1.. SPDX-License-Identifier: GPL-2.0 2 3Integrity Policy Enforcement (IPE) 4================================== 5 6.. NOTE:: 7 8 This is the documentation for admins, system builders, or individuals 9 attempting to use IPE. If you're looking for more developer-focused 10 documentation about IPE please see :doc:`the design docs </security/ipe>`. 11 12Overview 13-------- 14 15Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a 16complementary approach to access control. Unlike traditional access control 17mechanisms that rely on labels and paths for decision-making, IPE focuses 18on the immutable security properties inherent to system components. These 19properties are fundamental attributes or features of a system component 20that cannot be altered, ensuring a consistent and reliable basis for 21security decisions. 22 23To elaborate, in the context of IPE, system components primarily refer to 24files or the devices these files reside on. However, this is just a 25starting point. The concept of system components is flexible and can be 26extended to include new elements as the system evolves. The immutable 27properties include the origin of a file, which remains constant and 28unchangeable over time. For example, IPE policies can be crafted to trust 29files originating from the initramfs. Since initramfs is typically verified 30by the bootloader, its files are deemed trustworthy; "file is from 31initramfs" becomes an immutable property under IPE's consideration. 32 33The immutable property concept extends to the security features enabled on 34a file's origin, such as dm-verity or fs-verity, which provide a layer of 35integrity and trust. For example, IPE allows the definition of policies 36that trust files from a dm-verity protected device. dm-verity ensures the 37integrity of an entire device by providing a verifiable and immutable state 38of its contents. Similarly, fs-verity offers filesystem-level integrity 39checks, allowing IPE to enforce policies that trust files protected by 40fs-verity. These two features cannot be turned off once established, so 41they are considered immutable properties. These examples demonstrate how 42IPE leverages immutable properties, such as a file's origin and its 43integrity protection mechanisms, to make access control decisions. 44 45For the IPE policy, specifically, it grants the ability to enforce 46stringent access controls by assessing security properties against 47reference values defined within the policy. This assessment can be based on 48the existence of a security property (e.g., verifying if a file originates 49from initramfs) or evaluating the internal state of an immutable security 50property. The latter includes checking the roothash of a dm-verity 51protected device, determining whether dm-verity possesses a valid 52signature, assessing the digest of a fs-verity protected file, or 53determining whether fs-verity possesses a valid built-in signature. This 54nuanced approach to policy enforcement enables a highly secure and 55customizable system defense mechanism, tailored to specific security 56requirements and trust models. 57 58To enable IPE, ensure that ``CONFIG_SECURITY_IPE`` (under 59:menuselection:`Security -> Integrity Policy Enforcement (IPE)`) config 60option is enabled. 61 62Use Cases 63--------- 64 65IPE works best in fixed-function devices: devices in which their purpose 66is clearly defined and not supposed to be changed (e.g. network firewall 67device in a data center, an IoT device, etcetera), where all software and 68configuration is built and provisioned by the system owner. 69 70IPE is a long-way off for use in general-purpose computing: the Linux 71community as a whole tends to follow a decentralized trust model (known as 72the web of trust), which IPE has no support for it yet. Instead, IPE 73supports PKI (public key infrastructure), which generally designates a 74set of trusted entities that provide a measure of absolute trust. 75 76Additionally, while most packages are signed today, the files inside 77the packages (for instance, the executables), tend to be unsigned. This 78makes it difficult to utilize IPE in systems where a package manager is 79expected to be functional, without major changes to the package manager 80and ecosystem behind it. 81 82The digest_cache LSM [#digest_cache_lsm]_ is a system that when combined with IPE, 83could be used to enable and support general-purpose computing use cases. 