Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-100320

ima-add-sigs add IMA signatures that fail verification

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.1
    • rhel-10.0
    • ima-evm-utils
    • None
    • ima-evm-utils-1.6.2-3.el10
    • No
    • Moderate
    • 1
    • rhel-kernel-security
    • 23
    • 28
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • CK Parent Issues In Progress
    • Release Note Not Required
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      After running ima-add-sigs, there are several files that have IMA signatures but fail the verification

      What is the impact of this issue to you?

      These files can cause trouble for the booting since they will fail IMA-appraisal.

      Please provide the package NVR for which the bug is seen:

      ima-evm-utils-1.6.2-2.el10.x86_64

      How reproducible is this bug?:

      always

      Steps to reproduce

      1.  ima-add-sigs
      2. Count the files that have IMA signatures but fail verification 
        for i in `find / -fstype xfs -type f -uid 0`; do     if getfattr -m security.ima -d -e hex $i 2> /dev/null | grep -qs security.ima=0x03 && ! evmctl ima_verify -k /etc/keys/ima/redhatimarelease-10.der $i &> /dev/null; then         echo $i;     fi; done | wc -l

      Expected results

      All files with IMA signature can pass verification.

      Actual results

      There are 1142 files that fail signature verification.

              coxu@redhat.com Coiby Xu
              coxu@redhat.com Coiby Xu
              Coiby Xu Coiby Xu
              Dennis Li Dennis Li
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: