1.. SPDX-License-Identifier: GPL-2.0 2 3Integrity Policy Enforcement (IPE) 4================================== 5 6.. NOTE:: 7 8 This is the documentation for admins, system builders, or individuals 9 attempting to use IPE. If you're looking for more developer-focused 10 documentation about IPE please see :doc:`the design docs </security/ipe>`. 11 12Overview 13-------- 14 15Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a 16complementary approach to access control. Unlike traditional access control 17mechanisms that rely on labels and paths for decision-making, IPE focuses 18on the immutable security properties inherent to system components. These 19properties are fundamental attributes or features of a system component 20that cannot be altered, ensuring a consistent and reliable basis for 21security decisions. 22 23To elaborate, in the context of IPE, system components primarily refer to 24files or the devices these files reside on. However, this is just a 25starting point. The concept of system components is flexible and can be 26extended to include new elements as the system evolves. The immutable 27properties include the origin of a file, which remains constant and 28unchangeable over time. For example, IPE policies can be crafted to trust 29files originating from the initramfs. Since initramfs is typically verified 30by the bootloader, its files are deemed trustworthy; "file is from 31initramfs" becomes an immutable property under IPE's consideration. 32 33The immutable property concept extends to the security features enabled on 34a file's origin, such as dm-verity or fs-verity, which provide a layer of 35integrity and trust. For example, IPE allows the definition of policies 36that trust files from a dm-verity protected device. dm-verity ensures the 37integrity of an entire device by providing a verifiable and immutable state 38of its contents. Similarly, fs-verity offers filesystem-level integrity 39checks, allowing IPE to enforce policies that trust files protected by 40fs-verity. These two features cannot be turned off once established, so 41they are considered immutable properties. These examples demonstrate how 42IPE leverages immutable properties, such as a file's origin and its 43integrity protection mechanisms, to make access control decisions. 44 45For the IPE policy, specifically, it grants the ability to enforce 46stringent access controls by assessing security properties against 47reference values defined within the policy. This assessment can be based on 48the existence of a security property (e.g., verifying if a file originates 49from initramfs) or evaluating the internal state of an immutable security 50property. The latter includes checking the roothash of a dm-verity 51protected device, determining whether dm-verity possesses a valid 52signature, assessing the digest of a fs-verity protected file, or 53determining whether fs-verity possesses a valid built-in signature. This 54nuanced approach to policy enforcement enables a highly secure and 55customizable system defense mechanism, tailored to specific security 56requirements and trust models. 57 58To enable IPE, ensure that ``CONFIG_SECURITY_IPE`` (under 59:menuselection:`Security -> Integrity Policy Enforcement (IPE)`) config 60option is enabled. 61 62Use Cases 63--------- 64 65IPE works best in fixed-function devices: devices in which their purpose 66is clearly defined and not supposed to be changed (e.g. network firewall 67device in a data center, an IoT device, etcetera), where all software and 68configuration is built and provisioned by the system owner. 69 70IPE is a long-way off for use in general-purpose computing: the Linux 71community as a whole tends to follow a decentralized trust model (known as 72the web of trust), which IPE has no support for it yet. Instead, IPE 73supports PKI (public key infrastructure), which generally designates a 74set of trusted entities that provide a measure of absolute trust. 75 76Additionally, while most packages are signed today, the files inside 77the packages (for instance, the executables), tend to be unsigned. This 78makes it difficult to utilize IPE in systems where a package manager is 79expected to be functional, without major changes to the package manager 80and ecosystem behind it. 81 82The digest_cache LSM [#digest_cache_lsm]_ is a system that when combined with IPE, 83could be used to enable and support general-purpose computing use cases. 