Re: [PATCH v18 20/21] Documentation: add ipe documentation

Linux-Doc Archive mirror
 help / color / mirror / Atom feed

From: Bagas Sanjaya <bagasdotme@gmail.com>
To: Fan Wu <wufan@linux.microsoft.com>,
	corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org,
	serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org,
	axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org,
	eparis@redhat.com, paul@paul-moore.com
Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org, fsverity@lists.linux.dev,
	linux-block@vger.kernel.org, dm-devel@lists.linux.dev,
	audit@vger.kernel.org, linux-kernel@vger.kernel.org,
	Deven Bowers <deven.desai@linux.microsoft.com>
Subject: Re: [PATCH v18 20/21] Documentation: add ipe documentation
Date: Sun, 5 May 2024 07:15:18 +0700	[thread overview]
Message-ID: <ZjbPlk8ZwFZwdqJJ@archie.me> (raw)
In-Reply-To: <ab7054cd-affd-47c3-bd98-2cf47d6a6376@linux.microsoft.com>

[-- Attachment #1: Type: text/plain, Size: 6040 bytes --]

On Sat, May 04, 2024 at 01:13:16PM -0700, Fan Wu wrote:
> 
> 
> On 5/4/2024 1:04 AM, Bagas Sanjaya wrote:
> > On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
> > > +IPE does not mitigate threats arising from malicious but authorized
> > > +developers (with access to a signing certificate), or compromised
> > > +developer tools used by them (i.e. return-oriented programming attacks).
> > > +Additionally, IPE draws hard security boundary between userspace and
> > > +kernelspace. As a result, IPE does not provide any protections against a
> > > +kernel level exploit, and a kernel-level exploit can disable or tamper
> > > +with IPE's protections.
> > 
> > So how to mitigate kernel-level exploits then?
> > 
> One possible way is to use hypervisor to protect the kernel integrity.
> https://github.com/heki-linux is one project on this direction. Perhaps I
> should also add this link to the doc.

OK.

> 
> > > +Allow only initramfs
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > <snipped>...
> > > +Allow any signed and validated dm-verity volume and the initramfs
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > <snipped>...
> > 
> > htmldocs build reports new warnings:
> > 
> > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
> > 
> > Allow any signed and validated dm-verity volume and the initramfs
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.
> > 
> > Allow any signed and validated dm-verity volume and the initramfs
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.
> > 
> > I have to match these sections underline length:
> > 
> > ---- >8 ----
> > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> > index 1a3bf1d8aa23f0..a47e14e024a90d 100644
> > --- a/Documentation/admin-guide/LSM/ipe.rst
> > +++ b/Documentation/admin-guide/LSM/ipe.rst
> > @@ -681,7 +681,7 @@ Allow all
> >      DEFAULT action=ALLOW
> >   Allow only initramfs
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~
> >   ::
> > @@ -691,7 +691,7 @@ Allow only initramfs
> >      op=EXECUTE boot_verified=TRUE action=ALLOW
> >   Allow any signed and validated dm-verity volume and the initramfs
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >   ::
> > @@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
> >      op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
> >   Allow any fs-verity file with a valid built-in signature
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >   ::
> > @@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
> >      op=EXECUTE fsverity_signature=TRUE action=ALLOW
> >   Allow execution of a specific fs-verity file
> > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >   ::
> > 
> > > +Additional Information
> > > +----------------------
> > > +
> > > +- `Github Repository <https://github.com/microsoft/ipe>`_
> > > +- Documentation/security/ipe.rst
> > 
> > Link title to both this admin-side and developer docs can be added for
> > disambiguation (to avoid confusion on readers):
> > 
> > ---- >8 ----
> > diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
> > index a47e14e024a90d..25b17e11559149 100644
> > --- a/Documentation/admin-guide/LSM/ipe.rst
> > +++ b/Documentation/admin-guide/LSM/ipe.rst
> > @@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
> >      This is the documentation for admins, system builders, or individuals
> >      attempting to use IPE. If you're looking for more developer-focused
> > -   documentation about IPE please see Documentation/security/ipe.rst
> > +   documentation about IPE please see :doc:`the design docs
> > +   </security/ipe>`.
> >   Overview
> >   --------
> > @@ -748,7 +749,7 @@ Additional Information
> >   ----------------------
> >   - `Github Repository <https://github.com/microsoft/ipe>`_
> > -- Documentation/security/ipe.rst
> > +- :doc:`Developer and design docs for IPE </security/ipe>`
> >   FAQ
> >   ---
> > diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
> > index 07e3632241285d..fd1b1a852d2165 100644
> > --- a/Documentation/security/ipe.rst
> > +++ b/Documentation/security/ipe.rst
> > @@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
> >      This is documentation targeted at developers, instead of administrators.
> >      If you're looking for documentation on the usage of IPE, please see
> > -   Documentation/admin-guide/LSM/ipe.rst
> > +   `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
> >   Historical Motivation
> >   ---------------------
> > 
> > Thanks.
> > 
> 
> My apologies for these format issues and thanks for the suggestions. I will
> fix them.

