lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jan 2021 10:23:01 -0800 From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com> To: Rob Herring <robh@...nel.org> Cc: zohar@...ux.ibm.com, bauerman@...ux.ibm.com, takahiro.akashi@...aro.org, gregkh@...uxfoundation.org, will@...nel.org, catalin.marinas@....com, mpe@...erman.id.au, james.morse@....com, sashal@...nel.org, benh@...nel.crashing.org, paulus@...ba.org, frowand.list@...il.com, vincenzo.frascino@....com, mark.rutland@....com, dmitry.kasatkin@...il.com, jmorris@...ei.org, serge@...lyn.com, pasha.tatashin@...een.com, allison@...utok.net, masahiroy@...nel.org, bhsharma@...hat.com, mbrugger@...e.com, hsinyi@...omium.org, tao.li@...o.com, christophe.leroy@....fr, prsriva@...ux.microsoft.com, balajib@...ux.microsoft.com, linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, devicetree@...r.kernel.org Subject: Re: [PATCH v14 0/6] Carry forward IMA measurement log on kexec on ARM64 On 1/12/21 6:42 AM, Rob Herring wrote: > On Mon, Jan 04, 2021 at 11:25:56AM -0800, Lakshmi Ramasubramanian wrote: >> On kexec file load Integrity Measurement Architecture (IMA) subsystem >> may verify the IMA signature of the kernel and initramfs, and measure >> it. The command line parameters passed to the kernel in the kexec call >> may also be measured by IMA. A remote attestation service can verify >> a TPM quote based on the TPM event log, the IMA measurement list, and >> the TPM PCR data. This can be achieved only if the IMA measurement log >> is carried over from the current kernel to the next kernel across >> the kexec call. >> >> powerpc already supports carrying forward the IMA measurement log on >> kexec. This patch set adds support for carrying forward the IMA >> measurement log on kexec on ARM64. >> >> This patch set moves the platform independent code defined for powerpc >> such that it can be reused for other platforms as well. A chosen node >> "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold >> the address and the size of the memory reserved to carry >> the IMA measurement log. >> >> This patch set has been tested for ARM64 platform using QEMU. >> I would like help from the community for testing this change on powerpc. >> Thanks. >> >> This patch set is based on >> commit a29a64445089 ("powerpc: Use common of_kexec_setup_new_fdt()") >> in https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git >> "dt/kexec" branch. > > This all looks good to me. I'd suggest you send the above patches out as > part of this series because I don't plan to do so. Thanks for reviewing the patches Rob. Sure - I'll add your patches to this series. > I would like to also resolve the vmalloc vs. kmalloc difference for > allocating the FDT. Then we can further consolidate the DT kexec code. I think FDT allocation using vmalloc for ARM64 can be changed to kmalloc. What are the other changes you'd like me to do in arm64/powerpc DT kexec code in this patch series? @AKASHI Takahiro - could you please let me know if the above sounds right? > > It all needs some acks from arm64 and powerpc maintainers. As far as > merging, I think via the integrity tree makes the most sense. I'll create the patch series in "next-integrity" branch. Thiago/Mimi have acked some of the patches. Please review the remaining patches in this version. Could arm64 maintainers please review the patches and respond? thanks, -lakshmi
Powered by blists - more mailing lists