84 85Known Limitations 86----------------- 87 88IPE cannot verify the integrity of anonymous executable memory, such as 89the trampolines created by gcc closures and libffi (<3.4.2), or JIT'd code. 90Unfortunately, as this is dynamically generated code, there is no way 91for IPE to ensure the integrity of this code to form a trust basis. 92 93IPE cannot verify the integrity of programs written in interpreted 94languages when these scripts are invoked by passing these program files 95to the interpreter. This is because the way interpreters execute these 96files; the scripts themselves are not evaluated as executable code 97through one of IPE's hooks, but they are merely text files that are read 98(as opposed to compiled executables) [#interpreters]_. 99 100Threat Model 101------------ 102 103IPE specifically targets the risk of tampering with user-space executable 104code after the kernel has initially booted, including the kernel modules 105loaded from userspace via ``modprobe`` or ``insmod``. 106 107To illustrate, consider a scenario where an untrusted binary, possibly 108malicious, is downloaded along with all necessary dependencies, including a 109loader and libc. The primary function of IPE in this context is to prevent 110the execution of such binaries and their dependencies. 111 112IPE achieves this by verifying the integrity and authenticity of all 113executable code before allowing them to run. It conducts a thorough 114check to ensure that the code's integrity is intact and that they match an 115authorized reference value (digest, signature, etc) as per the defined 116policy. If a binary does not pass this verification process, either 117because its integrity has been compromised or it does not meet the 118authorization criteria, IPE will deny its execution. Additionally, IPE 119generates audit logs which may be utilized to detect and analyze failures 120resulting from policy violation. 121 122Tampering threat scenarios include modification or replacement of 123executable code by a range of actors including: 124 125- Actors with physical access to the hardware 126- Actors with local network access to the system 127- Actors with access to the deployment system 128- Compromised internal systems under external control 129- Malicious end users of the system 130- Compromised end users of the system 131- Remote (external) compromise of the system 132 133IPE does not mitigate threats arising from malicious but authorized 134developers (with access to a signing certificate), or compromised 135developer tools used by them (i.e. return-oriented programming attacks). 136Additionally, IPE draws hard security boundary between userspace and 137kernelspace. As a result, kernel-level exploits are considered outside 138the scope of IPE and mitigation is left to other mechanisms. 139 140Policy 141------ 142 143IPE policy is a plain-text [#devdoc]_ policy composed of multiple statements 144over several lines. There is one required line, at the top of the 145policy, indicating the policy name, and the policy version, for 146instance:: 147 148 policy_name=Ex_Policy policy_version=0.0.0 149 150The policy name is a unique key identifying this policy in a human 151readable name. This is used to create nodes under securityfs as well as 152uniquely identify policies to deploy new policies vs update existing 153policies. 154 155The policy version indicates the current version of the policy (NOT the 156policy syntax version). This is used to prevent rollback of policy to 157potentially insecure previous versions of the policy. 158 159The next portion of IPE policy are rules. Rules are formed by key=value 160pairs, known as properties. IPE rules require two properties: ``action``, 161which determines what IPE does when it encounters a match against the 162rule, and ``op``, which determines when the rule should be evaluated. 163The ordering is significant, a rule must start with ``op``, and end with 164``action``. Thus, a minimal rule is:: 165 166 op=EXECUTE action=ALLOW 167 168This example will allow any execution. Additional properties are used to 169assess immutable security properties about the files being evaluated. 170These properties are intended to be descriptions of systems within the 171kernel that can provide a measure of integrity verification, such that IPE 172can determine the trust of the resource based on the value of the property. 173 174Rules are evaluated top-to-bottom. As a result, any revocation rules, 175or denies should be placed early in the file to ensure that these rules 176are evaluated before a rule with ``action=ALLOW``. 177 178IPE policy supports comments. The character '#' will function as a 179comment, ignoring all characters to the right of '#' until the newline. 