IMA is now compiled in by most distros. See the build flag CONFIG_IMA. Known distros are:
- Fedora
- CentOS
- RHEL
- Ubuntu
- Debian
- Alpine
- OpenSuse
- AltLinux
- Gentoo
Configuration takes three forms:
kernel-configuration-options
boot-command-line-arguments
custom-policy
Linux kernel configuration options, passed to the compiler, determine how the kernel image is built.
The location of the kernel configuration file is either /boot
or /lib/modules/kernel-version/
.
The state of a build flag can be viewed with, e.g.,
cat /boot/config-`uname -r` | grep IMA_WRITE_POLICY
The boolean values are
- "=y" if compiled statically into the kernel
- "=m" if compiled in as a kernel module
- "is not set" if that setting was commented out
- not listed is the same as commented out
Relevant build flags are in https://github.com/torvalds/linux/blob/master/security/integrity/ima/Kconfig
general-build-flags
:
config-integrity
config-ima
config-ima-write-policy
config-ima-read-policy
config-ima-default-hash
config-fs-verity
compiled-in-policies
:
config-ima-arch-policy
config-ima-appraise-build-policy
config-ima-appraise-require-firmware-sigs
config-ima-appraise-require-kexec-sigs
config-ima-appraise-require-module-sigs
config-ima-appraise-require-policy-sigs
measure
:
config-ima-default-template
config-ima-measure-pcr-idx
config-ima-kexec
config-ima-disable-htable
config-ima-measure-asymmetric-keys
config-ima-lsm-rules
config-ima-queue-early-boot-keys
appraise
:
config-ima-appraise
config-ima-appraise-bootparam
config-ima-appraise-modsig
config-ima-trusted-keyring
config-integrity-signature
config-integrity-asymmetric-keys
config-ima-appraise-signed-init
config-system-blacklist-keyring
config-load-uefi-keys
config-load-ipl-keys
config-load-ppc-keys
evm-build-flags
:
config-evm
config-encrypted-keys
config-user-decrypted-data
config-trusted-keys
config-evm-add-xattrs
config-evm-extra-smack-xattrs
keyring-configuration
:
config-secondary-trusted-keyring
config-integrity-platform-keyring
config-integrity-machine-keyring
config-integrity-ca-machine-keyring
- CONFIG_INTEGRITY
- CONFIG_IMA
config-ima-write-policy
config-ima-read-policy
config-ima-default-hash
config-fs-verity
This boolean enables the integrity subsystem, which includes the Integrity Measurement Architecture (IMA), Extended Verification Module (EVM), the IMA-appraisal extension, the digital signature verification extension and audit measurement log support.
Each of these components can be enabled/disabled separately. Refer to the individual components for additional details.
- IMA - see
config-ima
. - EVM - see
config-evm
. - IMA Appraisal Hash verification - see
config-ima-appraise
- IMA Appraisal Digital Signature Verification - see
config-integrity-signature
. - audit measurement log support.
This boolean enables IMA.
This boolean enables multiple appends to the custom IMA policy. See runtime-custom-policy
.
This boolean enables reading the current IMA policy. See reading-policies
. This option allows the root user to see the current policy rules.
If the boolean is false, either the policy file will not exist or the policy file will exist but the mode bits will not permit a read.
This string specifies the file data hash algorithm for measurement, appraisal, and audit. It is overridden by the boot-command-line-arguments
ima-hash
specifier. Both can be overridden by the hash used for the file signature algorithm.
Supported values are:
sha1
sha256
sha512
wp512
sm3
This boolean enables fs-verity
read-only file-based authenticity protection.
Build flags can specify appraisal policy rules that are present at run time if the boot-command-line-arguments
are not used.
These are:
config-ima-arch-policy
config-ima-appraise-build-policy
config-ima-appraise-require-firmware-sigs
config-ima-appraise-require-kexec-sigs
config-ima-appraise-require-module-sigs
config-ima-appraise-require-policy-sigs
The rules determined by config-ima-arch-policy
persist - are not replaced. The other flags determine rules that can be replaced.
