From: Prakhar Srivastava <prsriva@linux.microsoft.com>
To: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
devicetree@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: catalin.marinas@arm.com, will@kernel.org, mpe@ellerman.id.au,
benh@kernel.crashing.org, paulus@samba.org, robh+dt@kernel.org,
frowand.list@gmail.com, zohar@linux.ibm.com,
dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com,
pasha.tatashin@soleen.com, allison@lohutok.net,
kstewart@linuxfoundation.org, takahiro.akashi@linaro.org,
tglx@linutronix.de, vincenzo.frascino@arm.com,
mark.rutland@arm.com, masahiroy@kernel.org, james.morse@arm.com,
bhsharma@redhat.com, mbrugger@suse.com, hsinyi@chromium.org,
tao.li@vivo.com, christophe.leroy@c-s.fr,
gregkh@linuxfoundation.org, nramas@linux.microsoft.com,
prsriva@linux.microsoft.com, tusharsu@linux.microsoft.com,
balajib@linux.microsoft.com
Subject: [V2 PATCH 2/3] dt-bindings: chosen: Document ima-kexec-buffer
Date: Thu, 18 Jun 2020 00:10:44 -0700 [thread overview]
Message-ID: <20200618071045.471131-3-prsriva@linux.microsoft.com> (raw)
In-Reply-To: <20200618071045.471131-1-prsriva@linux.microsoft.com>
Integrity measurement architecture(IMA) validates if files
have been accidentally or maliciously altered, both remotely and
locally, appraise a file's measurement against a "good" value stored
as an extended attribute, and enforce local file integrity.
IMA also measures singatures of kernel and initrd during kexec along with
the command line used for kexec.
These measurements are critical to verify the seccurity posture of the OS.
Resering memory and adding the memory information to a device tree node
acts as the mechanism to carry over IMA measurement logs.
Update devicetree documentation to reflect the addition of new property
under the chosen node.
---
Documentation/devicetree/bindings/chosen.txt | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/Documentation/devicetree/bindings/chosen.txt b/Documentation/devicetree/bindings/chosen.txt
index 45e79172a646..a15f70c007ef 100644
--- a/Documentation/devicetree/bindings/chosen.txt
+++ b/Documentation/devicetree/bindings/chosen.txt
@@ -135,3 +135,20 @@ e.g.
linux,initrd-end = <0x82800000>;
};
};
+
+linux,ima-kexec-buffer
+----------------------
+
+This property(currently used by powerpc, arm64) holds the memory range,
+the address and the size, of the IMA measurement logs that are being carried
+over to the kexec session.
+
+/ {
+ chosen {
+ linux,ima-kexec-buffer = <0x9 0x82000000 0x0 0x00008000>;
+ };
+};
+
+This porperty does not represent real hardware, but the memory allocated for
+carrying the IMA measurement logs. The address and the suze are expressed in
+#address-cells and #size-cells, respectively of the root node.
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Prakhar Srivastava <prsriva@linux.microsoft.com>
To: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
devicetree@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: kstewart@linuxfoundation.org, mark.rutland@arm.com,
catalin.marinas@arm.com, bhsharma@redhat.com, tao.li@vivo.com,
zohar@linux.ibm.com, paulus@samba.org, vincenzo.frascino@arm.com,
frowand.list@gmail.com, nramas@linux.microsoft.com,
masahiroy@kernel.org, jmorris@namei.org,
takahiro.akashi@linaro.org, serge@hallyn.com,
pasha.tatashin@soleen.com, will@kernel.org,
prsriva@linux.microsoft.com, robh+dt@kernel.org,
hsinyi@chromium.org, tusharsu@linux.microsoft.com,
tglx@linutronix.de, allison@lohutok.net, christophe.leroy@c-s.fr,
mbrugger@suse.com, balajib@linux.microsoft.com,
dmitry.kasatkin@gmail.com, james.morse@arm.com,
gregkh@linuxfoundation.org
Subject: [V2 PATCH 2/3] dt-bindings: chosen: Document ima-kexec-buffer
Date: Thu, 18 Jun 2020 00:10:44 -0700 [thread overview]
Message-ID: <20200618071045.471131-3-prsriva@linux.microsoft.com> (raw)
In-Reply-To: <20200618071045.471131-1-prsriva@linux.microsoft.com>
Integrity measurement architecture(IMA) validates if files
have been accidentally or maliciously altered, both remotely and
locally, appraise a file's measurement against a "good" value stored
as an extended attribute, and enforce local file integrity.
