userspace binary on the
  442. system, but is useful for debugging policies.
  443. .. NOTE::
  444. If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera),
  445. all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
  446. Properties
  447. ----------
  448. As explained above, IPE properties are ``key=value`` pairs expressed in IPE
  449. policy. Two properties are built-into the policy parser: 'op' and 'action'.
  450. The other properties are used to restrict immutable security properties
  451. about the files being evaluated. Currently those properties are:
  452. '``boot_verified``', '``dmverity_signature``', '``dmverity_roothash``',
  453. '``fsverity_signature``', '``fsverity_digest``'. A description of all
  454. properties supported by IPE are listed below:
  455. op
  456. ~~
  457. Indicates the operation for a rule to apply to. Must be in every rule,
  458. as the first token. IPE supports the following operations:
  459. ``EXECUTE``
  460. Pertains to any file attempting to be executed, or loaded as an
  461. executable.
  462. ``FIRMWARE``:
  463. Pertains to firmware being loaded via the firmware_class interface.
  464. This covers both the preallocated buffer and the firmware file
  465. itself.
  466. ``KMODULE``:
  467. Pertains to loading kernel modules via ``modprobe`` or ``insmod``.
  468. ``KEXEC_IMAGE``:
  469. Pertains to kernel images loading via ``kexec``.
  470. ``KEXEC_INITRAMFS``
  471. Pertains to initrd images loading via ``kexec --initrd``.
  472. ``POLICY``:
  473. Controls loading policies via reading a kernel-space initiated read.
  474. An example of such is loading IMA policies by writing the path
  475. to the policy file to ``$securityfs/ima/policy``
  476. ``X509_CERT``:
  477. Controls loading IMA certificates through the Kconfigs,
  478. ``CONFIG_IMA_X509_PATH`` and ``CONFIG_EVM_X509_PATH``.
  479. action
  480. ~~~~~~
  481. Determines what IPE should do when a rule matches. Must be in every
  482. rule, as the final clause. Can be one of:
  483. ``ALLOW``:
  484. If the rule matches, explicitly allow access to the resource to proceed
  485. without executing any more rules.
  486. ``DENY``:
  487. If the rule matches, explicitly prohibit access to the resource to
  488. proceed without executing any more rules.
  489. boot_verified
  490. ~~~~~~~~~~~~~
  491. This property can be utilized for authorization of files from initramfs.
  492. The format of this property is::
  493. boot_verified=(TRUE|FALSE)
  494. .. WARNING::
  495. This property will trust files from initramfs(rootfs). It should
  496. only be used during early booting stage. Before mounting the real
  497. rootfs on top of the initramfs, initramfs script will recursively
  498. remove all files and directories on the initramfs. This is typically
  499. implemented by using switch_root(8) [#switch_root]_. Therefore the
  500. initramfs will be empty and not accessible after the real
  501. rootfs takes over. It is advised to switch to a different policy
  502. that doesn't rely on the property after this point.
  503. This ensures that the trust policies remain relevant and effective
  504. throughout the system's operation.
  505. dmverity_roothash
  506. ~~~~~~~~~~~~~~~~~
  507. This property can be utilized for authorization or revocation of
  508. specific dm-verity volumes, identified via their root hashes. It has a
  509. dependency on the DM_VERITY module. This property is controlled by
  510. the ``IPE_PROP_DM_VERITY`` config option, it will be automatically
  511. selected when ``SECURITY_IPE`` and ``DM_VERITY`` are all enabled.
  512. The format of this property is::
  513. dmverity_roothash=DigestName:HexadecimalString
  514. The supported DigestNames for dmverity_roothash are [#dmveritydigests]_
  515. + blake2b-512
  516. + blake2s-256
  517. + sha256
  518. + sha384
  519. + sha512
  520. + sha3-224
  521. + sha3-256
  522. + sha3-384
  523. + sha3-512
  524. + sm3
  525. + rmd160
  526. dmverity_signature
  527. ~~~~~~~~~~~~~~~~~~
  528. This property can be utilized for authorization of all dm-verity
  529. volumes that have a signed roothash that validated by a keyring
  530. specified by dm-verity's configuration, either the system trusted
  531. keyring, or the secondary keyring. It depends on
  532. ``DM_VERITY_VERIFY_ROOTHASH_SIG`` config option and is controlled by
  533. the ``IPE_PROP_DM_VERITY_SIGNATURE`` config option, it will be automatically
  534. selected when ``SECURITY_IPE``, ``DM_VERITY`` and
  535. ``DM_VERITY_VERIFY_ROOTHASH_SIG`` are all enabled.
  536. The format of this property is::
  537. dmverity_signature=(TRUE|FALSE)
  538. fsverity_digest
  539. ~~~~~~~~~~~~~~~
  540. This property can be utilized for authorization of specific fsverity
  541. enabled files, identified via their fsverity digests.
  542. It depends on ``FS_VERITY`` config option and is controlled by
  543. the ``IPE_PROP_FS_VERITY`` config option, it will be automatically
  544. selected when ``SECURITY_IPE`` and ``FS_VERITY`` are all enabled.
