From: Luis Chamberlain <mcgrof@kernel.org>
To: Scott Branden <scott.branden@broadcom.com>
Cc: Takashi Iwai <tiwai@suse.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
David Brown <david.brown@linaro.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Shuah Khan <shuah@kernel.org>,
bjorn.andersson@linaro.org,
Shuah Khan <skhan@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>,
"Rafael J . Wysocki" <rafael@kernel.org>,
linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
BCM Kernel Feedback <bcm-kernel-feedback-list@broadcom.com>,
Olof Johansson <olof@lixom.net>,
Andrew Morton <akpm@linux-foundation.org>,
Dan Carpenter <dan.carpenter@oracle.com>,
Colin Ian King <colin.king@canonical.com>,
Kees Cook <keescook@chromium.org>,
linux-kselftest@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>
Subject: Re: [PATCH 1/7] fs: introduce kernel_pread_file* support
Date: Fri, 23 Aug 2019 21:29:32 +0000 [thread overview]
Message-ID: <20190823212932.GY16384@42.do-not-panic.com> (raw)
In-Reply-To: <5227a1bb-52e5-d547-2650-b06bee259012@broadcom.com>
On Fri, Aug 23, 2019 at 12:55:30PM -0700, Scott Branden wrote:
> Hi Takashi
>
> On 2019-08-23 5:29 a.m., Takashi Iwai wrote:
> > On Thu, 22 Aug 2019 21:24:45 +0200,
> > Scott Branden wrote:
> > > Add kernel_pread_file* support to kernel to allow for partial read
> > > of files with an offset into the file. Existing kernel_read_file
> > > functions call new kernel_pread_file functions with offset=0 and
> > > flags=KERNEL_PREAD_FLAG_WHOLE.
> > Would this change passes the security check like ima?
> > I thought security_kernel_post_read_file() checks the whole content
> > for calculating the hash...
>
> It passes the fw_run_tests.sh. How do you test the firmware loader passes
> this security check?
Its not a security check per code, its an audit of the code, to ensure
that no new cases are not covered and its why I had CC'd Mimi. The
question lies in *if* the approach exposes a new interface which cannot
be attested. Its unclear to me if we can attest currently through
security modules the fallback interface, as there are not APIs with a
respective callback yet.
Luis
next prev parent reply other threads:[~2019-08-23 21:29 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-22 19:24 [PATCH 0/7] firmware: add partial read support in request_firmware_into_buf Scott Branden
2019-08-22 19:24 ` [PATCH 1/7] fs: introduce kernel_pread_file* support Scott Branden
2019-08-23 12:29 ` Takashi Iwai
2019-08-23 19:55 ` Scott Branden
2019-08-23 21:29 ` Luis Chamberlain [this message]
2019-08-22 19:24 ` [PATCH 2/7] firmware: add offset to request_firmware_into_buf Scott Branden
2019-08-22 19:47 ` Luis Chamberlain
2019-08-22 20:07 ` Scott Branden
2019-08-22 21:12 ` Luis Chamberlain
2019-08-22 23:30 ` Scott Branden
2019-08-23 15:47 ` Luis Chamberlain
2019-08-23 20:16 ` Scott Branden
2019-08-23 10:05 ` Takashi Iwai
2019-08-23 19:44 ` Scott Branden
2019-08-26 15:20 ` Takashi Iwai
2019-08-26 15:41 ` Scott Branden
2019-08-26 15:57 ` Takashi Iwai
2019-08-26 17:12 ` Takashi Iwai
2019-08-26 17:24 ` Scott Branden
2019-08-27 10:40 ` Takashi Iwai
2019-10-11 13:31 ` Luis Chamberlain
2020-02-21 0:11 ` Scott Branden
2020-02-21 8:44 ` Arnd Bergmann
2020-02-21 18:23 ` Scott Branden
2020-02-21 23:37 ` Scott Branden
2020-02-22 8:06 ` Arnd Bergmann
2019-08-22 19:24 ` [PATCH 3/7] test_firmware: add partial read support for request_firmware_into_buf Scott Branden
2019-08-22 19:24 ` [PATCH 4/7] selftests: firmware: Test partial file reads of request_firmware_into_buf Scott Branden
2019-08-22 19:24 ` [PATCH 5/7] bcm-vk: add bcm_vk UAPI Scott Branden
2019-08-27 13:54 ` Arnd Bergmann
2019-08-27 14:49 ` Kieran Bingham
2019-10-08 15:59 ` Olof Johansson
2019-08-22 19:24 ` [PATCH 6/7] misc: bcm-vk: add Broadcom Valkyrie driver Scott Branden
2019-08-27 14:14 ` Arnd Bergmann
2019-08-27 14:14 ` Arnd Bergmann
2019-08-27 15:25 ` Nicolas Dufresne
2019-08-27 15:25 ` Nicolas Dufresne
2019-08-22 19:24 ` [PATCH 7/7] MAINTAINERS: bcm-vk: Add maintainer for Broadcom Valkyrie Driver Scott Branden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190823212932.GY16384@42.do-not-panic.com \
--to=mcgrof@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=bjorn.andersson@linaro.org \
--cc=colin.king@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=david.brown@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=olof@lixom.net \
--cc=rafael@kernel.org \
--cc=scott.branden@broadcom.com \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=tiwai@suse.de \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.