IMA also measures singatures of kernel and initrd during kexec along with
the command line used for kexec.
These measurements are critical to verify the seccurity posture of the OS.
Resering memory and adding the memory information to a device tree node
acts as the mechanism to carry over IMA measurement logs.
Update devicetree documentation to reflect the addition of new property
under the chosen node.
---
Documentation/devicetree/bindings/chosen.txt | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/Documentation/devicetree/bindings/chosen.txt b/Documentation/devicetree/bindings/chosen.txt
index 45e79172a646..a15f70c007ef 100644
--- a/Documentation/devicetree/bindings/chosen.txt
+++ b/Documentation/devicetree/bindings/chosen.txt
@@ -135,3 +135,20 @@ e.g.
linux,initrd-end = <0x82800000>;
};
};
+
+linux,ima-kexec-buffer
+----------------------
+
+This property(currently used by powerpc, arm64) holds the memory range,
+the address and the size, of the IMA measurement logs that are being carried
+over to the kexec session.
+
+/ {
+ chosen {
+ linux,ima-kexec-buffer = <0x9 0x82000000 0x0 0x00008000>;
+ };
+};
+
+This porperty does not represent real hardware, but the memory allocated for
+carrying the IMA measurement logs. The address and the suze are expressed in
+#address-cells and #size-cells, respectively of the root node.
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Prakhar Srivastava <prsriva@linux.microsoft.com>
To: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
devicetree@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: kstewart@linuxfoundation.org, mark.rutland@arm.com,
catalin.marinas@arm.com, bhsharma@redhat.com, tao.li@vivo.com,
zohar@linux.ibm.com, paulus@samba.org, vincenzo.frascino@arm.com,
frowand.list@gmail.com, nramas@linux.microsoft.com,
mpe@ellerman.id.au, masahiroy@kernel.org, jmorris@namei.org,
takahiro.akashi@linaro.org, benh@kernel.crashing.org,
serge@hallyn.com, pasha.tatashin@soleen.com, will@kernel.org,
prsriva@linux.microsoft.com, robh+dt@kernel.org,
hsinyi@chromium.org, tusharsu@linux.microsoft.com,
tglx@linutronix.de, allison@lohutok.net, christophe.leroy@c-s.fr,
mbrugger@suse.com, balajib@linux.microsoft.com,
dmitry.kasatkin@gmail.com, james.morse@arm.com,
gregkh@linuxfoundation.org
Subject: [V2 PATCH 2/3] dt-bindings: chosen: Document ima-kexec-buffer
Date: Thu, 18 Jun 2020 00:10:44 -0700 [thread overview]
Message-ID: <20200618071045.471131-3-prsriva@linux.microsoft.com> (raw)
In-Reply-To: <20200618071045.471131-1-prsriva@linux.microsoft.com>
Integrity measurement architecture(IMA) validates if files
have been accidentally or maliciously altered, both remotely and
locally, appraise a file's measurement against a "good" value stored
as an extended attribute, and enforce local file integrity.
IMA also measures singatures of kernel and initrd during kexec along with
the command line used for kexec.
These measurements are critical to verify the seccurity posture of the OS.
Resering memory and adding the memory information to a device tree node
acts as the mechanism to carry over IMA measurement logs.
Update devicetree documentation to reflect the addition of new property
under the chosen node.