84 85Known Limitations 86----------------- 87 88IPE cannot verify the integrity of anonymous executable memory, such as 89the trampolines created by gcc closures and libffi (<3.4.2), or JIT'd code. 90Unfortunately, as this is dynamically generated code, there is no way 91for IPE to ensure the integrity of this code to form a trust basis. 92 93IPE cannot verify the integrity of programs written in interpreted 94languages when these scripts are invoked by passing these program files 95to the interpreter. This is because the way interpreters execute these 96files; the scripts themselves are not evaluated as executable code 97through one of IPE's hooks, but they are merely text files that are read 98(as opposed to compiled executables) [#interpreters]_. 99 100Threat Model 101------------ 102 103IPE specifically targets the risk of tampering with user-space executable 104code after the kernel has initially booted, including the kernel modules 105loaded from userspace via ``modprobe`` or ``insmod``. 106 107To illustrate, consider a scenario where an untrusted binary, possibly 108malicious, is downloaded along with all necessary dependencies, including a 109loader and libc. The primary function of IPE in this context is to prevent 110the execution of such binaries and their dependencies. 111 112IPE achieves this by verifying the integrity and authenticity of all 113executable code before allowing them to run. It conducts a thorough 114check to ensure that the code's integrity is intact and that they match an 115authorized reference value (digest, signature, etc) as per the defined 116policy. If a binary does not pass this verification process, either 117because its integrity has been compromised or it does not meet the 118authorization criteria, IPE will deny its execution. Additionally, IPE 119generates audit logs which may be utilized to detect and analyze failures 120resulting from policy violation. 121 122Tampering threat scenarios include modification or replacement of 123executable code by a range of actors including: 124 125- Actors with physical access to the hardware 126- Actors with local network access to the system 127- Actors with access to the deployment system 128- Compromised internal systems under external control 129- Malicious end users of the system 130- Compromised end users of the system 131- Remote (external) compromise of the system 132 133IPE does not mitigate threats arising from malicious but authorized 134developers (with access to a signing certificate), or compromised 135developer tools used by them (i.e. return-oriented programming attacks). 136Additionally, IPE draws hard security boundary between userspace and 137kernelspace. As a result, kernel-level exploits are considered outside 138the scope of IPE and mitigation is left to other mechanisms. 139 140Policy 141------ 142 143IPE policy is a plain-text [#devdoc]_ policy composed of multiple statements 144over several lines. There is one required line, at the top of the 145policy, indicating the policy name, and the policy version, for 146instance:: 147 148 policy_name=Ex_Policy policy_version=0.0.0 149 150The policy name is a unique key identifying this policy in a human 151readable name. This is used to create nodes under securityfs as well as 152uniquely identify policies to deploy new policies vs update existing 153policies. 154 155The policy version indicates the current version of the policy (NOT the 156policy syntax version). This is used to prevent rollback of policy to 157potentially insecure previous versions of the policy. 158 159The next portion of IPE policy are rules. Rules are formed by key=value 160pairs, known as properties. IPE rules require two properties: ``action``, 161which determines what IPE does when it encounters a match against the 162rule, and ``op``, which determines when the rule should be evaluated. 163The ordering is significant, a rule must start with ``op``, and end with 164``action``. Thus, a minimal rule is:: 165 166 op=EXECUTE action=ALLOW 167 168This example will allow any execution. Additional properties are used to 169assess immutable security properties about the files being evaluated. 170These properties are intended to be descriptions of systems within the 171kernel that can provide a measure of integrity verification, such that IPE 172can determine the trust of the resource based on the value of the property. 173 174Rules are evaluated top-to-bottom. As a result, any revocation rules, 175or denies should be placed early in the file to ensure that these rules 176are evaluated before a rule with ``action=ALLOW``. 177 178IPE policy supports comments. The character '#' will function as a 179comment, ignoring all characters to the right of '#' until the newline. 