< Changes
(Change rejected by FESCo. Resumbit for F35 with amendments based on feedback) |
Pbrobinson (talk | contribs) No edit summary |
||
| Line 3: | Line 3: | ||
== Summary == | == Summary == | ||
We want to add signatures to individual files that are part of shipped RPMs. | We want to add signatures to individual files that are part of shipped RPMs. | ||
These signatures will use the Linux IMA (Integrity Measurement Architecture) scheme, which means they can be used to enforce runtime policies to ensure execution of only trusted files. | These signatures will use the Linux IMA (Integrity Measurement Architecture) scheme, which means they can be used to enforce runtime policies to ensure execution of only trusted files. | ||
== Owner == | == Owner == | ||
* Name: [[User:Pbrobinson| Peter Robinson]] | |||
* Email: pbrobinson@gmail.com | |||
* Name: [[User:Puiterwijk| Patrick Uiterwijk]] | * Name: [[User:Puiterwijk| Patrick Uiterwijk]] | ||
* Email: puiterwijk@redhat.com | * Email: puiterwijk@redhat.com | ||
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | ||
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address> | * FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address> | ||
| Line 24: | Line 25: | ||
[[Category:SystemWideChange]] | [[Category:SystemWideChange]] | ||
* Targeted release: [[Releases/ | * Targeted release: [[Releases/37 | Fedora 37 ]] | ||
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | * Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | ||
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page | <!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page | ||
| Line 33: | Line 34: | ||
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | ||
--> | --> | ||
* FESCo issue: [https://pagure.io/fesco/issue/ | * FESCo issue: [https://pagure.io/fesco/issue/XXXX #XXXX] | ||
* Tracker bug: <will be assigned by the Wrangler> | * Tracker bug: <will be assigned by the Wrangler> | ||
* Release notes tracker: <will be assigned by the Wrangler> | * Release notes tracker: <will be assigned by the Wrangler> | ||
| Line 40: | Line 41: | ||
During signing builds, the files in it will be signed with IMA signatures. | During signing builds, the files in it will be signed with IMA signatures. | ||
These signatures will be made with a key | These signatures will be made with a key that's kept by the Fedora Infrastructure team, and installed on the sign vaults. | ||
These signature can then be used with the Linux Integrity Measurement Architecture (IMA) kernel subsystem to verify files on execution based on a policy. | These signature can then be used with the Linux Integrity Measurement Architecture (IMA) kernel subsystem to verify files on execution based on a policy. | ||
| Line 46: | Line 47: | ||
The IMA subsystem is described on [https://sourceforge.net/p/linux-ima/wiki/Home/ the project page]. | The IMA subsystem is described on [https://sourceforge.net/p/linux-ima/wiki/Home/ the project page]. | ||
IMA allows users to extend the trust of their system to the OS and processes. | IMA allows users to extend the trust of their system to the OS and processes. It allows the users, if they so wish, to set polices to ensure their machine and their resources are used the way they intended it to be not about restricting the use for the average Fedora user. | ||
The intention here is not to ship a default policies for users but rather have sample policies that users and modify and use themselves. The Fedora IoT Edition intends to have sample policies and documentation for a number of IoT and Edge use cases. | |||
This means that they can configure a policy based on which the kernel will determine whether to verify (or measure) files before opening them. | This means that they can configure a policy based on which the kernel will determine whether to verify (or measure) files before opening them. | ||
You could for example make a policy that appraises (verifies) all files that are executed by root: `appraise uid=1000 appraise_type=imasig`. | You could for example make a policy that appraises (verifies) all files that are executed by root: `appraise uid=1000 appraise_type=imasig`. | ||
| Line 75: | Line 79: | ||
This comes down to a 1.1% increase on size of the binary RPMs. | This comes down to a 1.1% increase on size of the binary RPMs. | ||
==== Installed size ==== | ==== Installed size ==== | ||
| Line 86: | Line 89: | ||