180 181The default behavior of IPE evaluations can also be expressed in policy, 182through the ``DEFAULT`` statement. This can be done at a global level, 183or a per-operation level:: 184 185 # Global 186 DEFAULT action=ALLOW 187 188 # Operation Specific 189 DEFAULT op=EXECUTE action=ALLOW 190 191A default must be set for all known operations in IPE. If you want to 192preserve older policies being compatible with newer kernels that can introduce 193new operations, set a global default of ``ALLOW``, then override the 194defaults on a per-operation basis (as above). 195 196With configurable policy-based LSMs, there's several issues with 197enforcing the configurable policies at startup, around reading and 198parsing the policy: 199 2001. The kernel *should* not read files from userspace, so directly reading 201 the policy file is prohibited. 2022. The kernel command line has a character limit, and one kernel module 203 should not reserve the entire character limit for its own 204 configuration. 2053. There are various boot loaders in the kernel ecosystem, so handing 206 off a memory block would be costly to maintain. 207 208As a result, IPE has addressed this problem through a concept of a "boot 209policy". A boot policy is a minimal policy which is compiled into the 210kernel. This policy is intended to get the system to a state where 211userspace is set up and ready to receive commands, at which point a more 212complex policy can be deployed via securityfs. The boot policy can be 213specified via ``SECURITY_IPE_BOOT_POLICY`` config option, which accepts 214a path to a plain-text version of the IPE policy to apply. This policy 215will be compiled into the kernel. If not specified, IPE will be disabled 216until a policy is deployed and activated through securityfs. 217 218Deploying Policies 219~~~~~~~~~~~~~~~~~~ 220 221Policies can be deployed from userspace through securityfs. These policies 222are signed through the PKCS#7 message format to enforce some level of 223authorization of the policies (prohibiting an attacker from gaining 224unconstrained root, and deploying an "allow all" policy). These 225policies must be signed by a certificate that chains to the 226``SYSTEM_TRUSTED_KEYRING``. With openssl, the policy can be signed by:: 227 228 openssl smime -sign \ 229 -in "$MY_POLICY" \ 230 -signer "$MY_CERTIFICATE" \ 231 -inkey "$MY_PRIVATE_KEY" \ 232 -noattr \ 233 -nodetach \ 234 -nosmimecap \ 235 -outform der \ 236 -out "$MY_POLICY.p7b" 237 238Deploying the policies is done through securityfs, through the 239``new_policy`` node. To deploy a policy, simply cat the file into the 240securityfs node:: 241 242 cat "$MY_POLICY.p7b" > /sys/kernel/security/ipe/new_policy 243 244Upon success, this will create one subdirectory under 245``/sys/kernel/security/ipe/policies/``. The subdirectory will be the 246``policy_name`` field of the policy deployed, so for the example above, 247the directory will be ``/sys/kernel/security/ipe/policies/Ex_Policy``. 248Within this directory, there will be seven files: ``pkcs7``, ``policy``, 249``name``, ``version``, ``active``, ``update``, and ``delete``. 250 251The ``pkcs7`` file is read-only. Reading it returns the raw PKCS#7 data 252that was provided to the kernel, representing the policy. If the policy being 253read is the boot policy, this will return ``ENOENT``, as it is not signed. 254 255The ``policy`` file is read only. Reading it returns the PKCS#7 inner 256content of the policy, which will be the plain text policy. 257 258The ``active`` file is used to set a policy as the currently active policy. 259This file is rw, and accepts a value of ``"1"`` to set the policy as active. 260Since only a single policy can be active at one time, all other policies 261will be marked inactive. The policy being marked active must have a policy 262version greater or equal to the currently-running version. 263 264The ``update`` file is used to update a policy that is already present 265in the kernel. This file is write-only and accepts a PKCS#7 signed 266policy. Two checks will always be performed on this policy: First, the 267``policy_names`` must match with the updated version and the existing 268version. Second the updated policy must have a policy version greater than 269or equal to the currently-running version. This is to prevent rollback attacks. 270 271The ``delete`` file is used to remove a policy that is no longer needed. 272This file is write-only and accepts a value of ``1`` to delete the policy. 