180 181The default behavior of IPE evaluations can also be expressed in policy, 182through the ``DEFAULT`` statement. This can be done at a global level, 183or a per-operation level:: 184 185 # Global 186 DEFAULT action=ALLOW 187 188 # Operation Specific 189 DEFAULT op=EXECUTE action=ALLOW 190 191A default must be set for all known operations in IPE. If you want to 192preserve older policies being compatible with newer kernels that can introduce 193new operations, set a global default of ``ALLOW``, then override the 194defaults on a per-operation basis (as above). 195 196With configurable policy-based LSMs, there's several issues with 197enforcing the configurable policies at startup, around reading and 198parsing the policy: 199 2001. The kernel *should* not read files from userspace, so directly reading 201 the policy file is prohibited. 2022. The kernel command line has a character limit, and one kernel module 203 should not reserve the entire character limit for its own 204 configuration. 2053. There are various boot loaders in the kernel ecosystem, so handing 206 off a memory block would be costly to maintain. 207 208As a result, IPE has addressed this problem through a concept of a "boot 209policy". A boot policy is a minimal policy which is compiled into the 210kernel. This policy is intended to get the system to a state where 211userspace is set up and ready to receive commands, at which point a more 212complex policy can be deployed via securityfs. The boot policy can be 213specified via ``SECURITY_IPE_BOOT_POLICY`` config option, which accepts 214a path to a plain-text version of the IPE policy to apply. This policy 215will be compiled into the kernel. If not specified, IPE will be disabled 216until a policy is deployed and activated through securityfs. 217 218Deploying Policies 219~~~~~~~~~~~~~~~~~~ 220 221Policies can be deployed from userspace through securityfs. These policies 222are signed through the PKCS#7 message format to enforce some level of 223authorization of the policies (prohibiting an attacker from gaining 224unconstrained root, and deploying an "allow all" policy). These 225policies must be signed by a certificate that chains to the 226``SYSTEM_TRUSTED_KEYRING``, or to the secondary and/or platform keyrings if 227``CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING`` and/or 228``CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING`` are enabled, respectively. 229With openssl, the policy can be signed by:: 230 231 openssl smime -sign \ 232 -in "$MY_POLICY" \ 233 -signer "$MY_CERTIFICATE" \ 234 -inkey "$MY_PRIVATE_KEY" \ 235 -noattr \ 236 -nodetach \ 237 -nosmimecap \ 238 -outform der \ 239 -out "$MY_POLICY.p7b" 240 241Deploying the policies is done through securityfs, through the 242``new_policy`` node. To deploy a policy, simply cat the file into the 243securityfs node:: 244 245 cat "$MY_POLICY.p7b" > /sys/kernel/security/ipe/new_policy 246 247Upon success, this will create one subdirectory under 248``/sys/kernel/security/ipe/policies/``. The subdirectory will be the 249``policy_name`` field of the policy deployed, so for the example above, 250the directory will be ``/sys/kernel/security/ipe/policies/Ex_Policy``. 251Within this directory, there will be seven files: ``pkcs7``, ``policy``, 252``name``, ``version``, ``active``, ``update``, and ``delete``. 253 254The ``pkcs7`` file is read-only. Reading it returns the raw PKCS#7 data 255that was provided to the kernel, representing the policy. If the policy being 256read is the boot policy, this will return ``ENOENT``, as it is not signed. 257 258The ``policy`` file is read only. Reading it returns the PKCS#7 inner 259content of the policy, which will be the plain text policy. 260 261The ``active`` file is used to set a policy as the currently active policy. 262This file is rw, and accepts a value of ``"1"`` to set the policy as active. 263Since only a single policy can be active at one time, all other policies 264will be marked inactive. The policy being marked active must have a policy 265version greater or equal to the currently-running version. 266 267The ``update`` file is used to update a policy that is already present 268in the kernel. This file is write-only and accepts a PKCS#7 signed 269policy. Two checks will always be performed on this policy: First, the 270``policy_names`` must match with the updated version and the existing 271version. Second the updated policy must have a policy version greater than 272the currently-running version. This is to prevent rollback attacks. 