xref: /linux/Documentation/admin-guide/LSM/ipe.rst (revision c7546e2c3cb739a3c1a2f5acaf9bb629d401afe5)
1.. SPDX-License-Identifier: GPL-2.0
2
3Integrity Policy Enforcement (IPE)
4==================================
5
6.. NOTE::
7
8   This is the documentation for admins, system builders, or individuals
9   attempting to use IPE. If you're looking for more developer-focused
10   documentation about IPE please see :doc:`the design docs </security/ipe>`.
11
12Overview
13--------
14
15Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a
16complementary approach to access control. Unlike traditional access control
17mechanisms that rely on labels and paths for decision-making, IPE focuses
18on the immutable security properties inherent to system components. These
19properties are fundamental attributes or features of a system component
20that cannot be altered, ensuring a consistent and reliable basis for
21security decisions.
22
23To elaborate, in the context of IPE, system components primarily refer to
24files or the devices these files reside on. However, this is just a
25starting point. The concept of system components is flexible and can be
26extended to include new elements as the system evolves. The immutable
27properties include the origin of a file, which remains constant and
28unchangeable over time. For example, IPE policies can be crafted to trust
29files originating from the initramfs. Since initramfs is typically verified
30by the bootloader, its files are deemed trustworthy; "file is from
31initramfs" becomes an immutable property under IPE's consideration.
32
33The immutable property concept extends to the security features enabled on
34a file's origin, such as dm-verity or fs-verity, which provide a layer of
35integrity and trust. For example, IPE allows the definition of policies
36that trust files from a dm-verity protected device. dm-verity ensures the
37integrity of an entire device by providing a verifiable and immutable state
38of its contents. Similarly, fs-verity offers filesystem-level integrity
39checks, allowing IPE to enforce policies that trust files protected by
40fs-verity. These two features cannot be turned off once established, so
41they are considered immutable properties. These examples demonstrate how
42IPE leverages immutable properties, such as a file's origin and its
43integrity protection mechanisms, to make access control decisions.
44
45For the IPE policy, specifically, it grants the ability to enforce
46stringent access controls by assessing security properties against
47reference values defined within the policy. This assessment can be based on
48the existence of a security property (e.g., verifying if a file originates
49from initramfs) or evaluating the internal state of an immutable security
50property. The latter includes checking the roothash of a dm-verity
51protected device, determining whether dm-verity possesses a valid
52signature, assessing the digest of a fs-verity protected file, or
53determining whether fs-verity possesses a valid built-in signature. This
54nuanced approach to policy enforcement enables a highly secure and
55customizable system defense mechanism, tailored to specific security
56requirements and trust models.
57
58To enable IPE, ensure that ``CONFIG_SECURITY_IPE`` (under
59:menuselection:`Security -> Integrity Policy Enforcement (IPE)`) config
60option is enabled.
61
62Use Cases
63---------
64
65IPE works best in fixed-function devices: devices in which their purpose
66is clearly defined and not supposed to be changed (e.g. network firewall
67device in a data center, an IoT device, etcetera), where all software and
68configuration is built and provisioned by the system owner.
69
70IPE is a long-way off for use in general-purpose computing: the Linux
71community as a whole tends to follow a decentralized trust model (known as
72the web of trust), which IPE has no support for it yet. Instead, IPE
73supports PKI (public key infrastructure), which generally designates a
74set of trusted entities that provide a measure of absolute trust.
75
76Additionally, while most packages are signed today, the files inside
77the packages (for instance, the executables), tend to be unsigned. This
78makes it difficult to utilize IPE in systems where a package manager is
79expected to be functional, without major changes to the package manager
80and ecosystem behind it.
81
82The digest_cache LSM [#digest_cache_lsm]_ is a system that when combined with IPE,
83could be used to enable and support general-purpose computing use cases.
84
85Known Limitations
86-----------------
87
88IPE cannot verify the integrity of anonymous executable memory, such as
89the trampolines created by gcc closures and libffi (<3.4.2), or JIT'd code.
90Unfortunately, as this is dynamically generated code, there is no way
91for IPE to ensure the integrity of this code to form a trust basis.