273On deletion, the securityfs node representing the policy will be removed. 274However, delete the current active policy is not allowed and will return 275an operation not permitted error. 276 277Similarly, writing to both ``update`` and ``new_policy`` could result in 278bad message(policy syntax error) or file exists error. The latter error happens 279when trying to deploy a policy with a ``policy_name`` while the kernel already 280has a deployed policy with the same ``policy_name``. 281 282Deploying a policy will *not* cause IPE to start enforcing the policy. IPE will 283only enforce the policy marked active. Note that only one policy can be active 284at a time. 285 286Once deployment is successful, the policy can be activated, by writing file 287``/sys/kernel/security/ipe/policies/$policy_name/active``. 288For example, the ``Ex_Policy`` can be activated by:: 289 290 echo 1 > "/sys/kernel/security/ipe/policies/Ex_Policy/active" 291 292From above point on, ``Ex_Policy`` is now the enforced policy on the 293system. 294 295IPE also provides a way to delete policies. This can be done via the 296``delete`` securityfs node, 297``/sys/kernel/security/ipe/policies/$policy_name/delete``. 298Writing ``1`` to that file deletes the policy:: 299 300 echo 1 > "/sys/kernel/security/ipe/policies/$policy_name/delete" 301 302There is only one requirement to delete a policy: the policy being deleted 303must be inactive. 304 305.. NOTE:: 306 307 If a traditional MAC system is enabled (SELinux, apparmor, smack), all 308 writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 309 310Modes 311~~~~~ 312 313IPE supports two modes of operation: permissive (similar to SELinux's 314permissive mode) and enforced. In permissive mode, all events are 315checked and policy violations are logged, but the policy is not really 316enforced. This allows users to test policies before enforcing them. 317 318The default mode is enforce, and can be changed via the kernel command 319line parameter ``ipe.enforce=(0|1)``, or the securityfs node 320``/sys/kernel/security/ipe/enforce``. 321 322.. NOTE:: 323 324 If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera), 325 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 326 327Audit Events 328~~~~~~~~~~~~ 329 3301420 AUDIT_IPE_ACCESS 331^^^^^^^^^^^^^^^^^^^^^ 332Event Examples:: 333 334 type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-linux.so" path="/deny/lib/libc.so.6" dev="sda2" ino=14549020 rule="DEFAULT action=DENY" 335 type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a28000 a1=195000 a2=5 a3=812 items=0 ppid=2219 pid=2241 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null) 336 type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00 337 338 type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_test" path=? dev=? ino=? rule="DEFAULT action=DENY" 339 type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000 a2=4 a3=21 items=0 ppid=2219 pid=2472 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="mmap_test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null) 340 type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00 341 342This event indicates that IPE made an access control decision; the IPE 343specific record (1420) is always emitted in conjunction with a 344``AUDITSYSCALL`` record. 345 346Determining whether IPE is in permissive or enforced mode can be derived 347from ``success`` property and exit code of the ``AUDITSYSCALL`` record. 348 349 350Field descriptions: 351 352+-----------+------------+-----------+---------------------------------------------------------------------------------+ 353| Field | Value Type | Optional? | Description of Value | 354+===========+============+===========+=================================================================================+ 355| ipe_op | string | No | The IPE operation name associated with the log | 356+-----------+------------+-----------+---------------------------------------------------------------------------------+ 357| ipe_hook | string | No | The name of the LSM hook that triggered the IPE event | 358+-----------+------------+-----------+---------------------------------------------------------------------------------+ 359| enforcing | integer | No | The current IPE enforcing state 1 is in enforcing mode, 0 is in permissive mode | 360+-----------+------------+-----------+---------------------------------------------------------------------------------+ 361| pid | integer | No | The pid of the process that triggered the IPE event. | 