lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 29 Sep 2016 19:16:02 -0300
From:   Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Michael Ellerman <michael@...erman.id.au>
Subject: Re: ima measurement carrying on -mm

Am Donnerstag, 29 September 2016, 16:53:50 schrieb Eric W. Biederman:
> Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com> writes:
> > Am Donnerstag, 29 September 2016, 14:02:06 schrieb Andrew Morton:
> >> On Thu, 29 Sep 2016 17:44:10 -0300 Thiago Jung Bauermann
> > 
> > <bauerman@...ux.vnet.ibm.com> wrote:
> >> > Hello Andrew,
> >> > 
> >> > You have in the -mm tree a version of the "kexec handover buffer" and
> >> > "ima carry measurement list" patches that were NAKed by Eric
> >> > Biederman.
> >> > I would just like to double-check that there's no risk of that
> >> > version
> >> > reaching v4.9.
> >> > 
> >> > Mimi posted v5 of a merged patch set that addresses Eric's concern:
> >> > 
> >> > https://lists.ozlabs.org/pipermail/linuxppc-dev/2016-September/149183
> >> > .ht
> >> > ml
> >> > 
> >> > There are no separate kexec handover patches anymore. They were
> >> > folded
> >> > into the series above. The kexec code is simplified now, it doesn't
> >> > support updating the buffer and recalculating the hash on reboot, and
> >> > is now IMA- specific instead of a generic kexec feature.
> >> 
> >> Yup, thanks.
> >> 
> >> I wasn't thinking any of this material is suitable for 4.9.  Seems that
> >> a bit more consideration will be needed.  Am I wrong about that?
> > 
> > Yes regarding the "ima carry measurement list" patches, but I was hoping
> > that at least the kexec_file_load patches would be upstreamed.
> 
> Oh bah. I was confused about that straight forward adding of kexec_file
> support to powerpc.  I thought that was already in existence.
> 
> In that case let me say I am concerned about modifying the flattened
> device tree, especially in the kexec_file.  I would think that the
> flattened device tree would be something that it would be desirable to
> keep intact.
> 
> I know in the x86 boot protocol we have some variables that are purely
> passed by the bootloader (like the command line) and some that just
> representations of firmware provided information.  Does powerpc not have
> that separation.
> 
> I would think being able to pass the flattened device tree through
> unchanged would be very desirable in the kexec case as it removes the
> possibility of error.

As far as I know, that is not possible. The device tree always needs to be 
modified to add or update the properties that indicate where the initrd is 
loaded and, as you mentioned, the kernel command line. The IMA buffer 
patches just adds another property.

-- 
[]'s
Thiago Jung Bauermann
IBM Linux Technology Center

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