92
93IPE cannot verify the integrity of programs written in interpreted
94languages when these scripts are invoked by passing these program files
95to the interpreter. This is because the way interpreters execute these
96files; the scripts themselves are not evaluated as executable code
97through one of IPE's hooks, but they are merely text files that are read
98(as opposed to compiled executables) [#interpreters]_.
99
100Threat Model
101------------
102
103IPE specifically targets the risk of tampering with user-space executable
104code after the kernel has initially booted, including the kernel modules
105loaded from userspace via ``modprobe`` or ``insmod``.
106
107To illustrate, consider a scenario where an untrusted binary, possibly
108malicious, is downloaded along with all necessary dependencies, including a
109loader and libc. The primary function of IPE in this context is to prevent
110the execution of such binaries and their dependencies.
111
112IPE achieves this by verifying the integrity and authenticity of all
113executable code before allowing them to run. It conducts a thorough
114check to ensure that the code's integrity is intact and that they match an
115authorized reference value (digest, signature, etc) as per the defined
116policy. If a binary does not pass this verification process, either
117because its integrity has been compromised or it does not meet the
118authorization criteria, IPE will deny its execution. Additionally, IPE
119generates audit logs which may be utilized to detect and analyze failures
120resulting from policy violation.
121
122Tampering threat scenarios include modification or replacement of
123executable code by a range of actors including:
124
125-  Actors with physical access to the hardware
126-  Actors with local network access to the system
127-  Actors with access to the deployment system
128-  Compromised internal systems under external control
129-  Malicious end users of the system
130-  Compromised end users of the system
131-  Remote (external) compromise of the system
132
133IPE does not mitigate threats arising from malicious but authorized
134developers (with access to a signing certificate), or compromised
135developer tools used by them (i.e. return-oriented programming attacks).
136Additionally, IPE draws hard security boundary between userspace and
137kernelspace. As a result, kernel-level exploits are considered outside
138the scope of IPE and mitigation is left to other mechanisms.
139
140Policy
141------
142
143IPE policy is a plain-text [#devdoc]_ policy composed of multiple statements
144over several lines. There is one required line, at the top of the
145policy, indicating the policy name, and the policy version, for
146instance::
147
148   policy_name=Ex_Policy policy_version=0.0.0
149
150The policy name is a unique key identifying this policy in a human
151readable name. This is used to create nodes under securityfs as well as
152uniquely identify policies to deploy new policies vs update existing
153policies.
154
155The policy version indicates the current version of the policy (NOT the
156policy syntax version). This is used to prevent rollback of policy to
157potentially insecure previous versions of the policy.
158
159The next portion of IPE policy are rules. Rules are formed by key=value
160pairs, known as properties. IPE rules require two properties: ``action``,
161which determines what IPE does when it encounters a match against the
162rule, and ``op``, which determines when the rule should be evaluated.
163The ordering is significant, a rule must start with ``op``, and end with
164``action``. Thus, a minimal rule is::
165
166   op=EXECUTE action=ALLOW
167
168This example will allow any execution. Additional properties are used to
169assess immutable security properties about the files being evaluated.
170These properties are intended to be descriptions of systems within the
171kernel that can provide a measure of integrity verification, such that IPE
172can determine the trust of the resource based on the value of the property.
173
174Rules are evaluated top-to-bottom. As a result, any revocation rules,
175or denies should be placed early in the file to ensure that these rules
176are evaluated before a rule with ``action=ALLOW``.
177
178IPE policy supports comments. The character '#' will function as a
179comment, ignoring all characters to the right of '#' until the newline.
180
181The default behavior of IPE evaluations can also be expressed in policy,
182through the ``DEFAULT`` statement. This can be done at a global level,
183or a per-operation level::
184
185   # Global
186   DEFAULT action=ALLOW
187
188   # Operation Specific
189   DEFAULT op=EXECUTE action=ALLOW
190
191A default must be set for all known operations in IPE. If you want to
192preserve older policies being compatible with newer kernels that can introduce
193new operations, set a global default of ``ALLOW``, then override the
194defaults on a per-operation basis (as above).