362+-----------+------------+-----------+---------------------------------------------------------------------------------+ 363| comm | string | No | The command line program name of the process that triggered the IPE event | 364+-----------+------------+-----------+---------------------------------------------------------------------------------+ 365| path | string | Yes | The absolute path to the evaluated file | 366+-----------+------------+-----------+---------------------------------------------------------------------------------+ 367| ino | integer | Yes | The inode number of the evaluated file | 368+-----------+------------+-----------+---------------------------------------------------------------------------------+ 369| dev | string | Yes | The device name of the evaluated file, e.g. vda | 370+-----------+------------+-----------+---------------------------------------------------------------------------------+ 371| rule | string | No | The matched policy rule | 372+-----------+------------+-----------+---------------------------------------------------------------------------------+ 373 3741421 AUDIT_IPE_CONFIG_CHANGE 375^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 376 377Event Example:: 378 379 type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 old_policy_digest=sha256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 new_active_pol_name="boot_verified" new_active_pol_version=0.0.0 new_policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1 380 type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=5596fcae1fb0 a2=2 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null) 381 type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2 382 383This event indicates that IPE switched the active poliy from one to another 384along with the version and the hash digest of the two policies. 385Note IPE can only have one policy active at a time, all access decision 386evaluation is based on the current active policy. 387The normal procedure to deploy a new policy is loading the policy to deploy 388into the kernel first, then switch the active policy to it. 389 390This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 391 392Field descriptions: 393 394+------------------------+------------+-----------+---------------------------------------------------+ 395| Field | Value Type | Optional? | Description of Value | 396+========================+============+===========+===================================================+ 397| old_active_pol_name | string | Yes | The name of previous active policy | 398+------------------------+------------+-----------+---------------------------------------------------+ 399| old_active_pol_version | string | Yes | The version of previous active policy | 400+------------------------+------------+-----------+---------------------------------------------------+ 401| old_policy_digest | string | Yes | The hash of previous active policy | 402+------------------------+------------+-----------+---------------------------------------------------+ 403| new_active_pol_name | string | No | The name of current active policy | 404+------------------------+------------+-----------+---------------------------------------------------+ 405| new_active_pol_version | string | No | The version of current active policy | 406+------------------------+------------+-----------+---------------------------------------------------+ 407| new_policy_digest | string | No | The hash of current active policy | 408+------------------------+------------+-----------+---------------------------------------------------+ 409| auid | integer | No | The login user ID | 410+------------------------+------------+-----------+---------------------------------------------------+ 411| ses | integer | No | The login session ID | 412+------------------------+------------+-----------+---------------------------------------------------+ 413| lsm | string | No | The lsm name associated with the event | 414+------------------------+------------+-----------+---------------------------------------------------+ 415| res | integer | No | The result of the audited operation(success/fail) | 416+------------------------+------------+-----------+---------------------------------------------------+ 417 4181422 AUDIT_IPE_POLICY_LOAD 419^^^^^^^^^^^^^^^^^^^^^^^^^^ 420 421Event Example:: 422 423 type=1422 audit(1653425529.927:53): policy_name="boot_verified" policy_version=0.0.0 policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1 424 type=1300 audit(1653425529.927:53): arch=c000003e syscall=1 success=yes exit=2567 