273 274The ``delete`` file is used to remove a policy that is no longer needed. 275This file is write-only and accepts a value of ``1`` to delete the policy. 276On deletion, the securityfs node representing the policy will be removed. 277However, delete the current active policy is not allowed and will return 278an operation not permitted error. 279 280Similarly, writing to both ``update`` and ``new_policy`` could result in 281bad message(policy syntax error) or file exists error. The latter error happens 282when trying to deploy a policy with a ``policy_name`` while the kernel already 283has a deployed policy with the same ``policy_name``. 284 285Deploying a policy will *not* cause IPE to start enforcing the policy. IPE will 286only enforce the policy marked active. Note that only one policy can be active 287at a time. 288 289Once deployment is successful, the policy can be activated, by writing file 290``/sys/kernel/security/ipe/policies/$policy_name/active``. 291For example, the ``Ex_Policy`` can be activated by:: 292 293 echo 1 > "/sys/kernel/security/ipe/policies/Ex_Policy/active" 294 295From above point on, ``Ex_Policy`` is now the enforced policy on the 296system. 297 298IPE also provides a way to delete policies. This can be done via the 299``delete`` securityfs node, 300``/sys/kernel/security/ipe/policies/$policy_name/delete``. 301Writing ``1`` to that file deletes the policy:: 302 303 echo 1 > "/sys/kernel/security/ipe/policies/$policy_name/delete" 304 305There is only one requirement to delete a policy: the policy being deleted 306must be inactive. 307 308.. NOTE:: 309 310 If a traditional MAC system is enabled (SELinux, apparmor, smack), all 311 writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 312 313Modes 314~~~~~ 315 316IPE supports two modes of operation: permissive (similar to SELinux's 317permissive mode) and enforced. In permissive mode, all events are 318checked and policy violations are logged, but the policy is not really 319enforced. This allows users to test policies before enforcing them. 320 321The default mode is enforce, and can be changed via the kernel command 322line parameter ``ipe.enforce=(0|1)``, or the securityfs node 323``/sys/kernel/security/ipe/enforce``. 324 325.. NOTE:: 326 327 If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera), 328 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 329 330Audit Events 331~~~~~~~~~~~~ 332 3331420 AUDIT_IPE_ACCESS 334^^^^^^^^^^^^^^^^^^^^^ 335Event Examples:: 336 337 type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-linux.so" path="/deny/lib/libc.so.6" dev="sda2" ino=14549020 rule="DEFAULT action=DENY" 338 type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a28000 a1=195000 a2=5 a3=812 items=0 ppid=2219 pid=2241 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null) 339 type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00 340 341 type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_test" path=? dev=? ino=? rule="DEFAULT action=DENY" 342 type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000 a2=4 a3=21 items=0 ppid=2219 pid=2472 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="mmap_test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null) 343 type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00 344 345This event indicates that IPE made an access control decision; the IPE 346specific record (1420) is always emitted in conjunction with a 347``AUDITSYSCALL`` record. 348 349Determining whether IPE is in permissive or enforced mode can be derived 350from ``success`` property and exit code of the ``AUDITSYSCALL`` record. 351 352 353Field descriptions: 354 355+-----------+------------+-----------+---------------------------------------------------------------------------------+ 356| Field | Value Type | Optional? | Description of Value | 357+===========+============+===========+=================================================================================+ 358| ipe_op | string | No | The IPE operation name associated with the log | 359+-----------+------------+-----------+---------------------------------------------------------------------------------+ 360| ipe_hook | string | No | The name of the LSM hook that triggered the IPE event | 361+-----------+------------+-----------+---------------------------------------------------------------------------------+ 362| enforcing | integer | No | The current IPE enforcing state 1 is in enforcing mode, 0 is in permissive mode | 363+-----------+------------+-----------+---------------------------------------------------------------------------------+ 364| pid | integer | No | The pid of the process that triggered the IPE event. | 365+-----------+------------+-----------+---------------------------------------------------------------------------------+ 366| comm | string | No | The command line program name of the process that triggered the IPE event | 367+-----------+------------+-----------+---------------------------------------------------------------------------------+ 368| path | string | Yes | The absolute path to the evaluated file | 369+-----------+------------+-----------+---------------------------------------------------------------------------------+ 370| ino | integer | Yes | The inode number of the evaluated file | 371+-----------+------------+-----------+---------------------------------------------------------------------------------+ 372| dev | string | Yes | The device name of the evaluated file, e.g. vda | 373+-----------+------------+-----------+---------------------------------------------------------------------------------+ 374| rule | string | No | The matched policy rule | 375+-----------+------------+-----------+---------------------------------------------------------------------------------+ 376 3771421 AUDIT_IPE_CONFIG_CHANGE 378^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 379 380Event Example:: 381 382 type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 old_policy_digest=sha256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 new_active_pol_name="boot_verified" new_active_pol_version=0.0.0 new_policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1 383 type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=5596fcae1fb0 a2=2 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null) 384 type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2 385 386This event indicates that IPE switched the active poliy from one to another 387along with the version and the hash digest of the two policies. 388Note IPE can only have one policy active at a time, all access decision 389evaluation is based on the current active policy. 390The normal procedure to deploy a new policy is loading the policy to deploy 391into the kernel first, then switch the active policy to it. 392 393This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 394 395Field descriptions: 396 397+------------------------+------------+-----------+---------------------------------------------------+ 398| Field | Value Type | Optional? | Description of Value | 399+========================+============+===========+===================================================+ 400| old_active_pol_name | string | Yes | The name of previous active policy | 401+------------------------+------------+-----------+---------------------------------------------------+ 402| old_active_pol_version | string | Yes | The version of previous active policy | 403+------------------------+------------+-----------+---------------------------------------------------+ 404| old_policy_digest | string | Yes | The hash of previous active policy | 405+------------------------+------------+-----------+---------------------------------------------------+ 406| new_active_pol_name | string | No | The name of current active policy | 407+------------------------+------------+-----------+---------------------------------------------------+ 408| new_active_pol_version | string | No | The version of current active policy | 409+------------------------+------------+-----------+---------------------------------------------------+ 410| new_policy_digest | string | No | The hash of current active policy | 411+------------------------+------------+-----------+---------------------------------------------------+ 412| auid | integer | No | The login user ID | 413+------------------------+------------+-----------+---------------------------------------------------+ 414| ses | integer | No | The login session ID | 415+------------------------+------------+-----------+---------------------------------------------------+ 416| lsm | string | No | The lsm name associated with the event | 417+------------------------+------------+-----------+---------------------------------------------------+ 418| res | integer | No | The result of the audited operation(success/fail) | 419+------------------------+------------+-----------+---------------------------------------------------+ 420 4211422 AUDIT_IPE_POLICY_LOAD 422^^^^^^^^^^^^^^^^^^^^^^^^^^ 423 424Event Example:: 425 426 type=1422 audit(1653425529.927:53): policy_name="boot_verified" policy_version=0.0.0 policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1 427 