When I install the rpm-plugin-ima, and run "dnf reinstall *", the `/usr` directory increases by 0.002% to 1417104. | When I install the rpm-plugin-ima, and run "dnf reinstall *", the `/usr` directory increases by 0.002% to 1417104. | ||
=== Tie-in to Secure Boot === | === Tie-in to Secure Boot === | ||
| Line 93: | Line 94: | ||
While using the IMA subsystem in combination with Secure Boot enables users to extend trust on the system out into the binaries executed, there is no requirement at all to use secure boot. | While using the IMA subsystem in combination with Secure Boot enables users to extend trust on the system out into the binaries executed, there is no requirement at all to use secure boot. | ||
This means that if you have Secure Boot enabled, that enables you to extend the trust, but if you don't want to use secure boot, that has no impact on the IMA subsystem. | This means that if you have Secure Boot enabled, that enables you to extend the trust, but if you don't want to use secure boot, that has no impact on the IMA subsystem. | ||
=== Why in the RPM header, instead of a side-package like -debuginfo? === | === Why in the RPM header, instead of a side-package like -debuginfo? === | ||
| Line 102: | Line 102: | ||
That, together with the minimal size increases of the actual RPMs, made us decide to go with the signature header approach and not implement the side-package method. | That, together with the minimal size increases of the actual RPMs, made us decide to go with the signature header approach and not implement the side-package method. | ||
=== Comparison with MAC's === | === Comparison with MAC's === | ||
| Line 111: | Line 110: | ||
The integration is in the form that you can write a policy line that matches on certain selinux contexts, like for example `dont_appraise obj_type=var_log_t`, to ensure that files of `var_log_t` do not need to be verified, and `appraise obj_type=shell_exec_t` to ensure that any shell that is executed (e.g. bash) is signed with a trusted key. | The integration is in the form that you can write a policy line that matches on certain selinux contexts, like for example `dont_appraise obj_type=var_log_t`, to ensure that files of `var_log_t` do not need to be verified, and `appraise obj_type=shell_exec_t` to ensure that any shell that is executed (e.g. bash) is signed with a trusted key. | ||
=== Why not ... === | === Why not ... === | ||
| Line 119: | Line 117: | ||
As one of the fsverity maintainers has said on [https://lwn.net/Articles/842326/|LWN]: IMA and FS-Verity are not mutually exclusive, but at this moment IMA has a possibility to enforce a system-wide policy instead of needing the userspace binaries to check the signature status themselves. | As one of the fsverity maintainers has said on [https://lwn.net/Articles/842326/|LWN]: IMA and FS-Verity are not mutually exclusive, but at this moment IMA has a possibility to enforce a system-wide policy instead of needing the userspace binaries to check the signature status themselves. | ||
There's currently competing proposals for upstream kernel like [https://www.spinics.net/lists/linux-integrity/msg21056.html this one] and [https://www.spinics.net/lists/linux-integrity/msg20947.html this one]. | |||
==== DIGLIM ==== | |||
The Digest Lists Integrity Module (DIGLIM) isn't actually independent of this feature, it still requires digests of the files such as the ones generated here in this proposal, it just consumes them in a different method than IMA on the end system. Rather than embedding them in xattr on the filesystem as IMA does the kernel loads them into memory. | |||
Ultimately DIGLIM is complementary and has the ability to build on top of this functionality once this actually makes it upstream. | |||
==== rpm -V ==== | ==== rpm -V ==== | ||
Revision as of 17:24, 30 March 2022
Signed RPM Contents
Summary
We want to add signatures to individual files that are part of shipped RPMs.
These signatures will use the Linux IMA (Integrity Measurement Architecture) scheme, which means they can be used to enforce runtime policies to ensure execution of only trusted files.
Owner
- Name: Peter Robinson
- Email: pbrobinson@gmail.com
- Name: Patrick Uiterwijk
- Email: puiterwijk@redhat.com
Current status
- Targeted release: Fedora 37
- Last updated: 2022-03-30
- FESCo issue: #XXXX
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
During signing builds, the files in it will be signed with IMA signatures. These signatures will be made with a key that's kept by the Fedora Infrastructure team, and installed on the sign vaults.