This boolean enables compiled-in architecture specific policy rules. If enabled, it loads its IMA appraise rules before other compiled-in or built-in command line appraise rules, so they cannot be overridden. They persist. I.e., they cannot be replaced by a boot-time-custom-policy
or runtime-custom-policy
, which might otherwise remove these rules.
Secure boot must appraise the entire boot software stack through the kernel. This includes the kernel kexec image and kernel modules. The kernel configuration includes a method using CONFIG_KEXEC_SIG
and CONFIG_MODULE_SIG
. If either is not enabled, IMA verifies (appraises) the signatures.
That is, if CONFIG_KEXEC_SIG
is true, the kernel will require and verify the signature over the kernel image. If false, CONFIG_IMA_ARCH_POLICY
will add an IMA appraise func-kexec-kernel-check
rule.
If CONFIG_MODULE_SIG
is true, the kernel will verify a kernel module appended signature. If false, CONFIG_IMA_ARCH_POLICY
will add an IMA appraise func-module-check
rule.
In addition to the appraise rules, CONFIG_IMA_ARCH_POLICY
always adds trusted boot measure rules for arm-and-x86
UEFI based platforms.
These policy rules are based on the firmware boot status (e.g. arm-and-x86
UEFI secure boot, powerpc
secure boot and trusted boot). See secure-boot-state
for a method of determining whether secure and/or trusted boot is enabled.
Warning
FIXME test this
If UEFI secure boot is enabled:
If CONFIG_KEXEC_SIG
is false, CONFIG_IMA_ARCH_POLICY
adds this rule to appraise the kernel:
appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig
If CONFIG_MODULE_SIG
is false, CONFIG_IMA_ARCH_POLICY
adds this rule to appraise kernel modules:
appraise func=MODULE_CHECK appraise_type=imasig
Regardless of those configuration flags, CONFIG_IMA_ARCH_POLICY
adds these rules to measure the kernel and kernel modules. It does not differentiate between secure and trusted boot.
measure func=KEXEC_KERNEL_CHECK
measure func=MODULE_CHECK
If firmware secure boot is enabled, CONFIG_IMA_ARCH_POLICY
adds this rule:
appraise func=KEXEC_KERNEL_CHECK appraise_flag=check_blacklist appraise_type=imasig|modsig
and if CONFIG_MODULE_SIG
is false, CONFIG_IMA_ARCH_POLICY
adds this rule
appraise func=MODULE_CHECK appraise_flag=check_blacklist appraise_type=imasig|modsig
If only trusted boot is enabled, CONFIG_IMA_ARCH_POLICY
adds these rules:
measure func=KEXEC_KERNEL_CHECK
measure func=MODULE_CHECK
If both firmware secure boot and trusted boot are enabled, CONFIG_IMA_ARCH_POLICY
adds these rules:
measure func=KEXEC_KERNEL_CHECK template=ima-modsig
measure func=MODULE_CHECK template=ima-modsig
appraise func=KEXEC_KERNEL_CHECK appraise_flag=check_blacklist appraise_type=imasig|modsig
and if CONFIG_MODULE_SIG
is false, CONFIG_IMA_ARCH_POLICY
adds this rule
appraise func=MODULE_CHECK appraise_flag=check_blacklist appraise_type=imasig|modsig
- This boolean enables an alternative method (not IMA) for validating
appended signatures.
See config-ima-arch-policy
.
This boolean enables compiled-in IMA policy rules. They are effective at runtime without needing an ima-policy
on the boot command line. It loads its IMA appraise rules before other compiled-in or built-in command line appraise rules. Unlike config-ima-arch-policy
, these rules can be replaced by a boot-time-custom-policy
or runtime-custom-policy
.