type=1300 audit(1653425529.927:53): arch=c000003e syscall=1 success=yes exit=2567 a0=3 a1=5596fcae1fb0 a2=a07 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null) 428 type=1327 audit(1653425529.927:53): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2E 429 430This record indicates a new policy has been loaded into the kernel with the policy name, policy version and policy hash. 431 432This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 433 434Field descriptions: 435 436+----------------+------------+-----------+---------------------------------------------------+ 437| Field | Value Type | Optional? | Description of Value | 438+================+============+===========+===================================================+ 439| policy_name | string | No | The policy_name | 440+----------------+------------+-----------+---------------------------------------------------+ 441| policy_version | string | No | The policy_version | 442+----------------+------------+-----------+---------------------------------------------------+ 443| policy_digest | string | No | The policy hash | 444+----------------+------------+-----------+---------------------------------------------------+ 445| auid | integer | No | The login user ID | 446+----------------+------------+-----------+---------------------------------------------------+ 447| ses | integer | No | The login session ID | 448+----------------+------------+-----------+---------------------------------------------------+ 449| lsm | string | No | The lsm name associated with the event | 450+----------------+------------+-----------+---------------------------------------------------+ 451| res | integer | No | The result of the audited operation(success/fail) | 452+----------------+------------+-----------+---------------------------------------------------+ 453 454 4551404 AUDIT_MAC_STATUS 456^^^^^^^^^^^^^^^^^^^^^ 457 458Event Examples:: 459 460 type=1404 audit(1653425689.008:55): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 461 type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=) 462 type=1327 audit(1653425689.008:55): proctitle="-bash" 463 464 type=1404 audit(1653425689.008:55): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 465 type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=) 466 type=1327 audit(1653425689.008:55): proctitle="-bash" 467 468This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 469 470Field descriptions: 471 472+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 473| Field | Value Type | Optional? | Description of Value | 474+===============+============+===========+=================================================================================================+ 475| enforcing | integer | No | The enforcing state IPE is being switched to, 1 is in enforcing mode, 0 is in permissive mode | 476+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 477| old_enforcing | integer | No | The enforcing state IPE is being switched from, 1 is in enforcing mode, 0 is in permissive mode | 478+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 479| auid | integer | No | The login user ID | 480+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 481| ses | integer | No | The login session ID | 482+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 483| enabled | integer | No | The new TTY audit enabled setting | 484+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 485| old-enabled | integer | No | The old TTY audit enabled setting | 486+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 487| lsm | string | No | The lsm name associated with the event | 488+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 489| res | integer | No | The result of the audited operation(success/fail) | 490+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 491 492 493Success Auditing 494^^^^^^^^^^^^^^^^ 495 496IPE supports success auditing. When enabled, all events that pass IPE 497policy and are not blocked will emit an audit event. This is disabled by 498default, and can be enabled via the kernel command line 499``ipe.success_audit=(0|1)`` or 500``/sys/kernel/security/ipe/success_audit`` securityfs file. 501 502This is *very* noisy, as IPE will check every userspace binary on the 503system, but is useful for debugging policies. 504 505.. NOTE:: 506 507 If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera), 508 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 509 510Properties 511---------- 512 513As explained above, IPE properties are ``key=value`` pairs expressed in IPE 514policy. Two properties are built-into the policy parser: 'op' and 'action'. 