195
196With configurable policy-based LSMs, there's several issues with
197enforcing the configurable policies at startup, around reading and
198parsing the policy:
199
2001. The kernel *should* not read files from userspace, so directly reading
201   the policy file is prohibited.
2022. The kernel command line has a character limit, and one kernel module
203   should not reserve the entire character limit for its own
204   configuration.
2053. There are various boot loaders in the kernel ecosystem, so handing
206   off a memory block would be costly to maintain.
207
208As a result, IPE has addressed this problem through a concept of a "boot
209policy". A boot policy is a minimal policy which is compiled into the
210kernel. This policy is intended to get the system to a state where
211userspace is set up and ready to receive commands, at which point a more
212complex policy can be deployed via securityfs. The boot policy can be
213specified via ``SECURITY_IPE_BOOT_POLICY`` config option, which accepts
214a path to a plain-text version of the IPE policy to apply. This policy
215will be compiled into the kernel. If not specified, IPE will be disabled
216until a policy is deployed and activated through securityfs.
217
218Deploying Policies
219~~~~~~~~~~~~~~~~~~
220
221Policies can be deployed from userspace through securityfs. These policies
222are signed through the PKCS#7 message format to enforce some level of
223authorization of the policies (prohibiting an attacker from gaining
224unconstrained root, and deploying an "allow all" policy). These
225policies must be signed by a certificate that chains to the
226``SYSTEM_TRUSTED_KEYRING``. With openssl, the policy can be signed by::
227
228   openssl smime -sign \
229      -in "$MY_POLICY" \
230      -signer "$MY_CERTIFICATE" \
231      -inkey "$MY_PRIVATE_KEY" \
232      -noattr \
233      -nodetach \
234      -nosmimecap \
235      -outform der \
236      -out "$MY_POLICY.p7b"
237
238Deploying the policies is done through securityfs, through the
239``new_policy`` node. To deploy a policy, simply cat the file into the
240securityfs node::
241
242   cat "$MY_POLICY.p7b" > /sys/kernel/security/ipe/new_policy
243
244Upon success, this will create one subdirectory under
245``/sys/kernel/security/ipe/policies/``. The subdirectory will be the
246``policy_name`` field of the policy deployed, so for the example above,
247the directory will be ``/sys/kernel/security/ipe/policies/Ex_Policy``.
248Within this directory, there will be seven files: ``pkcs7``, ``policy``,
249``name``, ``version``, ``active``, ``update``, and ``delete``.
250
251The ``pkcs7`` file is read-only. Reading it returns the raw PKCS#7 data
252that was provided to the kernel, representing the policy. If the policy being
253read is the boot policy, this will return ``ENOENT``, as it is not signed.
254
255The ``policy`` file is read only. Reading it returns the PKCS#7 inner
256content of the policy, which will be the plain text policy.
257
258The ``active`` file is used to set a policy as the currently active policy.
259This file is rw, and accepts a value of ``"1"`` to set the policy as active.
260Since only a single policy can be active at one time, all other policies
261will be marked inactive. The policy being marked active must have a policy
262version greater or equal to the currently-running version.
263
264The ``update`` file is used to update a policy that is already present
265in the kernel. This file is write-only and accepts a PKCS#7 signed
266policy. Two checks will always be performed on this policy: First, the
267``policy_names`` must match with the updated version and the existing
268version. Second the updated policy must have a policy version greater than
269or equal to the currently-running version. This is to prevent rollback attacks.
270
271The ``delete`` file is used to remove a policy that is no longer needed.
272This file is write-only and accepts a value of ``1`` to delete the policy.
273On deletion, the securityfs node representing the policy will be removed.
274However, delete the current active policy is not allowed and will return
275an operation not permitted error.
276
277Similarly, writing to both ``update`` and ``new_policy`` could result in
278bad message(policy syntax error) or file exists error. The latter error happens
279when trying to deploy a policy with a ``policy_name`` while the kernel already
280has a deployed policy with the same ``policy_name``.
281
282Deploying a policy will *not* cause IPE to start enforcing the policy. IPE will
283only enforce the policy marked active. Note that only one policy can be active
284at a time.