a0=3 a1=5596fcae1fb0 a2=a07 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null) 425 type=1327 audit(1653425529.927:53): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2E 426 427This record indicates a new policy has been loaded into the kernel with the policy name, policy version and policy hash. 428 429This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 430 431Field descriptions: 432 433+----------------+------------+-----------+---------------------------------------------------+ 434| Field | Value Type | Optional? | Description of Value | 435+================+============+===========+===================================================+ 436| policy_name | string | No | The policy_name | 437+----------------+------------+-----------+---------------------------------------------------+ 438| policy_version | string | No | The policy_version | 439+----------------+------------+-----------+---------------------------------------------------+ 440| policy_digest | string | No | The policy hash | 441+----------------+------------+-----------+---------------------------------------------------+ 442| auid | integer | No | The login user ID | 443+----------------+------------+-----------+---------------------------------------------------+ 444| ses | integer | No | The login session ID | 445+----------------+------------+-----------+---------------------------------------------------+ 446| lsm | string | No | The lsm name associated with the event | 447+----------------+------------+-----------+---------------------------------------------------+ 448| res | integer | No | The result of the audited operation(success/fail) | 449+----------------+------------+-----------+---------------------------------------------------+ 450 451 4521404 AUDIT_MAC_STATUS 453^^^^^^^^^^^^^^^^^^^^^ 454 455Event Examples:: 456 457 type=1404 audit(1653425689.008:55): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 458 type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=) 459 type=1327 audit(1653425689.008:55): proctitle="-bash" 460 461 type=1404 audit(1653425689.008:55): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 462 type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=) 463 type=1327 audit(1653425689.008:55): proctitle="-bash" 464 465This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall. 466 467Field descriptions: 468 469+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 470| Field | Value Type | Optional? | Description of Value | 471+===============+============+===========+=================================================================================================+ 472| enforcing | integer | No | The enforcing state IPE is being switched to, 1 is in enforcing mode, 0 is in permissive mode | 473+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 474| old_enforcing | integer | No | The enforcing state IPE is being switched from, 1 is in enforcing mode, 0 is in permissive mode | 475+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 476| auid | integer | No | The login user ID | 477+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 478| ses | integer | No | The login session ID | 479+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 480| enabled | integer | No | The new TTY audit enabled setting | 481+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 482| old-enabled | integer | No | The old TTY audit enabled setting | 483+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 484| lsm | string | No | The lsm name associated with the event | 485+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 486| res | integer | No | The result of the audited operation(success/fail) | 487+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+ 488 489 490Success Auditing 491^^^^^^^^^^^^^^^^ 492 493IPE supports success auditing. When enabled, all events that pass IPE 494policy and are not blocked will emit an audit event. This is disabled by 495default, and can be enabled via the kernel command line 496``ipe.success_audit=(0|1)`` or 497``/sys/kernel/security/ipe/success_audit`` securityfs file. 498 499This is *very* noisy, as IPE will check every userspace binary on the 500system, but is useful for debugging policies. 501 502.. NOTE:: 503 504 If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera), 505 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``. 506 507Properties 508---------- 509 510As explained above, IPE properties are ``key=value`` pairs expressed in IPE 511policy. Two properties are built-into the policy parser: 'op' and 'action'. 