Chapter 8. Enhancing security with the kernel integrity subsystem
8.1. The kernel integrity subsystem
The integrity subsystem is a part of the kernel which is responsible for maintaining the system’s data integrity. This subsystem helps to keep the system in its initial state by preventing users from making undesired modification to specific system files.
The kernel integrity subsystem consists of two major components:
- Integrity Measurement Architecture (IMA)
- Measures files' content whenever it is executed or opened. Users can change this behavior by applying custom policies.
- Places the measured values within the kernel’s memory space, thereby it prevents any modification by the users of the system.
- Allows local and remote parties to verify the measured values.
- Extended Verification Module (EVM)
- Protects files' extended attributes (also known as xattr) that are related to the system’s security, like IMA measurements and SELinux attributes, by cryptographically hashing their corresponding values.
Both IMA and EVM also contain numerous feature extensions that bring additional functionality. For example:
- IMA-Appraisal
- Locally validates the current file’s content against the values previously stored in the measurement file within the kernel memory. This extension forbids any operation to be performed over a specific file in case the current measurement does not match the previous measurement.
- EVM Digital Signatures
-
Allows the use of digital signatures through cryptographic keys stored into the kernel’s keyring. EVM Digital Signatures ensures the origin and integrity of xattr values of those files which have the content hash (
security.ima
) included.
-
Allows the use of digital signatures through cryptographic keys stored into the kernel’s keyring. EVM Digital Signatures ensures the origin and integrity of xattr values of those files which have the content hash (
The feature extensions complement each other, but you can configure and use them independently of one another.
The kernel integrity subsystem can use the Trusted Platform Module (TPM) to further harden system security. TPM is a specification by the Trusted Computing Group (TCG) for important cryptographic functions. TPM is usually implemented as dedicated hardware that is attached to the platform’s motherboard and prevents software-based attacks by providing cryptographic functions from a protected and tamper-proof area of the hardware chip. Some of TPM features are:
- Random-number generator
- Generator and secure storage for cryptographic keys
- Hashing generator
- Remote attestation
8.2. Integrity measurement architecture
Integrity Measurement Architecture (IMA) is a component of the kernel integrity subsystem. IMA aims to maintain the contents of local files by measuring, storing, and appraising files' hashes before they are accessed. This prevents the reading and execution of unreliable data and enhances system security.
8.3. Extended verification module
Extended Verification Module (EVM) is a component of the kernel integrity subsystem that monitors changes in files' extended attributes (xattr). Many security-oriented technologies, including Integrity Measurement Architecture (IMA), store sensitive file information, such as content hashes, in extended attributes. EVM creates another hash from these extended attributes and from a special key, which is loaded at boot time. The resulting hash is validated every time the extended attribute is used. For example, when IMA appraises the file.
8.4. Trusted and encrypted keys
Trusted and encrypted keys are variable-length symmetric keys generated by the kernel that are used by the kernel keyring service. This type of keys never appears in the user space in an unencrypted form, which means that their integrity can be verified. They can therefore be used, for example, by the extended verification module (EVM) to verify and confirm the integrity of a running system. User-level programs can only access the keys in the form of encrypted blobs.
Trusted keys need a hardware component: the Trusted Platform Module (TPM) chip, which is used to both create and encrypt (seal) the keys. The TPM seals the keys using a 2048-bit RSA key called the storage root key (SRK).
For more information about trusted and encrypted keys see the Trusted and Encrypted Keys section of RHEL 7 Security Guide.
8.5. Enabling integrity measurement architecture and extended verification module
Integrity measurement architecture (IMA) and extended verification module (EVM) are components of the kernel integrity subsystem that enhance system security in various ways. Configuring IMA and EVM enables you to sign files and thereby to enhance system security.
Prerequisites
-
The
ima-evm-utils
, andkeyutils
packages are installed on your system. -
The
securityfs
filesystem is mounted on the/sys/kernel/security/
directory. The
/sys/kernel/security/ima/
directory exists.# mount … securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) …
Procedure
Prepare your system to enable IMA and EVM:
Add the following kernel command line parameters:
# grubby --update-kernel=/boot/vmlinuz-$(uname -r) --args="ima_appraise=fix ima_appraise_tcb evm=fix"
The command enables IMA and EVM in the fix mode for the current boot entry and allows users to gather and update IMA measurements.
The
ima_appraise_tcb
kernel command line parameter ensures that the kernel uses the default Trusted Computing Base (TCB) measurement policy and the appraisal step. The appraisal step forbids access to files whose prior and current measurements do not match.- Reboot for the changes to take effect.