Oh, I forgot to also add :doc: directive for the last reference link:

---- >8 ----
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index fd1b1a852d2165..aa2e64d4119f3e 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
 
    This is documentation targeted at developers, instead of administrators.
    If you're looking for documentation on the usage of IPE, please see
-   `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
+   :doc:`IPE admin guide </admin-guide/LSM/ipe>`.
 
 Historical Motivation
 ---------------------

Thanks.

-- 
An old man doll... just what I always wanted! - Clara

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

next prev parent reply	other threads:[~2024-05-05  0:15 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-03 22:32 [PATCH v18 00/21] Integrity Policy Enforcement LSM (IPE) Fan Wu
2024-05-03 22:32 ` [PATCH v18 01/21] security: add ipe lsm Fan Wu
2024-05-03 22:32 ` [PATCH v18 02/21] ipe: add policy parser Fan Wu
2024-05-03 22:32 ` [PATCH v18 03/21] ipe: add evaluation loop Fan Wu
2024-05-03 22:32 ` [PATCH v18 04/21] ipe: add LSM hooks on execution and kernel read Fan Wu
2024-05-03 22:32 ` [PATCH v18 05/21] initramfs|security: Add a security hook to do_populate_rootfs() Fan Wu
2024-05-03 22:32 ` [PATCH v18 06/21] ipe: introduce 'boot_verified' as a trust provider Fan Wu
2024-05-03 22:32 ` [PATCH v18 07/21] security: add new securityfs delete function Fan Wu
2024-05-03 22:32 ` [PATCH v18 08/21] ipe: add userspace interface Fan Wu
2024-05-03 22:32 ` [PATCH v18 09/21] uapi|audit|ipe: add ipe auditing support Fan Wu
2024-05-03 22:32 ` [PATCH v18 10/21] ipe: add permissive toggle Fan Wu
2024-05-03 22:32 ` [PATCH v18 11/21] block,lsm: add LSM blob and new LSM hooks for block device Fan Wu
2024-05-03 22:32 ` [PATCH v18 12/21] dm: add finalize hook to target_type Fan Wu
2024-05-08 17:17   ` Mikulas Patocka
2024-05-08 22:30     ` Fan Wu
2024-05-09 17:07       ` Mikulas Patocka
2024-05-17 19:13         ` Fan Wu
2024-05-20 12:31           ` Mikulas Patocka
2024-05-21 21:42             ` Fan Wu
2024-05-03 22:32 ` [PATCH v18 13/21] dm verity: expose root hash digest and signature data to LSMs Fan Wu
2024-05-03 22:32 ` [PATCH v18 14/21] ipe: add support for dm-verity as a trust provider Fan Wu
2024-05-03 22:32 ` [PATCH v18 15/21] security: add security_inode_setintegrity() hook Fan Wu
2024-05-03 22:32 ` [PATCH v18 16/21] fsverity: expose verified fsverity built-in signatures to LSMs Fan Wu
2024-05-14 19:55   ` Paul Moore
2024-05-03 22:32 ` [PATCH v18 17/21] ipe: enable support for fs-verity as a trust provider Fan Wu
2024-05-03 22:32 ` [PATCH v18 18/21] scripts: add boot policy generation program Fan Wu
2024-05-03 22:32 ` [PATCH v18 19/21] ipe: kunit test for parser Fan Wu
2024-05-03 22:32 ` [PATCH v18 20/21] Documentation: add ipe documentation Fan Wu
2024-05-04  8:04   ` Bagas Sanjaya
2024-05-04 20:13     ` Fan Wu
2024-05-05  0:15       ` Bagas Sanjaya [this message]
2024-05-14 19:50       ` Paul Moore
2024-05-03 22:32 ` [PATCH v18 21/21] MAINTAINERS: ipe: add ipe maintainer information Fan Wu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fd1b1a852d216 dfblob:aa2e64d4119f3 )
 OR (
bs:"Re: [PATCH v18 20/21] Documentation: add ipe documentation" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZjbPlk8ZwFZwdqJJ@archie.me \
    --to=bagasdotme@gmail.com \
    --cc=agk@redhat.com \
    --cc=audit@vger.kernel.org \
    --cc=axboe@kernel.dk \
    --cc=corbet@lwn.net \
    --cc=deven.desai@linux.microsoft.com \
    --cc=dm-devel@lists.linux.dev \
    --cc=ebiggers@kernel.org \
    --cc=eparis@redhat.com \
    --cc=fsverity@lists.linux.dev \
    --cc=jmorris@namei.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=serge@hallyn.com \
    --cc=snitzer@kernel.org \
    --cc=tytso@mit.edu \
    --cc=wufan@linux.microsoft.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).