285
286Once deployment is successful, the policy can be activated, by writing file
287``/sys/kernel/security/ipe/policies/$policy_name/active``.
288For example, the ``Ex_Policy`` can be activated by::
289
290   echo 1 > "/sys/kernel/security/ipe/policies/Ex_Policy/active"
291
292From above point on, ``Ex_Policy`` is now the enforced policy on the
293system.
294
295IPE also provides a way to delete policies. This can be done via the
296``delete`` securityfs node,
297``/sys/kernel/security/ipe/policies/$policy_name/delete``.
298Writing ``1`` to that file deletes the policy::
299
300   echo 1 > "/sys/kernel/security/ipe/policies/$policy_name/delete"
301
302There is only one requirement to delete a policy: the policy being deleted
303must be inactive.
304
305.. NOTE::
306
307   If a traditional MAC system is enabled (SELinux, apparmor, smack), all
308   writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
309
310Modes
311~~~~~
312
313IPE supports two modes of operation: permissive (similar to SELinux's
314permissive mode) and enforced. In permissive mode, all events are
315checked and policy violations are logged, but the policy is not really
316enforced. This allows users to test policies before enforcing them.
317
318The default mode is enforce, and can be changed via the kernel command
319line parameter ``ipe.enforce=(0|1)``, or the securityfs node
320``/sys/kernel/security/ipe/enforce``.
321
322.. NOTE::
323
324   If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera),
325   all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
326
327Audit Events
328~~~~~~~~~~~~
329
3301420 AUDIT_IPE_ACCESS
331^^^^^^^^^^^^^^^^^^^^^
332Event Examples::
333
334   type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-linux.so" path="/deny/lib/libc.so.6" dev="sda2" ino=14549020 rule="DEFAULT action=DENY"
335   type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a28000 a1=195000 a2=5 a3=812 items=0 ppid=2219 pid=2241 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null)
336   type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00
337
338   type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_test" path=? dev=? ino=? rule="DEFAULT action=DENY"
339   type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000 a2=4 a3=21 items=0 ppid=2219 pid=2472 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="mmap_test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null)
340   type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00
341
342This event indicates that IPE made an access control decision; the IPE
343specific record (1420) is always emitted in conjunction with a
344``AUDITSYSCALL`` record.
345
346Determining whether IPE is in permissive or enforced mode can be derived
347from ``success`` property and exit code of the ``AUDITSYSCALL`` record.
348
349
350Field descriptions:
351
352+-----------+------------+-----------+---------------------------------------------------------------------------------+
353| Field     | Value Type | Optional? | Description of Value                                                            |
354+===========+============+===========+=================================================================================+
355| ipe_op    | string     | No        | The IPE operation name associated with the log                                  |
356+-----------+------------+-----------+---------------------------------------------------------------------------------+
357| ipe_hook  | string     | No        | The name of the LSM hook that triggered the IPE event                           |
358+-----------+------------+-----------+---------------------------------------------------------------------------------+
359| enforcing | integer    | No        | The current IPE enforcing state 1 is in enforcing mode, 0 is in permissive mode |
360+-----------+------------+-----------+---------------------------------------------------------------------------------+
361| pid       | integer    | No        | The pid of the process that triggered the IPE event.                            |
362+-----------+------------+-----------+---------------------------------------------------------------------------------+
363| comm      | string     | No        | The command line program name of the process that triggered the IPE event       |
364+-----------+------------+-----------+---------------------------------------------------------------------------------+
365| path      | string     | Yes       | The absolute path to the evaluated file                                         |
366+-----------+------------+-----------+---------------------------------------------------------------------------------+
367| ino       | integer    | Yes       | The inode number of the evaluated file                                          |
368+-----------+------------+-----------+---------------------------------------------------------------------------------+
369| dev       | string     | Yes       | The device name of the evaluated file, e.g. vda                                 |
370+-----------+------------+-----------+---------------------------------------------------------------------------------+
371| rule      | string     | No        | The matched policy rule                                                         |
372+-----------+------------+-----------+---------------------------------------------------------------------------------+
373
3741421 AUDIT_IPE_CONFIG_CHANGE
375^^^^^^^^^^^^^^^^^^^^^^^^^^^^
376
377Event Example::
378
379   type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 old_policy_digest=sha256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 new_active_pol_name="boot_verified" new_active_pol_version=0.0.0 new_policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1
380   type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=5596fcae1fb0 a2=2 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null)
381   type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2
382
383This event indicates that IPE switched the active poliy from one to another
384along with the version and the hash digest of the two policies.