If enabled config-ima-appraise-require-firmware-sigs
, config-ima-appraise-require-kexec-sigs
, config-ima-appraise-require-module-sigs
, and config-ima-appraise-require-policy-sigs
determine the policy rules.
An alternative to the compiled-in policy rules is ima-policy-secure-boot
on the boot command line.
This boolean enables a policy rule to appraise firmware. config-ima-appraise-build-policy
enables this flag.
It requires all firmware to be signed. See func
and appraise-type
.
appraise func=FIRMWARE_CHECK appraise_type=imasig
This boolean enables a policy rule to appraise kexec'ed kernel images. config-ima-appraise-build-policy
enables this flag.
It requires all kexec'ed kernel images to be signed and verified by a public key on the trusted IMA keyring. See func
and appraise-type
.
appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig
This boolean enables a policy rule to appraise kernel module signatures. config-ima-appraise-build-policy
enables this flag.
It requires all kernel modules to be signed and verified by a public key on the trusted IMA keyring. See func
and appraise-type
.
appraise func=MODULE_CHECK appraise_type=imasig
This boolean enables a policy rule to appraise IMA policy signatures. config-ima-appraise-build-policy
enables this flag.
It requires the IMA policy to be signed and verified by a key on the trusted IMA keyring.See func
, appraise-type
, and custom-policy
.
appraise func=POLICY_CHECK appraise_type=imasig
The configuration flags affecting measurement are below. See policy-rule-order
.
config-ima-default-template
config-ima-measure-pcr-idx
config-ima-kexec
config-ima-disable-htable
config-ima-measure-asymmetric-keys
config-ima-lsm-rules
config-ima-queue-early-boot-keys
This string sets the default value for the ima-event-log
built-in-templates
, which specifies the IMA event log format.
The default value can be globally overridden by the boot-command-line-arguments
template-specifiers
. They can be overridden for a measurement by a policy-syntax
template
.
The value depends upon the kernel release. A typical value is ima-ng
or ima-sig
.
This decimal number sets the PCR index used by IMA. The default is 10.
See also the policy rule pcr-value
.
This boolean enables carrying the IMA measurement list across a kexec soft boot.
TPM PCRs are only reset on a hard reboot. In order to validate a TPM's quote after a soft boot, the IMA measurement list of the running kernel must be saved and restored after the soft boot.
Depending on the IMA policy, the measurement list can grow to be very large.
This boolean affects measurement behavior. In detail, there are three factors:
- IMA status booleans, which indicate that the file has been opened for change since the last IMA measurement
- The IMA hash table, which tracks files already measured
- This kernel configuration flag CONFIG_IMA_DISABLE_HTABLE
The boolean is based on iversion
for filesystems mounted with iversion
. Without iversion
, it is assumed that the file changed.
NOTE: So that IMA will process the same hash again when seen in different contexts, there are several boolean status bits:
- ima_file
- ima_mmap
- ima_bprm
- ima_read
- ima_cred
- evm
Warning
Add a definition of each status bit. Add cross references. How can the status bits be read?
In kernels that do not implement CONFIG_IMA_DISABLE_HTABLE, or if CONFIG_IMA_DISABLE_HTABLE is false, if the status is true and the file hash is not in the hash table, the file is measured. If the status is false (not changed) or the hash is in the hash table (already measured), the file is not measured.
The action is different if CONFIG_IMA_DISABLE_HTABLE is true. In this case, if the status is true, the file is measured, even if the hash is already in the hash table.
The intent of CONFIG_IMA_DISABLE_HTABLE true is to record the case where a file changed, but changed back before it triggered a measure policy. For example, if a file changed from hash1 to hash2 to hash1, three events would be measured. If CONFIG_IMA_DISABLE_HTABLE was false, the third event would not be measured, since hash1 was already in the hash table. An attester, in the latter case, would think the file was still in the hash2 state.
This boolean enables measuring asymmetric keys when the key is loaded onto a keyring. IMA policy rules can either measure keys loaded onto any keyring or only measure keys loaded onto keyrings
specified through the keyrings-condition
condition.
