From: Lakshmi Ramasubramanian <nramas@linux•microsoft.com>
To: Rob Herring <robh@kernel•org>
Cc: mark.rutland@arm•com, benh@kernel•crashing.org, tao.li@vivo•com,
zohar@linux•ibm.com, paulus@samba•org, vincenzo.frascino@arm•com,
frowand.list@gmail•com, sashal@kernel•org, mpe@ellerman•id.au,
masahiroy@kernel•org, jmorris@namei•org,
takahiro.akashi@linaro•org, linux-arm-kernel@lists•infradead.org,
catalin.marinas@arm•com, serge@hallyn•com,
devicetree@vger•kernel.org, pasha.tatashin@soleen•com,
will@kernel•org, prsriva@linux•microsoft.com,
hsinyi@chromium•org, allison@lohutok•net,
christophe.leroy@c-s•fr, mbrugger@suse•com,
balajib@linux•microsoft.com, dmitry.kasatkin@gmail•com,
linux-kernel@vger•kernel.org, james.morse@arm•com,
gregkh@linuxfoundation•org, joe@perches•com,
linux-integrity@vger•kernel.org, linuxppc-dev@lists•ozlabs.org,
bauerman@linux•ibm.com
Subject: Re: [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64
Date: Wed, 10 Feb 2021 09:33:24 -0800 [thread overview]
Message-ID: <5c002c32-bc49-acda-c641-7b1494ea292d@linux.microsoft.com> (raw)
In-Reply-To: <20210210171500.GA2328209@robh.at.kernel.org>
On 2/10/21 9:15 AM, Rob Herring wrote:
> On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
>> On kexec file load Integrity Measurement Architecture (IMA) subsystem
>> may verify the IMA signature of the kernel and initramfs, and measure
>> it. The command line parameters passed to the kernel in the kexec call
>> may also be measured by IMA. A remote attestation service can verify
>> a TPM quote based on the TPM event log, the IMA measurement list, and
>> the TPM PCR data. This can be achieved only if the IMA measurement log
>> is carried over from the current kernel to the next kernel across
>> the kexec call.
>>
>> powerpc already supports carrying forward the IMA measurement log on
>> kexec. This patch set adds support for carrying forward the IMA
>> measurement log on kexec on ARM64.
>>
>> This patch set moves the platform independent code defined for powerpc
>> such that it can be reused for other platforms as well. A chosen node
>> "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold
>> the address and the size of the memory reserved to carry
>> the IMA measurement log.
>>
>> This patch set has been tested for ARM64 platform using QEMU.
>> I would like help from the community for testing this change on powerpc.
>> Thanks.
>>
>> This patch set is based on
>> commit 96acc833dec8 ("ima: Free IMA measurement buffer after kexec syscall")
>> in https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
>> "next-integrity" branch.
>
> Is that a hard dependency still? Given this is now almost entirely
> deleting arch code and adding drivers/of/ code, I was going to apply it.
>
I tried applying the patches in Linus' mainline branch -
PATCH #5 0005-powerpc-Move-ima-buffer-fields-to-struct-kimage.patch
doesn't apply.
But if I apply the dependent patch set (link given below), all the
patches in this patch set apply fine.
https://patchwork.kernel.org/project/linux-integrity/patch/20210204174951.25771-2-nramas@linux.microsoft.com/
thanks,
-lakshmi
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists•infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-10 17:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 18:21 [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 01/10] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 02/10] of: Add a common kexec FDT setup function Lakshmi Ramasubramanian
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 14:38 ` Rob Herring
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 03/10] arm64: Use common of_kexec_alloc_and_setup_fdt() Lakshmi Ramasubramanian
2021-02-10 17:26 ` Will Deacon
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 04/10] powerpc: " Lakshmi Ramasubramanian
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 05/10] powerpc: Move ima buffer fields to struct kimage Lakshmi Ramasubramanian
2021-02-10 17:20 ` Rob Herring
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 06/10] powerpc: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 07/10] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c Lakshmi Ramasubramanian
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 08/10] kexec: Use fdt_appendprop_addrrange() to add ima buffer to FDT Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 09/10] powerpc: Delete unused function delete_fdt_mem_rsv() Lakshmi Ramasubramanian
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-09 18:22 ` [PATCH v17 10/10] arm64: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-10 17:15 ` [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Rob Herring
2021-02-10 17:33 ` Lakshmi Ramasubramanian [this message]
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:55 ` Mimi Zohar
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 22:34 ` Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5c002c32-bc49-acda-c641-7b1494ea292d@linux.microsoft.com \
--to=nramas@linux$(echo .)microsoft.com \
--cc=allison@lohutok$(echo .)net \
--cc=balajib@linux$(echo .)microsoft.com \
--cc=bauerman@linux$(echo .)ibm.com \
--cc=benh@kernel$(echo .)crashing.org \
--cc=catalin.marinas@arm$(echo .)com \
--cc=christophe.leroy@c-s$(echo .)fr \
--cc=devicetree@vger$(echo .)kernel.org \
--cc=dmitry.kasatkin@gmail$(echo .)com \
--cc=frowand.list@gmail$(echo .)com \
--cc=gregkh@linuxfoundation$(echo .)org \
--cc=hsinyi@chromium$(echo .)org \
--cc=james.morse@arm$(echo .)com \
--cc=jmorris@namei$(echo .)org \
--cc=joe@perches$(echo .)com \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
--cc=linux-integrity@vger$(echo .)kernel.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linuxppc-dev@lists$(echo .)ozlabs.org \
--cc=mark.rutland@arm$(echo .)com \
--cc=masahiroy@kernel$(echo .)org \
--cc=mbrugger@suse$(echo .)com \
--cc=mpe@ellerman$(echo .)id.au \
--cc=pasha.tatashin@soleen$(echo .)com \
--cc=paulus@samba$(echo .)org \
--cc=prsriva@linux$(echo .)microsoft.com \
--cc=robh@kernel$(echo .)org \
--cc=sashal@kernel$(echo .)org \
--cc=serge@hallyn$(echo .)com \
--cc=takahiro.akashi@linaro$(echo .)org \
--cc=tao.li@vivo$(echo .)com \
--cc=vincenzo.frascino@arm$(echo .)com \
--cc=will@kernel$(echo .)org \
--cc=zohar@linux$(echo .)ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox