| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Sep 2019 13:27:06 -0700
From: prsriva <prsriva@...ux.microsoft.com>
To: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
Cc: mark.rutland@....com, jean-philippe@...aro.org, arnd@...db.de,
takahiro.akashi@...aro.org, sboyd@...nel.org,
catalin.marinas@....com, kexec@...ts.infradead.org,
linux-kernel@...r.kernel.org, zohar@...ux.ibm.com,
yamada.masahiro@...ionext.com, kristina.martsenko@....org,
duwe@....de, allison@...utok.net, james.morse@....org,
linux-integrity@...r.kernel.org, tglx@...utronix.de,
linux-arm-kernel@...ts.infradead.org
Subject: Re: [RFC PATCH v1 1/1] Add support for arm64 to carry ima measurement
log in kexec_file_load
On 9/19/19 8:07 PM, Thiago Jung Bauermann wrote:
>
> Hello Prakhar,
>
> Prakhar Srivastava <prsriva@...ux.microsoft.com> writes:
>
>> During kexec_file_load, carrying forward the ima measurement log allows
>> a verifying party to get the entire runtime event log since the last
>> full reboot since that is when PCRs were last reset.
<snip>
> In the previous patch, you took the powerpc file and made a few
> modifications to fit your needs. This file is now somewhat different
> than the powerpc version, but I don't understand to what purpose. It's
> not different in any significant way.
>
> Based on review comments from your previous patch, I was expecting to
> see code from the powerpc file moved to an arch-independent part of the
> the kernel and possibly adapted so that both arm64 and powerpc could use
> it. Can you explain why you chose this approach instead? What is the
> advantage of having superficially different but basically equivalent
> code in the two architectures?
>
> Actually, there's one change that is significant: instead of a single
> linux,ima-kexec-buffer property holding the start address and size of
> the buffer, ARM64 is now using two properties (linux,ima-kexec-buffer
> and linux,ima-kexec-buffer-end) for the start and end addresses. In my
> opinion, unless there's a good reason for it Linux should be consistent
> accross architectures when possible.
>
> --
> Thiago Jung Bauermann
> IBM Linux Technology Center
I looked at the of_ drivers are it became apparent that the driver calls
were already available for consumption. Adding ima specific code will be
same as adding wrapper code for any other property. Which is true for
all properties, effectively setting the property name and pass through
for other parameters.
I still like to move both implementations to a arch independent code
path, i could not convince my self that of_*ima is probably the place,
but if that's the best place?, then i will go ahead and make that change
as well.
Regarding using two properties, it just seemed more consistent how the
properties(start-end) are being used in the kexec, and hides the inner
details for the cell structures, thats all.
Its just the placement of the wrapper functions, but once thats done
both archs will call the same.
Thanks,
Prakhar Srivastava
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
Powered by blists - more mailing lists