Examples:
measure keys loaded onto any keyring
measure func=KEY_CHECK
measure keys loaded onto the
dot-ima
keyring only for the root usermeasure func=KEY_CHECK uid=0 keyrings=.ima
measure keys on the
dot-builtin-trusted-keys
anddot-ima
keyrings into a different PCRmeasure func=KEY_CHECK keyrings=".builtin_trusted_keys|.ima" pcr=11
This boolean enables policy rules containing LSM labels.
See obj-user-equals
, obj-role-equals
, obj-type-equals
, subj-user-equals
, subj-role-equals
, and subj-type-equals
for the policy rule syntax.
If this boolean is disabled, a policy containing these policy rules will be rejected. See runtime-custom-policy
.
built-in-policy-rules
do not have rules to measure keys added to keyrings
. I.e., they do not have a func-key-check
rule.
When this boolean is set, keys added to keyrings at boot are queued. When a custom-policy
with a func-key-check
rule is specified, the queue is replayed so that each key can be measured.
The configuration flags affecting appraisal are below. See policy-rule-order
.
config-ima-appraise
config-ima-appraise-bootparam
config-ima-appraise-modsig
config-ima-trusted-keyring
config-integrity-signature
config-integrity-asymmetric-keys
config-ima-appraise-signed-init
config-system-blacklist-keyring
config-load-uefi-keys
config-load-ipl-keys
config-load-ppc-keys
This boolean enables verifying local file integrity.
The default is enforce
mode. See config-ima-appraise-bootparam
and ima-appraise
for options.
See also config-evm
.
This boolean allows the different ima-appraise
modes to be specified on the boot command line.
False prevents disabling enforce
mode on the boot command line for a production system.
True allows enforce
mode to be disabled on the boot command line for debug or fixing hashes.
This boolean adds support for signatures appended to files. The format of the appended signature is the same as that used for signed kernel modules. The modsig
keyword can be as used in the IMA policy to allow a hook to accept such signatures.
See the policy rule appraise-type
modsig
.
This boolean enables use of the trusted dot-ima
and dot-evm
keyrings, as opposed to the _ima
and _evm
keyrings.
This boolean enables signature verification. See config-integrity-asymmetric-keys
.
This boolean enables asymmetric key verification using asymmetric keys on the keyrings
.
See also config-integrity-signature
.
This boolean causes the built-in ima-policy-appraise-tcb
to load a policy rule requiring all root owned files be signed, as opposed to being hashed.
When this boolean is set, the dot-blacklist
keyring is checked before keys can be loaded onto keyrings
.
When this boolean is set, the dot-platform
keyring is provisioned with keys from the UEFI DB and the dot-blacklist
keyring is provisioned with keys from the UEFI DBX.
When this boolean is set, the dot-platform
keyring and the dot-blacklist
keyring are provisioned for S390.
When this boolean is set, the dot-platform
keyring and the dot-blacklist
keyring are provisioned for POWER.
The configuration flags affecting EVM are below:
config-evm
config-encrypted-keys
config-user-decrypted-data
config-trusted-keys
config-evm-add-xattrs
config-evm-extra-smack-xattrs
This boolean enables EVM appraisal of extended attributes and file meta-data.
See extended-verification-module
.
This tristate enables evm-hmac
.
It can be set to either 'y
(built in to the kernel) or m
if compiled as a kernel module. y
is desired.
This boolean permits the user to instantiate the evm-hmac
encrypted key
with user-provided decrypted data using keyctl
.
If not set, the kernel uses a random number.
It requires config-encrypted-keys
.
See https://www.kernel.org/doc/html/latest/security/keys/trusted-encrypted.html
Warning
Add an example of keyctl.
This tristate enables the generation and load of a evm-hmac
master key
. This is a trusted key
type.
It can be set to either 'y
(built in to the kernel) or m
if compiled as a kernel module. y
is desired.
It requires config-encrypted-keys
.
See https://www.kernel.org/doc/html/latest/security/keys/trusted-encrypted.html
This boolean permits the user to add additional EVM extended attributes (xattrs) at runtime.
When this option is enabled, root can add additional xattrs to the list used by EVM by writing them into /sys/kernel/security/integrity/evm/evm_xattrs
.
See extended-verification-module
for the default list.
This boolean adds additional SMACK EVM extended attributes (xattrs) for the HMAC calculation. It adds:
security.SMACK64EXEC
security.SMACK64TRANSMUTE
security.SMACK64MMAP
The configuration flags affecting trusted keyrings
are:
config-secondary-trusted-keyring
config-integrity-platform-keyring
config-integrity-machine-keyring
config-integrity-ca-machine-keyring
config-integrity-ca-machine-keyring-max
This boolean enables the dot-secondary-trusted-keys
keyring to which extra keys may be added, provided those keys are not on a deny list and are vouched for by a key built into the kernel, a key on the dot-machine
keyring, or a key already in the dot-secondary-trusted-keys
keyring.
This boolean enables the dot-platform
keyring.
When this boolean is set, registered machine owner key certificates are loaded by default on the dot-machine
keyring.
When it is clear, registered machine owner key certificates are loaded on the dot-platform
keyring.
Note that this boolean is only supported for
MOK
keys on UEFI.
config-integrity-ca-machine-keyring
and config-integrity-ca-machine-keyring-max
can override the default.
When this boolean is set, registered MOK
key signing certificates (X.509 CA bit and keyCertSign true) are loaded on the dot-machine
keyring. Others go on the dot-platform
keyring.
See also config-integrity-ca-machine-keyring-max
.
Distribution Stat | e |
---|---|
Ubuntu 23 not set | |
----------------------Fedora 39 set |
When this boolean is set, registered MOK
key signing CA certificates (X.509 CA bit and keyCertSign true, and digitalSignature false) are loaded on the dot-machine
keyring. Others go on the dot-platform
keyring.
This boolean overrides config-integrity-ca-machine-keyring
.
Distribution Stat | e |
---|---|
Ubuntu 23 not set | |
----------------------Fedora 39 set |
These boot command line arguments can be added on the boot command line.
ima-hash
ima-policy
ima-appraise
ima-template
ima-canonical-fmt
ima-template-fmt
The ima_hash=
argument specifies the file data hash algorithm used. It overrides the config-ima-default-hash
algorithm.
- measurement - the
ima-event-log
-template-data-fields
d-ng
andd-ngv2
hash algorithm
- appraisal - the hash algorithm used to calculate and verify hashes
- audit - the hash algorithm used for audit log entries
Supported values are:
md5
supported only forima-template
=imasha1
ima-template
=ima defaultsha224
sha256
defaultsha384
sha512
rmd128
rmd160
rmd256
rmd320
wp256
wp384
wp512
tgr128
tgr160
tgr192
sm3
streebog256
streebog512
If ima-template
is ima
, only md5
and sha1
are supported.
The values are taken from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/crypto/hash_info.c.
The ima_policy=
argument specifies boot time IMA policy rules. There are several built-in-policy-rules
. Selecting an IMA built-in policy uses those formats. See built-in-policy-rules
for their effect.
The command line arguments ima_tcb
and ima_appraise_tcb
are deprecated in favor of ima-policy-tcb
and ima-policy-appraise-tcb
.
Multiple ima_policy
specifiers can be used. Their policies are concatenated. The order is hard coded as shown in the below list.
The supported measure values for ima_policy=
are:
ima-policy-tcb
- measure rulesima-policy-critical-data
- measure rules
The supported appraise values for ima_policy=
are:
ima-policy-secure-boot
ima-policy-appraise-tcb
ima-policy-fail-securely
The two ways of using multiple specifiers are:
- Recommended - Multiple
ima_policy=
statements. For example:
ima_policy=tcb ima_policy=critical_data
- Alternate - Multiple specifiers using this divider line format. For example
ima_policy="tcb|critical_data"
This divider line format requires the terms to be in "
. One can either edit the boot command line interactively or edit the grub boot file, e.g., /boot/loader/entries
on Fedora. The grubby --args=
method must escape the "
characters in a shell dependent way.