385Note IPE can only have one policy active at a time, all access decision
386evaluation is based on the current active policy.
387The normal procedure to deploy a new policy is loading the policy to deploy
388into the kernel first, then switch the active policy to it.
389
390This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
391
392Field descriptions:
393
394+------------------------+------------+-----------+---------------------------------------------------+
395| Field                  | Value Type | Optional? | Description of Value                              |
396+========================+============+===========+===================================================+
397| old_active_pol_name    | string     | Yes       | The name of previous active policy                |
398+------------------------+------------+-----------+---------------------------------------------------+
399| old_active_pol_version | string     | Yes       | The version of previous active policy             |
400+------------------------+------------+-----------+---------------------------------------------------+
401| old_policy_digest      | string     | Yes       | The hash of previous active policy                |
402+------------------------+------------+-----------+---------------------------------------------------+
403| new_active_pol_name    | string     | No        | The name of current active policy                 |
404+------------------------+------------+-----------+---------------------------------------------------+
405| new_active_pol_version | string     | No        | The version of current active policy              |
406+------------------------+------------+-----------+---------------------------------------------------+
407| new_policy_digest      | string     | No        | The hash of current active policy                 |
408+------------------------+------------+-----------+---------------------------------------------------+
409| auid                   | integer    | No        | The login user ID                                 |
410+------------------------+------------+-----------+---------------------------------------------------+
411| ses                    | integer    | No        | The login session ID                              |
412+------------------------+------------+-----------+---------------------------------------------------+
413| lsm                    | string     | No        | The lsm name associated with the event            |
414+------------------------+------------+-----------+---------------------------------------------------+
415| res                    | integer    | No        | The result of the audited operation(success/fail) |
416+------------------------+------------+-----------+---------------------------------------------------+
417
4181422 AUDIT_IPE_POLICY_LOAD
419^^^^^^^^^^^^^^^^^^^^^^^^^^
420
421Event Example::
422
423   type=1422 audit(1653425529.927:53): policy_name="boot_verified" policy_version=0.0.0 policy_digest=sha256:820EEA5B40CA42B51F68962354BA083122A20BB846F26765076DD8EED7B8F4DB auid=4294967295 ses=4294967295 lsm=ipe res=1
424   type=1300 audit(1653425529.927:53): arch=c000003e syscall=1 success=yes exit=2567 a0=3 a1=5596fcae1fb0 a2=a07 a3=2 items=0 ppid=184 pid=229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm="python3" exe="/usr/bin/python3.10" key=(null)
425   type=1327 audit(1653425529.927:53): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E7079002D66002E2E
426
427This record indicates a new policy has been loaded into the kernel with the policy name, policy version and policy hash.
428
429This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
430
431Field descriptions:
432
433+----------------+------------+-----------+---------------------------------------------------+
434| Field          | Value Type | Optional? | Description of Value                              |
435+================+============+===========+===================================================+
436| policy_name    | string     | No        | The policy_name                                   |
437+----------------+------------+-----------+---------------------------------------------------+
438| policy_version | string     | No        | The policy_version                                |
439+----------------+------------+-----------+---------------------------------------------------+
440| policy_digest  | string     | No        | The policy hash                                   |
441+----------------+------------+-----------+---------------------------------------------------+
442| auid           | integer    | No        | The login user ID                                 |
443+----------------+------------+-----------+---------------------------------------------------+
444| ses            | integer    | No        | The login session ID                              |
445+----------------+------------+-----------+---------------------------------------------------+
446| lsm            | string     | No        | The lsm name associated with the event            |
447+----------------+------------+-----------+---------------------------------------------------+
448| res            | integer    | No        | The result of the audited operation(success/fail) |
449+----------------+------------+-----------+---------------------------------------------------+
450
451
4521404 AUDIT_MAC_STATUS
453^^^^^^^^^^^^^^^^^^^^^
454
455Event Examples::
456
457   type=1404 audit(1653425689.008:55): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
458   type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=)
459   type=1327 audit(1653425689.008:55): proctitle="-bash"
460
461   type=1404 audit(1653425689.008:55): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
462   type=1300 audit(1653425689.008:55): arch=c000003e syscall=1 success=yes exit=2 a0=1 a1=55c1065e5c60 a2=2 a3=0 items=0 ppid=405 pid=441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=)
463   type=1327 audit(1653425689.008:55): proctitle="-bash"
464
465This record will always be emitted in conjunction with a ``AUDITSYSCALL`` record for the ``write`` syscall.
466
467Field descriptions:
468
469+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
470| Field         | Value Type | Optional? | Description of Value                                                                            |
471+===============+============+===========+=================================================================================================+
472| enforcing     | integer    | No        | The enforcing state IPE is being switched to, 1 is in enforcing mode, 0 is in permissive mode   |
473+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
474| old_enforcing | integer    | No        | The enforcing state IPE is being switched from, 1 is in enforcing mode, 0 is in permissive mode |
475+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
476| auid          | integer    | No        | The login user ID                                                                               |
477+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
478| ses           | integer    | No        | The login session ID                                                                            |
479+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
480| enabled       | integer    | No        | The new TTY audit enabled setting                                                               |
481+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
482| old-enabled   | integer    | No        | The old TTY audit enabled setting                                                               |
483+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
484| lsm           | string     | No        | The lsm name associated with the event                                                          |
485+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
486| res           | integer    | No        | The result of the audited operation(success/fail)                                               |
487+---------------+------------+-----------+-------------------------------------------------------------------------------------------------+
488
489
490Success Auditing
491^^^^^^^^^^^^^^^^
492
493IPE supports success auditing. When enabled, all events that pass IPE
494policy and are not blocked will emit an audit event. This is disabled by
495default, and can be enabled via the kernel command line
496``ipe.success_audit=(0|1)`` or
497``/sys/kernel/security/ipe/success_audit`` securityfs file.
498
499This is *very* noisy, as IPE will check every userspace binary on the
500system, but is useful for debugging policies.
501
502.. NOTE::
503
504   If a traditional MAC system is enabled (SELinux, apparmor, smack, etcetera),
505   all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
506
507Properties
508----------
509
510As explained above, IPE properties are ``key=value`` pairs expressed in IPE
511policy. Two properties are built-into the policy parser: 'op' and 'action'.
512The other properties are used to restrict immutable security properties
513about the files being evaluated. Currently those properties are:
514'``boot_verified``', '``dmverity_signature``', '``dmverity_roothash``',
515'``fsverity_signature``', '``fsverity_digest``'. A description of all
516properties supported by IPE are listed below:
517
518op
519~~
520
521Indicates the operation for a rule to apply to. Must be in every rule,
522as the first token. IPE supports the following operations:
523
524   ``EXECUTE``
525
526      Pertains to any file attempting to be executed, or loaded as an
527      executable.
528
529   ``FIRMWARE``:
530
531      Pertains to firmware being loaded via the firmware_class interface.
532      This covers both the preallocated buffer and the firmware file
533      itself.
534
535   ``KMODULE``:
536
537      Pertains to loading kernel modules via ``modprobe`` or ``insmod``.
538
539   ``KEXEC_IMAGE``:
540
541      Pertains to kernel images loading via ``kexec``.
542
543   ``KEXEC_INITRAMFS``
544
545      Pertains to initrd images loading via ``kexec --initrd``.
546
547   ``POLICY``:
548
549      Controls loading policies via reading a kernel-space initiated read.
550
551      An example of such is loading IMA policies by writing the path
552      to the policy file to ``$securityfs/ima/policy``
553
554   ``X509_CERT``:
555
556      Controls loading IMA certificates through the Kconfigs,
557      ``CONFIG_IMA_X509_PATH`` and ``CONFIG_EVM_X509_PATH``.