These signature can then be used with the Linux Integrity Measurement Architecture (IMA) kernel subsystem to verify files on execution based on a policy.
The IMA subsystem is described on the project page.
IMA allows users to extend the trust of their system to the OS and processes. It allows the users, if they so wish, to set polices to ensure their machine and their resources are used the way they intended it to be not about restricting the use for the average Fedora user.
The intention here is not to ship a default policies for users but rather have sample policies that users and modify and use themselves. The Fedora IoT Edition intends to have sample policies and documentation for a number of IoT and Edge use cases.
This means that they can configure a policy based on which the kernel will determine whether to verify (or measure) files before opening them.
You could for example make a policy that appraises (verifies) all files that are executed by root: appraise uid=1000 appraise_type=imasig.
Note explicitly that we do not intend to install a default policy as part of this change, and users will need to deploy their own policy before anything is measured or appraised. This means that after this is done, users will have the option to enable a policy and have that be enforced, but there will be nothing automatic. We will, however, document various example policies people can adapt to their needs.
By default, the signatures will not be deployed to the file system. That will only be done once rpm-plugin-ima is installed. After that, RPM will put the signatures on the "security.ima" extended attribute on the files.
Feedback
RPM Size
One of the main concerns that have been voiced is the RPM size, both on disk (mirrors) and on an installed system. For this comparison, I have cached all the RPMs installed in a Fedora Rawhide 20210118.n.1 default Server install (server netinstall disk, and then no changed to the group selection). After creating two copies of that data, one with just resigned (to exclude rpm size difference resulting from different key lengths), and one resigned with IMA file signatures inserted, I then installed two blank VMs by using the standard virt-manager settings, changing only the name and the system type to "EFI".
This is using a prime256v1 file signing key. This is the same key format supported by the Fedora signing system.
Binary RPMs on disk
Resigned: 462524 (452M)
Resigned+IMA: 467812 (457M)
This comes down to a 1.1% increase on size of the binary RPMs.
Installed size
On installation of two different VMs, one with the resigned RPMs, and one with the resigned+ima RPMs, the /usr directory size does not change at all (both are exactly 1417064 bytes).
The size of the rpmdb increases from 22952 to 28416 bytes, a 20% increase. This is on an install size of 1.7GB in total, so this 5MB increase is a 0.3% size increase on the final installed system.
Note that both of those VMs did not have rpm-plugins-ima installed, which means the file signatures are not put in place.
When I install the rpm-plugin-ima, and run "dnf reinstall *", the /usr directory increases by 0.002% to 1417104.
Tie-in to Secure Boot
While using the IMA subsystem in combination with Secure Boot enables users to extend trust on the system out into the binaries executed, there is no requirement at all to use secure boot. This means that if you have Secure Boot enabled, that enables you to extend the trust, but if you don't want to use secure boot, that has no impact on the IMA subsystem.
Why in the RPM header, instead of a side-package like -debuginfo?
These signatures would need to get deployed as a filesystem extended attribute in order to be used by the IMA subsystem.
While it is possible to generate the signatures as separate files in a side package, that means that RPM would then need to add code to install extended attributes based on contents of another RPM package.
This would mean that the contents of an e.g. -file-signature subpackage won't be deployed to the file systems as normal files, but instead as xattr's on existing files.
That, together with the minimal size increases of the actual RPMs, made us decide to go with the signature header approach and not implement the side-package method.
Comparison with MAC's
The IMA subsystem is orthogonal to the Mandatory Access Control systems like selinux, though it is integrated with them.
Where with selinux you can limit who can read from or write to to which file, IMA will allow you to set policies that enforce file contents to be as expected (signature validated) before they can be read/executed.