The ima_appraise=
argument can change the default enforce
appraise mode.
Note: The mode can only be changed if secure boot in the UEFI firmware is disabled. If UEFI secure boot is enabled, the default enforce
cannot be changed. See built-in-policy-rules
. This is not the same as the ima-policy-secure-boot
command line argument.
This command line argument is only available if config-ima-appraise-bootparam
is set.
This specifies the effect of the policy rule appraise
action. The four values are:
enforce
causes IMA to appraise files . Access is denied to the appraised file if the stored hash is missing or does not match the collected value.log
is similar toenforce
except access is not denied but only logged to/var/log/audit/audit.log
.off
disables all appraisal. The stored hashes aren't checked or logged. New stored hashes are not generated or updated.fix
enables the IMA repair mode. The stored hash reference value of a protected file can be created or updated. The file hash is (re)calculated and stored.fix
is often used on first boot. This will allow the system to boot up even when no (or wrong) hashes are registered.fix
only creates and updates hashes on files that would otherwise be appraised. If using a custom IMA policy, that policy must be loaded first. If neitherima-policy-appraise-tcb
nor a custom policy is loaded, the default policy is to not appraise anything, andfix
will have no effect. Additionally, this process may need to be repeated if there's a change in the IMA policy.fix
only updates hashes on files that have no signatures. It cannot create a file signature.
A typical procedure for adding file data hashes and meta-data HMAC is:
- boot first in
fix
mode open for read all files that will be appraised
Example
find / -fstype ext4 -type f -uid 0 -exec dd if='{}' of=/dev/null count=0 status=none \;
When done, the stored hash value should show as an extended attribute:
Example
getfattr -m - -d /sbin/init # file: sbin/init security.ima=0sAXr7Qmun5mkGDS286oZxCpdGEuKT security.selinux="system_u:object_r:init_exec_t"
reboot in
appraise
modeThe system should now run with appraisal enabled, causing the system to validate the hash against the stored value before using it. If it doesn't match, then the file is not loaded and any access will be denied.
Note: Appraisal can be verified by booting with ima_appraise= off
, changing the contents of a root-owned file (or the value of the extended attribute), and rebooting with ima_appraise= enforce
.
The evm
argument can take one value, evm=fix
. It requires ima-appraise
=fix
.
It has the same effect as ima-appraise
=fix
, but updates the evm-hmac
.
The ima_template=
argument specifies boot time ima-event-log
built-in-templates
. There are several built-in-templates
. See built-in-templates
for their effect.
Custom templates described in template-data-fields
are not supported. Some may work, but their use is deprecated. Use ima-template-fmt
to specify custom templates.
The default value is compiled in as CONFIG_IMA_DEFAULT_TEMPLATE. The supported values for ima_template=
are:
ima
ima-ng
ima-sig
ima-buf
ima-modsig
ima-ngv2
ima-sigv2
- (
evm-sig
) - While this is currently allowed, it is not recommended because it would apply to items that are not files with EVM signature attributes.
The ima_canonical_fmt
option sets the canonical format for the binary runtime measurements, instead of host native format.
It forces the event log to store all integral values as little endian on big endian machines.
Recommendation:
This option is suggested on all big endian machines, since a verifier may not be written to handle big endian event logs.
It is strongly suggested on a big endian machine that may receive a kexec(), since the event log may otherwise be a mix of big and little endian measurements.
Warning
FIXME Test this
As an alternative to the built-in templates, a custom template can be specified using the fields from template-data-fields
, concatenated using the |
character.
Use ima-template
to specify the built-in-templates
.