  545. The format of this property is::
  546. fsverity_digest=DigestName:HexadecimalString
  547. The supported DigestNames for fsverity_digest are [#fsveritydigest]_
  548. + sha256
  549. + sha512
  550. fsverity_signature
  551. ~~~~~~~~~~~~~~~~~~
  552. This property is used to authorize all fs-verity enabled files that have
  553. been verified by fs-verity's built-in signature mechanism. The signature
  554. verification relies on a key stored within the ".fs-verity" keyring. It
  555. depends on ``FS_VERITY_BUILTIN_SIGNATURES`` config option and
  556. it is controlled by the ``IPE_PROP_FS_VERITY`` config option,
  557. it will be automatically selected when ``SECURITY_IPE``, ``FS_VERITY``
  558. and ``FS_VERITY_BUILTIN_SIGNATURES`` are all enabled.
  559. The format of this property is::
  560. fsverity_signature=(TRUE|FALSE)
  561. Policy Examples
  562. ---------------
  563. Allow all
  564. ~~~~~~~~~
  565. ::
  566. policy_name=Allow_All policy_version=0.0.0
  567. DEFAULT action=ALLOW
  568. Allow only initramfs
  569. ~~~~~~~~~~~~~~~~~~~~
  570. ::
  571. policy_name=Allow_Initramfs policy_version=0.0.0
  572. DEFAULT action=DENY
  573. op=EXECUTE boot_verified=TRUE action=ALLOW
  574. Allow any signed and validated dm-verity volume and the initramfs
  575. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  576. ::
  577. policy_name=Allow_Signed_DMV_And_Initramfs policy_version=0.0.0
  578. DEFAULT action=DENY
  579. op=EXECUTE boot_verified=TRUE action=ALLOW
  580. op=EXECUTE dmverity_signature=TRUE action=ALLOW
  581. Prohibit execution from a specific dm-verity volume
  582. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  583. ::
  584. policy_name=Deny_DMV_By_Roothash policy_version=0.0.0
  585. DEFAULT action=DENY
  586. op=EXECUTE dmverity_roothash=sha256:cd2c5bae7c6c579edaae4353049d58eb5f2e8be0244bf05345bc8e5ed257baff action=DENY
  587. op=EXECUTE boot_verified=TRUE action=ALLOW
  588. op=EXECUTE dmverity_signature=TRUE action=ALLOW
  589. Allow only a specific dm-verity volume
  590. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  591. ::
  592. policy_name=Allow_DMV_By_Roothash policy_version=0.0.0
  593. DEFAULT action=DENY
  594. op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
  595. Allow any fs-verity file with a valid built-in signature
  596. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  597. ::
  598. policy_name=Allow_Signed_And_Validated_FSVerity policy_version=0.0.0
  599. DEFAULT action=DENY
  600. op=EXECUTE fsverity_signature=TRUE action=ALLOW
  601. Allow execution of a specific fs-verity file
  602. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  603. ::
  604. policy_name=ALLOW_FSV_By_Digest policy_version=0.0.0
  605. DEFAULT action=DENY
  606. op=EXECUTE fsverity_digest=sha256:fd88f2b8824e197f850bf4c5109bea5cf0ee38104f710843bb72da796ba5af9e action=ALLOW
  607. Additional Information
  608. ----------------------
  609. - `Github Repository <https://github.com/microsoft/ipe>`_
  610. - :doc:`Developer and design docs for IPE </security/ipe>`
  611. FAQ
  612. ---
  613. Q:
  614. What's the difference between other LSMs which provide a measure of
  615. trust-based access control?
  616. A:
  617. In general, there's two other LSMs that can provide similar functionality:
  618. IMA, and Loadpin.
  619. IMA and IPE are functionally very similar. The significant difference between
  620. the two is the policy. [#devdoc]_
  621. Loadpin and IPE differ fairly dramatically, as Loadpin only covers the IPE's
  622. kernel read operations, whereas IPE is capable of controlling execution
  623. on top of kernel read. The trust model is also different; Loadpin roots its
  624. trust in the initial super-block, whereas trust in IPE is stemmed from kernel
  625. itself (via ``SYSTEM_TRUSTED_KEYS``).
  626. -----------
  627. .. [#digest_cache_lsm] https://lore.kernel.org/lkml/20240415142436.2545003-1-roberto.sassu@huaweicloud.com/
  628. .. [#devdoc] Please see :doc:`the design docs </security/ipe>` for more on
  629. this topic.
  630. .. [#switch_root] https://man7.org/linux/man-pages/man8/switch_root.8.html
  631. .. [#dmveritydigests] These hash algorithms are based on values accepted by
  632. the Linux crypto API; IPE does not impose any
  633. restrictions on the digest algorithm itself;
  634. thus, this list may be out of date.
  635. .. [#fsveritydigest] These hash algorithms are based on values accepted by the
  636. kernel's fsverity support; IPE does not impose any
  637. restrictions on the digest algorithm itself;
  638. thus, this list may be out of date.