Optionally, verify that the kernel command line includes the new parameters:
# cat /proc/cmdline BOOT_IMAGE=/vmlinuz-3.10.0-1136.el7.x86_64 root=/dev/mapper/rhel-root ro crashkernel=auto spectre_v2=retpoline rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet LANG=en_US.UTF-8 ima_appraise=fix ima_appraise_tcb evm=fix
Create and set a public and private keypair for EVM:
Create a new keyring for EVM:
# evm_kr_id=$(keyctl newring _evm @u)
The command creates the
_evm
keyring and attaches it to the@u
system user keyring. Then, the keyring ID of_evm
is assigned to theevm_kr_id
variable for more convenient handling in the future.Optionally, view the newly created keyring:
# keyctl show Session Keyring 1025767139 --alswrv 0 0 keyring: _ses 548660789 --alswrv 0 65534 \_ keyring: _uid.0 456142548 --alswrv 0 0 \_ keyring: _evm
Create a directory for keys:
# mkdir -p /etc/keys/
Generate a 1024-bit RSA private key into the
/etc/keys/privkey.pem
file:# openssl genrsa -out /etc/keys/privkey.pem 1024 Generating RSA private key, 1024 bit long modulus .......++++++ ...++++++ e is 65537 (0x10001)
Use the previously created
/etc/keys/privkey.pem
private key to derive a corresponding RSA public key into the/etc/keys/pubkey.pem
file:# openssl rsa -pubout -in /etc/keys/privkey.pem -out /etc/keys/pubkey.pem writing RSA key
Import the public key into the dedicated EVM keyring:
# evmctl import --rsa /etc/keys/pubkey.pem $evm_kr_id 1054989579
The command imports the
/etc/keys/pubkey.pem
public key into the_evm
keyring. The_evm
keyring is then attached to the kernel keyring. The key serial number is on the second line of the previous example.Optionally, view the newly imported key:
# keyctl show Session Keyring 1025767139 --alswrv 0 0 keyring: _ses 548660789 --alswrv 0 65534 \_ keyring: _uid.0 456142548 --alswrv 0 0 \_ keyring: _evm 1054989579 --alswrv 0 0 \_ user: FA0EF80BF06F80AC
NoteThis asymmetric key pair can be used to digitally sign the contents of an extended attribute of a file using the
evmctl sign
command. The extended attribute is later verified by the kernel.Create a kernel master key to protect the EVM key:
# dd if=/dev/urandom bs=1 count=32 2>/dev/null | keyctl padd user kmk-user @u
The kernel master key (
kmk
) is kept entirely in the kernel space memory. The 32-byte long value of the kernel master keykmk
is generated from random bytes from the/dev/urandom
file and placed in the user (@u
) keyring.
Create an encrypted EVM key based on the
kmk
key:# keyctl add encrypted evm-key "new user:kmk 64" @u 351426499
The command uses
kmk
to generate and encrypt a 64-byte user key (namedevm-key
) and places it in the user (@u
) keyring. The key serial number is on the second line of the previous example.ImportantIt is necessary to name the user key evm-key because that is the name the EVM subsystem expects and works with.
Activate EVM:
# echo 1 > /sys/kernel/security/evm
Verify that EVM has been initialized:
dmesg | tail -1 […] EVM: initialized
8.6. Collecting file hashes with integrity measurement architecture
The first level of operation of integrity measurement architecture (IMA) is the measurement phase, which allows to create file hashes and store them as extended attributes (xattrs) of those files. The following section describes how to create and inspect the files' hashes.
Prerequisites
-
The
ima-evm-utils
,attr
, andkeyutils
packages are installed on your system. - Integrity measurement architecture (IMA) and extended verification module (EVM) are enabled as described in Section 8.5, “Enabling integrity measurement architecture and extended verification module”.
Procedure
Create a test file:
# echo <Test_text> > test_file
Sign the file with the private key:
# evmctl sign --imahash --key /etc/keys/privkey.pem test_file
By creating a hash of the
test_file
file, IMA verifies that the file remains is uncorrupted. EVM ensures that the IMA hash is genuine by signing the hash content that is stored in the extended attribute oftest_file
.Optionally, check the extended attributes of the signed file:
# getfattr -m . -d test_file file: test_file security.evm=0sAwICztVdCQCAZLtD7qAezGl8nGLgqFZzMzQp7Fm1svUet2Hy7TyI2vtT9/9ZfBTKMK6Mjoyk0VX+DciS85XOCYX6WnV1LF2P/pmPRfputSEq9fVD4SWfKKj2rI7qwpndC1UqRX1BbN3aRUYeoKQdPdl6Cz+cX4d7vS56FJkFhPGlhq/UQbBnd80= security.ima=0sAfgqQ5/05X4w/ltZEfbogdI9+KM5 security.selinux="unconfined_u:object_r:admin_home_t:s0"
This example output shows extended attributes related to SELinux and the IMA and EVM hash values. EVM actively adds a
security.evm
extended attribute and detects any offline tampering to xattrs of other files such assecurity.ima
that are directly related to file content integrity. The value of thesecurity.evm
field is in Hash-based Message Authentication Code (HMAC-SHA1), which was generated with the private key.
Additional resources
- For details about the kernel integrity subsystem, see the official upstream wiki page.
- For further information about TPM, see the Trusted Computing Group resources.
- For more information about creating encrypted keys, see the Trusted and Encrypted Keys section of RHEL 7 Security Guide.