512The other properties are used to restrict immutable security properties 513about the files being evaluated. Currently those properties are: 514'``boot_verified``', '``dmverity_signature``', '``dmverity_roothash``', 515'``fsverity_signature``', '``fsverity_digest``'. A description of all 516properties supported by IPE are listed below: 517 518op 519~~ 520 521Indicates the operation for a rule to apply to. Must be in every rule, 522as the first token. IPE supports the following operations: 523 524 ``EXECUTE`` 525 526 Pertains to any file attempting to be executed, or loaded as an 527 executable. 528 529 ``FIRMWARE``: 530 531 Pertains to firmware being loaded via the firmware_class interface. 532 This covers both the preallocated buffer and the firmware file 533 itself. 534 535 ``KMODULE``: 536 537 Pertains to loading kernel modules via ``modprobe`` or ``insmod``. 538 539 ``KEXEC_IMAGE``: 540 541 Pertains to kernel images loading via ``kexec``. 542 543 ``KEXEC_INITRAMFS`` 544 545 Pertains to initrd images loading via ``kexec --initrd``. 546 547 ``POLICY``: 548 549 Controls loading policies via reading a kernel-space initiated read. 550 551 An example of such is loading IMA policies by writing the path 552 to the policy file to ``$securityfs/ima/policy`` 553 554 ``X509_CERT``: 555 556 Controls loading IMA certificates through the Kconfigs, 557 ``CONFIG_IMA_X509_PATH`` and ``CONFIG_EVM_X509_PATH``. 558 559action 560~~~~~~ 561 562 Determines what IPE should do when a rule matches. Must be in every 563 rule, as the final clause. Can be one of: 564 565 ``ALLOW``: 566 567 If the rule matches, explicitly allow access to the resource to proceed 568 without executing any more rules. 569 570 ``DENY``: 571 572 If the rule matches, explicitly prohibit access to the resource to 573 proceed without executing any more rules. 574 575boot_verified 576~~~~~~~~~~~~~ 577 578 This property can be utilized for authorization of files from initramfs. 579 The format of this property is:: 580 581 boot_verified=(TRUE|FALSE) 582 583 584 .. WARNING:: 585 586 This property will trust files from initramfs(rootfs). It should 587 only be used during early booting stage. Before mounting the real 588 rootfs on top of the initramfs, initramfs script will recursively 589 remove all files and directories on the initramfs. This is typically 590 implemented by using switch_root(8) [#switch_root]_. Therefore the 591 initramfs will be empty and not accessible after the real 592 rootfs takes over. It is advised to switch to a different policy 593 that doesn't rely on the property after this point. 594 This ensures that the trust policies remain relevant and effective 595 throughout the system's operation. 596 597dmverity_roothash 598~~~~~~~~~~~~~~~~~ 599 600 This property can be utilized for authorization or revocation of 601 specific dm-verity volumes, identified via their root hashes. It has a 602 dependency on the DM_VERITY module. This property is controlled by 603 the ``IPE_PROP_DM_VERITY`` config option, it will be automatically 604 selected when ``SECURITY_IPE`` and ``DM_VERITY`` are all enabled. 605 The format of this property is:: 606 607 dmverity_roothash=DigestName:HexadecimalString 608 609 The supported DigestNames for dmverity_roothash are [#dmveritydigests]_ 610 611 + blake2b-512 612 + blake2s-256 613 + sha256 614 + sha384 615 + sha512 616 + sha3-224 617 + sha3-256 618 + sha3-384 619 + sha3-512 620 + sm3 621 + rmd160 622 623dmverity_signature 624~~~~~~~~~~~~~~~~~~ 625 626 This property can be utilized for authorization of all dm-verity 627 volumes that have a signed roothash that validated by a keyring 628 specified by dm-verity's configuration, either the system trusted 629 keyring, or the secondary keyring. It depends on 630 ``DM_VERITY_VERIFY_ROOTHASH_SIG`` config option and is controlled by 631 the ``IPE_PROP_DM_VERITY_SIGNATURE`` config option, it will be automatically 632 selected when ``SECURITY_IPE``, ``DM_VERITY`` and 633 ``DM_VERITY_VERIFY_ROOTHASH_SIG`` are all enabled. 634 The format of this property is:: 635 636 dmverity_signature=(TRUE|FALSE) 637 638fsverity_digest 639~~~~~~~~~~~~~~~ 640 641 This property can be utilized for authorization of specific fsverity 642 enabled files, identified via their fsverity digests. 643 It depends on ``FS_VERITY`` config option and is controlled by 644 the ``IPE_PROP_FS_VERITY`` config option, it will be automatically 645 selected when ``SECURITY_IPE`` and ``FS_VERITY`` are all enabled. 