lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z7wOPiDfy/vtrkCS@MiWiFi-R3L-srv>
Date: Mon, 24 Feb 2025 14:14:22 +0800
From: Baoquan He <bhe@...hat.com>
To: steven chen <chenste@...ux.microsoft.com>
Cc: zohar@...ux.ibm.com, stefanb@...ux.ibm.com,
	roberto.sassu@...weicloud.com, roberto.sassu@...wei.com,
	eric.snowberg@...cle.com, ebiederm@...ssion.com,
	paul@...l-moore.com, code@...icks.com, bauermann@...abnow.com,
	linux-integrity@...r.kernel.org, kexec@...ts.infradead.org,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
	madvenka@...ux.microsoft.com, nramas@...ux.microsoft.com,
	James.Bottomley@...senpartnership.com, vgoyal@...hat.com,
	dyoung@...hat.com
Subject: Re: [PATCH v8 2/7] kexec: define functions to map and unmap segments

Hi Steve, Mimi,

On 02/18/25 at 02:54pm, steven chen wrote:
> Currently, the mechanism to map and unmap segments to the kimage
> structure is not available to the subsystems outside of kexec.  This
> functionality is needed when IMA is allocating the memory segments
> during kexec 'load' operation.  Implement functions to map and unmap
> segments to kimage.

I am done with the whole patchset understanding. My concern is if this
TPM PCRs content can be carried over through newly introduced KHO. I can
see that these patchset doesn't introduce too much new code changes,
while if many conponents need do this, kexec reboot will be patched all
over its body and become ugly and hard to maintain.

Please check Mike Rapoport's v4 patchset to see if IMA can register
itself to KHO and do somthing during 2nd kernel init to restore those
TPM PCRs content to make sure all measurement logs are read correctly.
[PATCH v4 00/14] kexec: introduce Kexec HandOver (KHO)

Thanks
Baoquan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