558
559action
560~~~~~~
561
562   Determines what IPE should do when a rule matches. Must be in every
563   rule, as the final clause. Can be one of:
564
565   ``ALLOW``:
566
567      If the rule matches, explicitly allow access to the resource to proceed
568      without executing any more rules.
569
570   ``DENY``:
571
572      If the rule matches, explicitly prohibit access to the resource to
573      proceed without executing any more rules.
574
575boot_verified
576~~~~~~~~~~~~~
577
578   This property can be utilized for authorization of files from initramfs.
579   The format of this property is::
580
581         boot_verified=(TRUE|FALSE)
582
583
584   .. WARNING::
585
586      This property will trust files from initramfs(rootfs). It should
587      only be used during early booting stage. Before mounting the real
588      rootfs on top of the initramfs, initramfs script will recursively
589      remove all files and directories on the initramfs. This is typically
590      implemented by using switch_root(8) [#switch_root]_. Therefore the
591      initramfs will be empty and not accessible after the real
592      rootfs takes over. It is advised to switch to a different policy
593      that doesn't rely on the property after this point.
594      This ensures that the trust policies remain relevant and effective
595      throughout the system's operation.
596
597dmverity_roothash
598~~~~~~~~~~~~~~~~~
599
600   This property can be utilized for authorization or revocation of
601   specific dm-verity volumes, identified via their root hashes. It has a
602   dependency on the DM_VERITY module. This property is controlled by
603   the ``IPE_PROP_DM_VERITY`` config option, it will be automatically
604   selected when ``SECURITY_IPE`` and ``DM_VERITY`` are all enabled.
605   The format of this property is::
606
607      dmverity_roothash=DigestName:HexadecimalString
608
609   The supported DigestNames for dmverity_roothash are [#dmveritydigests]_
610
611      + blake2b-512
612      + blake2s-256
613      + sha256
614      + sha384
615      + sha512
616      + sha3-224
617      + sha3-256
618      + sha3-384
619      + sha3-512
620      + sm3
621      + rmd160
622
623dmverity_signature
624~~~~~~~~~~~~~~~~~~
625
626   This property can be utilized for authorization of all dm-verity
627   volumes that have a signed roothash that validated by a keyring
628   specified by dm-verity's configuration, either the system trusted
629   keyring, or the secondary keyring. It depends on
630   ``DM_VERITY_VERIFY_ROOTHASH_SIG`` config option and is controlled by
631   the ``IPE_PROP_DM_VERITY_SIGNATURE`` config option, it will be automatically
632   selected when ``SECURITY_IPE``, ``DM_VERITY`` and
633   ``DM_VERITY_VERIFY_ROOTHASH_SIG`` are all enabled.
634   The format of this property is::
635
636      dmverity_signature=(TRUE|FALSE)
637
638fsverity_digest
639~~~~~~~~~~~~~~~
640
641   This property can be utilized for authorization of specific fsverity
642   enabled files, identified via their fsverity digests.
643   It depends on ``FS_VERITY`` config option and is controlled by
644   the ``IPE_PROP_FS_VERITY`` config option, it will be automatically
645   selected when ``SECURITY_IPE`` and ``FS_VERITY`` are all enabled.
646   The format of this property is::
647
648      fsverity_digest=DigestName:HexadecimalString
649
650   The supported DigestNames for fsverity_digest are [#fsveritydigest]_
651
652      + sha256
653      + sha512
654
655fsverity_signature
656~~~~~~~~~~~~~~~~~~
657
658   This property is used to authorize all fs-verity enabled files that have
659   been verified by fs-verity's built-in signature mechanism. The signature
660   verification relies on a key stored within the ".fs-verity" keyring. It
661   depends on ``FS_VERITY_BUILTIN_SIGNATURES`` config option and
662   it is controlled by the ``IPE_PROP_FS_VERITY`` config option,
663   it will be automatically selected when ``SECURITY_IPE``, ``FS_VERITY``
664   and ``FS_VERITY_BUILTIN_SIGNATURES`` are all enabled.