646 The format of this property is:: 647 648 fsverity_digest=DigestName:HexadecimalString 649 650 The supported DigestNames for fsverity_digest are [#fsveritydigest]_ 651 652 + sha256 653 + sha512 654 655fsverity_signature 656~~~~~~~~~~~~~~~~~~ 657 658 This property is used to authorize all fs-verity enabled files that have 659 been verified by fs-verity's built-in signature mechanism. The signature 660 verification relies on a key stored within the ".fs-verity" keyring. It 661 depends on ``FS_VERITY_BUILTIN_SIGNATURES`` config option and 662 it is controlled by the ``IPE_PROP_FS_VERITY`` config option, 663 it will be automatically selected when ``SECURITY_IPE``, ``FS_VERITY`` 664 and ``FS_VERITY_BUILTIN_SIGNATURES`` are all enabled. 665 The format of this property is:: 666 667 fsverity_signature=(TRUE|FALSE) 668 669Policy Examples 670--------------- 671 672Allow all 673~~~~~~~~~ 674 675:: 676 677 policy_name=Allow_All policy_version=0.0.0 678 DEFAULT action=ALLOW 679 680Allow only initramfs 681~~~~~~~~~~~~~~~~~~~~ 682 683:: 684 685 policy_name=Allow_Initramfs policy_version=0.0.0 686 DEFAULT action=DENY 687 688 op=EXECUTE boot_verified=TRUE action=ALLOW 689 690Allow any signed and validated dm-verity volume and the initramfs 691~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 692 693:: 694 695 policy_name=Allow_Signed_DMV_And_Initramfs policy_version=0.0.0 696 DEFAULT action=DENY 697 698 op=EXECUTE boot_verified=TRUE action=ALLOW 699 op=EXECUTE dmverity_signature=TRUE action=ALLOW 700 701Prohibit execution from a specific dm-verity volume 702~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 703 704:: 705 706 policy_name=Deny_DMV_By_Roothash policy_version=0.0.0 707 DEFAULT action=DENY 708 709 op=EXECUTE dmverity_roothash=sha256:cd2c5bae7c6c579edaae4353049d58eb5f2e8be0244bf05345bc8e5ed257baff action=DENY 710 711 op=EXECUTE boot_verified=TRUE action=ALLOW 712 op=EXECUTE dmverity_signature=TRUE action=ALLOW 713 714Allow only a specific dm-verity volume 715~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 716 717:: 718 719 policy_name=Allow_DMV_By_Roothash policy_version=0.0.0 720 DEFAULT action=DENY 721 722 op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW 723 724Allow any fs-verity file with a valid built-in signature 725~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 726 727:: 728 729 policy_name=Allow_Signed_And_Validated_FSVerity policy_version=0.0.0 730 DEFAULT action=DENY 731 732 op=EXECUTE fsverity_signature=TRUE action=ALLOW 733 734Allow execution of a specific fs-verity file 735~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 736 737:: 738 739 policy_name=ALLOW_FSV_By_Digest policy_version=0.0.0 740 DEFAULT action=DENY 741 742 op=EXECUTE fsverity_digest=sha256:fd88f2b8824e197f850bf4c5109bea5cf0ee38104f710843bb72da796ba5af9e action=ALLOW 743 744Additional Information 745---------------------- 746 747- `Github Repository <https://github.com/microsoft/ipe>`_ 748- :doc:`Developer and design docs for IPE </security/ipe>` 749 750FAQ 751--- 752 753Q: 754 What's the difference between other LSMs which provide a measure of 755 trust-based access control? 756 757A: 758 759 In general, there's two other LSMs that can provide similar functionality: 760 IMA, and Loadpin. 761 762 IMA and IPE are functionally very similar. The significant difference between 763 the two is the policy. [#devdoc]_ 764 765 Loadpin and IPE differ fairly dramatically, as Loadpin only covers the IPE's 766 kernel read operations, whereas IPE is capable of controlling execution 767 on top of kernel read. The trust model is also different; Loadpin roots its 768 trust in the initial super-block, whereas trust in IPE is stemmed from kernel 769 itself (via ``SYSTEM_TRUSTED_KEYS``). 770 771----------- 772 773.. [#digest_cache_lsm] https://lore.kernel.org/lkml/20240415142436.2545003-1-roberto.sassu@huaweicloud.com/ 774 775.. [#interpreters] There is `some interest in solving this issue <https://lore.kernel.org/lkml/20220321161557.495388-1-mic@digikod.net/>`_. 776 777.. [#devdoc] Please see :doc:`the design docs </security/ipe>` for more on 778 this topic. 779 780.. [#switch_root] https://man7.org/linux/man-pages/man8/switch_root.8.html 781 782.. [#dmveritydigests] These hash algorithms are based on values accepted by 783 the Linux crypto API; IPE does not impose any 784 restrictions on the digest algorithm itself; 785 thus, this list may be out of date. 786 787.. [#fsveritydigest] These hash algorithms are based on values accepted by the 788 kernel's fsverity support; IPE does not impose any 789 restrictions on the digest algorithm itself; 790 thus, this list may be out of date. 791