515The other properties are used to restrict immutable security properties 516about the files being evaluated. Currently those properties are: 517'``boot_verified``', '``dmverity_signature``', '``dmverity_roothash``', 518'``fsverity_signature``', '``fsverity_digest``'. A description of all 519properties supported by IPE are listed below: 520 521op 522~~ 523 524Indicates the operation for a rule to apply to. Must be in every rule, 525as the first token. IPE supports the following operations: 526 527 ``EXECUTE`` 528 529 Pertains to any file attempting to be executed, or loaded as an 530 executable. 531 532 ``FIRMWARE``: 533 534 Pertains to firmware being loaded via the firmware_class interface. 535 This covers both the preallocated buffer and the firmware file 536 itself. 537 538 ``KMODULE``: 539 540 Pertains to loading kernel modules via ``modprobe`` or ``insmod``. 541 542 ``KEXEC_IMAGE``: 543 544 Pertains to kernel images loading via ``kexec``. 545 546 ``KEXEC_INITRAMFS`` 547 548 Pertains to initrd images loading via ``kexec --initrd``. 549 550 ``POLICY``: 551 552 Controls loading policies via reading a kernel-space initiated read. 553 554 An example of such is loading IMA policies by writing the path 555 to the policy file to ``$securityfs/ima/policy`` 556 557 ``X509_CERT``: 558 559 Controls loading IMA certificates through the Kconfigs, 560 ``CONFIG_IMA_X509_PATH`` and ``CONFIG_EVM_X509_PATH``. 561 562action 563~~~~~~ 564 565 Determines what IPE should do when a rule matches. Must be in every 566 rule, as the final clause. Can be one of: 567 568 ``ALLOW``: 569 570 If the rule matches, explicitly allow access to the resource to proceed 571 without executing any more rules. 572 573 ``DENY``: 574 575 If the rule matches, explicitly prohibit access to the resource to 576 proceed without executing any more rules. 577 578boot_verified 579~~~~~~~~~~~~~ 580 581 This property can be utilized for authorization of files from initramfs. 582 The format of this property is:: 583 584 boot_verified=(TRUE|FALSE) 585 586 587 .. WARNING:: 588 589 This property will trust files from initramfs(rootfs). It should 590 only be used during early booting stage. Before mounting the real 591 rootfs on top of the initramfs, initramfs script will recursively 592 remove all files and directories on the initramfs. This is typically 593 implemented by using switch_root(8) [#switch_root]_. Therefore the 594 initramfs will be empty and not accessible after the real 595 rootfs takes over. It is advised to switch to a different policy 596 that doesn't rely on the property after this point. 597 This ensures that the trust policies remain relevant and effective 598 throughout the system's operation. 599 600dmverity_roothash 601~~~~~~~~~~~~~~~~~ 602 603 This property can be utilized for authorization or revocation of 604 specific dm-verity volumes, identified via their root hashes. It has a 605 dependency on the DM_VERITY module. This property is controlled by 606 the ``IPE_PROP_DM_VERITY`` config option, it will be automatically 607 selected when ``SECURITY_IPE`` and ``DM_VERITY`` are all enabled. 608 The format of this property is:: 609 610 dmverity_roothash=DigestName:HexadecimalString 611 612 The supported DigestNames for dmverity_roothash are [#dmveritydigests]_ 613 614 + blake2b-512 615 + blake2s-256 616 + sha256 617 + sha384 618 + sha512 619 + sha3-224 620 + sha3-256 621 + sha3-384 622 + sha3-512 623 + sm3 624 + rmd160 625 626dmverity_signature 627~~~~~~~~~~~~~~~~~~ 628 629 This property can be utilized for authorization of all dm-verity 630 volumes that have a signed roothash that validated by a keyring 631 specified by dm-verity's configuration, either the system trusted 632 keyring, or the secondary keyring. It depends on 633 ``DM_VERITY_VERIFY_ROOTHASH_SIG`` config option and is controlled by 634 the ``IPE_PROP_DM_VERITY_SIGNATURE`` config option, it will be automatically 635 selected when ``SECURITY_IPE``, ``DM_VERITY`` and 636 ``DM_VERITY_VERIFY_ROOTHASH_SIG`` are all enabled. 637 The format of this property is:: 638 639 dmverity_signature=(TRUE|FALSE) 640 641fsverity_digest 642~~~~~~~~~~~~~~~ 643 644 This property can be utilized for authorization of specific fsverity 645 enabled files, identified via their fsverity digests. 646 It depends on ``FS_VERITY`` config option and is controlled by 647 the ``IPE_PROP_FS_VERITY`` config option, it will be automatically 648 selected when ``SECURITY_IPE`` and ``FS_VERITY`` are all enabled. 