The integration is in the form that you can write a policy line that matches on certain selinux contexts, like for example dont_appraise obj_type=var_log_t, to ensure that files of var_log_t do not need to be verified, and appraise obj_type=shell_exec_t to ensure that any shell that is executed (e.g. bash) is signed with a trusted key.
Why not ...
fsverity
As one of the fsverity maintainers has said on [1]: IMA and FS-Verity are not mutually exclusive, but at this moment IMA has a possibility to enforce a system-wide policy instead of needing the userspace binaries to check the signature status themselves.
There's currently competing proposals for upstream kernel like this one and this one.
DIGLIM
The Digest Lists Integrity Module (DIGLIM) isn't actually independent of this feature, it still requires digests of the files such as the ones generated here in this proposal, it just consumes them in a different method than IMA on the end system. Rather than embedding them in xattr on the filesystem as IMA does the kernel loads them into memory.
Ultimately DIGLIM is complementary and has the ability to build on top of this functionality once this actually makes it upstream.
rpm -V
rpm -V will tell you whether a file matches the digest that's in the RPM Database, but that is useful if you think a file might have been accidentally changed. If an attacker has the opportunity to change a file on the file system, it is very likely they could also update the RPM binary (or the rpmdb) to make it not report the change.
IMA signatures will be able to identify the file to have been changed, and importantly also enable a policy which enforces the signatures, which means that if a change was made to a file that is matched by a policy, the kernel would actively refuse loading it, instead of depending on the administrator to check its validity with a known-good rpm database and binary.
Benefit to Fedora
Having all files signed with a verifiable key means that system owners can use the kernel Integrity and Measurement Architecture (IMA) to enforce only verified files can be executed, or define other policies.
Having all files signed with Fedora keys would enable integration with for example [2], which is a CNCF project that implements remote system attestation, based on which a system may or may not get access to secrets and other consequences.
This feature is wanted by the IoT Edition, for enabling both attestation and local policy verification. Many IoT users have expressed interest in this functionality and are already working to build on it.
Scope
- Proposal owners:
The proposal owners will generate the keys in Infrastructure and get them deployed to the sign vaults, and enable the configuration options for this in robosignatory. Support for file signatures is already in the deployed versions of sigul and robosignatory.
- Other developers:
Nothing needed from other developers
- Release engineering:
A mass rebuild would be nice (as it ensures all packages are signed), but is not required to implement the change itself.
- Policies and guidelines:
No impact
- Trademark approval:
No impact
- Alignment with Objectives:
This aligns with the Internet of Things objective.
Upgrade/compatibility impact
For standard Fedora users there will be a very tiny increase in rpmdb size. If an advanced user was already signing their own files (for the Fedora shipped RPMs) for IMA functionality, they will just overwrite the existing signature.
How To Test
You can verify that a signature has been put in place by looking at the extended attribute by running: getfattr -d -m security.ima /usr/bin/bash (change /usr/bin/bash with the file to check).
The signatures can be tested “in vitro” by running evmctl ima_verify --key publiccert.der -v myfile.txt.
This should result in the system reporting “<filename>: verification is OK”.
The full system could be tested by enrolling the Fedora IMA key to the kernel _ima keyring, and adding a policy that verifies (some) files to be verified against the key. (instructions to follow).
User Experience
If the user deploys an IMA policy to verify all or some files, they should be able to trust the signatures made by the Fedora build system.
Dependencies
No external package dependencies.
Contingency Plan
- Contingency mechanism: If the change is not finished in time, we have probably not yet started signing new files. Signing can easily be disabled by updating the config file should issues arise.
If we did start signing, but haven’t signed everything, that is okay, since then packages will get signed as they’re bumped by developers, and they’ll be all signed in the next major release.
- Contingency deadline: We could ship with this feature in an unfinished state.
- Blocks release? No
- Blocks product? N/A
Documentation
We intend to write documentation on how to use the IMA subsystem for docs.fedoraproject.org, but that is orthogonal to this feature itself. We expect to provide example policies users can use to base their policy on.