---
Documentation/devicetree/bindings/chosen.txt | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/Documentation/devicetree/bindings/chosen.txt b/Documentation/devicetree/bindings/chosen.txt
index 45e79172a646..a15f70c007ef 100644
--- a/Documentation/devicetree/bindings/chosen.txt
+++ b/Documentation/devicetree/bindings/chosen.txt
@@ -135,3 +135,20 @@ e.g.
linux,initrd-end = <0x82800000>;
};
};
+
+linux,ima-kexec-buffer
+----------------------
+
+This property(currently used by powerpc, arm64) holds the memory range,
+the address and the size, of the IMA measurement logs that are being carried
+over to the kexec session.
+
+/ {
+ chosen {
+ linux,ima-kexec-buffer = <0x9 0x82000000 0x0 0x00008000>;
+ };
+};
+
+This porperty does not represent real hardware, but the memory allocated for
+carrying the IMA measurement logs. The address and the suze are expressed in
+#address-cells and #size-cells, respectively of the root node.
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-06-18 7:11 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-18 7:10 [V2 PATCH 0/3] Adding support for carrying IMA measurement logs Prakhar Srivastava
2020-06-18 7:10 ` Prakhar Srivastava
2020-06-18 7:10 ` Prakhar Srivastava
2020-06-18 7:10 ` [V2 PATCH 1/3] Refactoring powerpc code for carrying over IMA measurement logs, to move non architecture specific code to security/ima Prakhar Srivastava
2020-06-18 7:10 ` Prakhar Srivastava
2020-06-18 7:10 ` Prakhar Srivastava
2020-06-20 0:19 ` Thiago Jung Bauermann
2020-06-20 0:19 ` Thiago Jung Bauermann
2020-06-20 0:19 ` Thiago Jung Bauermann
2020-07-13 20:30 ` Prakhar Srivastava
2020-07-13 20:30 ` Prakhar Srivastava
2020-07-13 20:30 ` Prakhar Srivastava
2020-07-16 17:51 ` Thiago Jung Bauermann
2020-07-16 17:51 ` Thiago Jung Bauermann
2020-07-16 17:51 ` Thiago Jung Bauermann
2020-06-18 7:10 ` Prakhar Srivastava [this message]
2020-06-18 7:10 ` [V2 PATCH 2/3] dt-bindings: chosen: Document ima-kexec-buffer Prakhar Srivastava
2020-06-18 7:10 ` Prakhar Srivastava
2020-06-20 0:41 ` Thiago Jung Bauermann
2020-06-20 0:41 ` Thiago Jung Bauermann
2020-06-20 0:41 ` Thiago Jung Bauermann
2020-07-13 20:32 ` Prakhar Srivastava
2020-07-13 20:32 ` Prakhar Srivastava
2020-07-13 20:32 ` Prakhar Srivastava
2020-06-18 7:10 ` [V2 PATCH 3/3] Add support for arm64 to carry over IMA measurement logs Prakhar Srivastava
2020-06-18 7:10 ` Prakhar Srivastava
2020-06-18 7:10 ` Prakhar Srivastava
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200618071045.471131-3-prsriva@linux.microsoft.com \
--to=prsriva@linux.microsoft.com \
--cc=allison@lohutok.net \
--cc=balajib@linux.microsoft.com \
--cc=benh@kernel.crashing.org \
--cc=bhsharma@redhat.com \
--cc=catalin.marinas@arm.com \
--cc=christophe.leroy@c-s.fr \
--cc=devicetree@vger.kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=frowand.list@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hsinyi@chromium.org \
--cc=james.morse@arm.com \
--cc=jmorris@namei.org \
--cc=kstewart@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=mbrugger@suse.com \
--cc=mpe@ellerman.id.au \
--cc=nramas@linux.microsoft.com \
--cc=pasha.tatashin@soleen.com \
--cc=paulus@samba.org \
--cc=robh+dt@kernel.org \
--cc=serge@hallyn.com \
--cc=takahiro.akashi@linaro.org \
--cc=tao.li@vivo.com \
--cc=tglx@linutronix.de \
--cc=tusharsu@linux.microsoft.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.