649 The format of this property is:: 650 651 fsverity_digest=DigestName:HexadecimalString 652 653 The supported DigestNames for fsverity_digest are [#fsveritydigest]_ 654 655 + sha256 656 + sha512 657 658fsverity_signature 659~~~~~~~~~~~~~~~~~~ 660 661 This property is used to authorize all fs-verity enabled files that have 662 been verified by fs-verity's built-in signature mechanism. The signature 663 verification relies on a key stored within the ".fs-verity" keyring. It 664 depends on ``FS_VERITY_BUILTIN_SIGNATURES`` config option and 665 it is controlled by the ``IPE_PROP_FS_VERITY`` config option, 666 it will be automatically selected when ``SECURITY_IPE``, ``FS_VERITY`` 667 and ``FS_VERITY_BUILTIN_SIGNATURES`` are all enabled. 668 The format of this property is:: 669 670 fsverity_signature=(TRUE|FALSE) 671 672Policy Examples 673--------------- 674 675Allow all 676~~~~~~~~~ 677 678:: 679 680 policy_name=Allow_All policy_version=0.0.0 681 DEFAULT action=ALLOW 682 683Allow only initramfs 684~~~~~~~~~~~~~~~~~~~~ 685 686:: 687 688 policy_name=Allow_Initramfs policy_version=0.0.0 689 DEFAULT action=DENY 690 691 op=EXECUTE boot_verified=TRUE action=ALLOW 692 693Allow any signed and validated dm-verity volume and the initramfs 694~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 695 696:: 697 698 policy_name=Allow_Signed_DMV_And_Initramfs policy_version=0.0.0 699 DEFAULT action=DENY 700 701 op=EXECUTE boot_verified=TRUE action=ALLOW 702 op=EXECUTE dmverity_signature=TRUE action=ALLOW 703 704Prohibit execution from a specific dm-verity volume 705~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 706 707:: 708 709 policy_name=Deny_DMV_By_Roothash policy_version=0.0.0 710 DEFAULT action=DENY 711 712 op=EXECUTE dmverity_roothash=sha256:cd2c5bae7c6c579edaae4353049d58eb5f2e8be0244bf05345bc8e5ed257baff action=DENY 713 714 op=EXECUTE boot_verified=TRUE action=ALLOW 715 op=EXECUTE dmverity_signature=TRUE action=ALLOW 716 717Allow only a specific dm-verity volume 718~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 719 720:: 721 722 policy_name=Allow_DMV_By_Roothash policy_version=0.0.0 723 DEFAULT action=DENY 724 725 op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW 726 727Allow any fs-verity file with a valid built-in signature 728~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 729 730:: 731 732 policy_name=Allow_Signed_And_Validated_FSVerity policy_version=0.0.0 733 DEFAULT action=DENY 734 735 op=EXECUTE fsverity_signature=TRUE action=ALLOW 736 737Allow execution of a specific fs-verity file 738~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 739 740:: 741 742 policy_name=ALLOW_FSV_By_Digest policy_version=0.0.0 743 DEFAULT action=DENY 744 745 op=EXECUTE fsverity_digest=sha256:fd88f2b8824e197f850bf4c5109bea5cf0ee38104f710843bb72da796ba5af9e action=ALLOW 746 747Additional Information 748---------------------- 749 750- `Github Repository <https://github.com/microsoft/ipe>`_ 751- :doc:`Developer and design docs for IPE </security/ipe>` 752 753FAQ 754--- 755 756Q: 757 What's the difference between other LSMs which provide a measure of 758 trust-based access control? 759 760A: 761 762 In general, there's two other LSMs that can provide similar functionality: 763 IMA, and Loadpin. 764 765 IMA and IPE are functionally very similar. The significant difference between 766 the two is the policy. [#devdoc]_ 767 768 Loadpin and IPE differ fairly dramatically, as Loadpin only covers the IPE's 769 kernel read operations, whereas IPE is capable of controlling execution 770 on top of kernel read. The trust model is also different; Loadpin roots its 771 trust in the initial super-block, whereas trust in IPE is stemmed from kernel 772 itself (via ``SYSTEM_TRUSTED_KEYS``). 773 774----------- 775 776.. [#digest_cache_lsm] https://lore.kernel.org/lkml/20240415142436.2545003-1-roberto.sassu@huaweicloud.com/ 777 778.. [#interpreters] There is `some interest in solving this issue <https://lore.kernel.org/lkml/20220321161557.495388-1-mic@digikod.net/>`_. 779 780.. [#devdoc] Please see :doc:`the design docs </security/ipe>` for more on 781 this topic. 782 783.. [#switch_root] https://man7.org/linux/man-pages/man8/switch_root.8.html 784 785.. [#dmveritydigests] These hash algorithms are based on values accepted by 786 the Linux crypto API; IPE does not impose any 787 restrictions on the digest algorithm itself; 788 thus, this list may be out of date. 789 790.. [#fsveritydigest] These hash algorithms are based on values accepted by the 791 kernel's fsverity support; IPE does not impose any 792 restrictions on the digest algorithm itself; 793 thus, this list may be out of date. 794