665   The format of this property is::
666
667      fsverity_signature=(TRUE|FALSE)
668
669Policy Examples
670---------------
671
672Allow all
673~~~~~~~~~
674
675::
676
677   policy_name=Allow_All policy_version=0.0.0
678   DEFAULT action=ALLOW
679
680Allow only initramfs
681~~~~~~~~~~~~~~~~~~~~
682
683::
684
685   policy_name=Allow_Initramfs policy_version=0.0.0
686   DEFAULT action=DENY
687
688   op=EXECUTE boot_verified=TRUE action=ALLOW
689
690Allow any signed and validated dm-verity volume and the initramfs
691~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
692
693::
694
695   policy_name=Allow_Signed_DMV_And_Initramfs policy_version=0.0.0
696   DEFAULT action=DENY
697
698   op=EXECUTE boot_verified=TRUE action=ALLOW
699   op=EXECUTE dmverity_signature=TRUE action=ALLOW
700
701Prohibit execution from a specific dm-verity volume
702~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
703
704::
705
706   policy_name=Deny_DMV_By_Roothash policy_version=0.0.0
707   DEFAULT action=DENY
708
709   op=EXECUTE dmverity_roothash=sha256:cd2c5bae7c6c579edaae4353049d58eb5f2e8be0244bf05345bc8e5ed257baff action=DENY
710
711   op=EXECUTE boot_verified=TRUE action=ALLOW
712   op=EXECUTE dmverity_signature=TRUE action=ALLOW
713
714Allow only a specific dm-verity volume
715~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
716
717::
718
719   policy_name=Allow_DMV_By_Roothash policy_version=0.0.0
720   DEFAULT action=DENY
721
722   op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
723
724Allow any fs-verity file with a valid built-in signature
725~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
726
727::
728
729   policy_name=Allow_Signed_And_Validated_FSVerity policy_version=0.0.0
730   DEFAULT action=DENY
731
732   op=EXECUTE fsverity_signature=TRUE action=ALLOW
733
734Allow execution of a specific fs-verity file
735~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
736
737::
738
739   policy_name=ALLOW_FSV_By_Digest policy_version=0.0.0
740   DEFAULT action=DENY
741
742   op=EXECUTE fsverity_digest=sha256:fd88f2b8824e197f850bf4c5109bea5cf0ee38104f710843bb72da796ba5af9e action=ALLOW
743
744Additional Information
745----------------------
746
747- `Github Repository <https://github.com/microsoft/ipe>`_
748- :doc:`Developer and design docs for IPE </security/ipe>`
749
750FAQ
751---
752
753Q:
754   What's the difference between other LSMs which provide a measure of
755   trust-based access control?
756
757A:
758
759   In general, there's two other LSMs that can provide similar functionality:
760   IMA, and Loadpin.
761
762   IMA and IPE are functionally very similar. The significant difference between
763   the two is the policy. [#devdoc]_
764
765   Loadpin and IPE differ fairly dramatically, as Loadpin only covers the IPE's
766   kernel read operations, whereas IPE is capable of controlling execution
767   on top of kernel read. The trust model is also different; Loadpin roots its
768   trust in the initial super-block, whereas trust in IPE is stemmed from kernel
769   itself (via ``SYSTEM_TRUSTED_KEYS``).
770
771-----------
772
773.. [#digest_cache_lsm] https://lore.kernel.org/lkml/20240415142436.2545003-1-roberto.sassu@huaweicloud.com/
774
775.. [#interpreters] There is `some interest in solving this issue <https://lore.kernel.org/lkml/20220321161557.495388-1-mic@digikod.net/>`_.
776
777.. [#devdoc] Please see :doc:`the design docs </security/ipe>` for more on
778             this topic.
779
780.. [#switch_root] https://man7.org/linux/man-pages/man8/switch_root.8.html
781
782.. [#dmveritydigests] These hash algorithms are based on values accepted by
783                      the Linux crypto API; IPE does not impose any
784                      restrictions on the digest algorithm itself;
785                      thus, this list may be out of date.
786
787.. [#fsveritydigest] These hash algorithms are based on values accepted by the
788                     kernel's fsverity support; IPE does not impose any
789                     restrictions on the digest algorithm itself;
790                     thus, this list may be out of date.
791