From: Rob Herring <robh@kernel.org>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: zohar@linux.ibm.com, bauerman@linux.ibm.com,
takahiro.akashi@linaro.org, gregkh@linuxfoundation.org,
will@kernel.org, joe@perches.com, catalin.marinas@arm.com,
mpe@ellerman.id.au, james.morse@arm.com, sashal@kernel.org,
benh@kernel.crashing.org, paulus@samba.org,
frowand.list@gmail.com, vincenzo.frascino@arm.com,
mark.rutland@arm.com, dmitry.kasatkin@gmail.com,
jmorris@namei.org, serge@hallyn.com, pasha.tatashin@soleen.com,
allison@lohutok.net, masahiroy@kernel.org, mbrugger@suse.com,
hsinyi@chromium.org, tao.li@vivo.com, christophe.leroy@c-s.fr,
prsriva@linux.microsoft.com, balajib@linux.microsoft.com,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64
Date: Wed, 10 Feb 2021 11:15:00 -0600 [thread overview]
Message-ID: <20210210171500.GA2328209@robh.at.kernel.org> (raw)
In-Reply-To: <20210209182200.30606-1-nramas@linux.microsoft.com>
On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
> On kexec file load Integrity Measurement Architecture (IMA) subsystem
> may verify the IMA signature of the kernel and initramfs, and measure
> it. The command line parameters passed to the kernel in the kexec call
> may also be measured by IMA. A remote attestation service can verify
> a TPM quote based on the TPM event log, the IMA measurement list, and
> the TPM PCR data. This can be achieved only if the IMA measurement log
> is carried over from the current kernel to the next kernel across
> the kexec call.
>
> powerpc already supports carrying forward the IMA measurement log on
> kexec. This patch set adds support for carrying forward the IMA
> measurement log on kexec on ARM64.
>
> This patch set moves the platform independent code defined for powerpc
> such that it can be reused for other platforms as well. A chosen node
> "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold
> the address and the size of the memory reserved to carry
> the IMA measurement log.
>
> This patch set has been tested for ARM64 platform using QEMU.
> I would like help from the community for testing this change on powerpc.
> Thanks.
>
> This patch set is based on
> commit 96acc833dec8 ("ima: Free IMA measurement buffer after kexec syscall")
> in https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> "next-integrity" branch.
Is that a hard dependency still? Given this is now almost entirely
deleting arch code and adding drivers/of/ code, I was going to apply it.
Rob
WARNING: multiple messages have this Message-ID (diff)
From: Rob Herring <robh@kernel.org>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: mark.rutland@arm.com, tao.li@vivo.com, zohar@linux.ibm.com,
paulus@samba.org, vincenzo.frascino@arm.com,
frowand.list@gmail.com, sashal@kernel.org, masahiroy@kernel.org,
jmorris@namei.org, takahiro.akashi@linaro.org,
linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com,
serge@hallyn.com, devicetree@vger.kernel.org,
pasha.tatashin@soleen.com, will@kernel.org,
prsriva@linux.microsoft.com, hsinyi@chromium.org,
allison@lohutok.net, christophe.leroy@c-s.fr, mbrugger@suse.com,
balajib@linux.microsoft.com, dmitry.kasatkin@gmail.com,
linux-kernel@vger.kernel.org, james.morse@arm.com,
gregkh@linuxfoundation.org, joe@perches.com,
linux-integrity@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com
Subject: Re: [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64
Date: Wed, 10 Feb 2021 11:15:00 -0600 [thread overview]
Message-ID: <20210210171500.GA2328209@robh.at.kernel.org> (raw)
In-Reply-To: <20210209182200.30606-1-nramas@linux.microsoft.com>
On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
> On kexec file load Integrity Measurement Architecture (IMA) subsystem
> may verify the IMA signature of the kernel and initramfs, and measure
> it. The command line parameters passed to the kernel in the kexec call
> may also be measured by IMA. A remote attestation service can verify
> a TPM quote based on the TPM event log, the IMA measurement list, and
> the TPM PCR data. This can be achieved only if the IMA measurement log
> is carried over from the current kernel to the next kernel across
> the kexec call.
>
> powerpc already supports carrying forward the IMA measurement log on
> kexec. This patch set adds support for carrying forward the IMA
> measurement log on kexec on ARM64.
>
> This patch set moves the platform independent code defined for powerpc
> such that it can be reused for other platforms as well. A chosen node
> "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold
> the address and the size of the memory reserved to carry
> the IMA measurement log.
>
> This patch set has been tested for ARM64 platform using QEMU.
> I would like help from the community for testing this change on powerpc.
> Thanks.
>
> This patch set is based on
> commit 96acc833dec8 ("ima: Free IMA measurement buffer after kexec syscall")
> in https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> "next-integrity" branch.
Is that a hard dependency still? Given this is now almost entirely
deleting arch code and adding drivers/of/ code, I was going to apply it.
Rob
WARNING: multiple messages have this Message-ID (diff)
From: Rob Herring <robh@kernel.org>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: mark.rutland@arm.com, benh@kernel.crashing.org, tao.li@vivo.com,
zohar@linux.ibm.com, paulus@samba.org, vincenzo.frascino@arm.com,
frowand.list@gmail.com, sashal@kernel.org, mpe@ellerman.id.au,
masahiroy@kernel.org, jmorris@namei.org,
takahiro.akashi@linaro.org, linux-arm-kernel@lists.infradead.org,
catalin.marinas@arm.com, serge@hallyn.com,
devicetree@vger.kernel.org, pasha.tatashin@soleen.com,
will@kernel.org, prsriva@linux.microsoft.com,
hsinyi@chromium.org, allison@lohutok.net,
christophe.leroy@c-s.fr, mbrugger@suse.com,
balajib@linux.microsoft.com, dmitry.kasatkin@gmail.com,
linux-kernel@vger.kernel.org, james.morse@arm.com,
gregkh@linuxfoundation.org, joe@perches.com,
linux-integrity@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com
Subject: Re: [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64
Date: Wed, 10 Feb 2021 11:15:00 -0600 [thread overview]
Message-ID: <20210210171500.GA2328209@robh.at.kernel.org> (raw)
In-Reply-To: <20210209182200.30606-1-nramas@linux.microsoft.com>
On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
> On kexec file load Integrity Measurement Architecture (IMA) subsystem
> may verify the IMA signature of the kernel and initramfs, and measure
> it. The command line parameters passed to the kernel in the kexec call
> may also be measured by IMA. A remote attestation service can verify
> a TPM quote based on the TPM event log, the IMA measurement list, and
> the TPM PCR data. This can be achieved only if the IMA measurement log
> is carried over from the current kernel to the next kernel across
> the kexec call.
>
> powerpc already supports carrying forward the IMA measurement log on
> kexec. This patch set adds support for carrying forward the IMA
> measurement log on kexec on ARM64.
>
> This patch set moves the platform independent code defined for powerpc
> such that it can be reused for other platforms as well. A chosen node
> "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold
> the address and the size of the memory reserved to carry
> the IMA measurement log.
>
> This patch set has been tested for ARM64 platform using QEMU.
> I would like help from the community for testing this change on powerpc.
> Thanks.
>
> This patch set is based on
> commit 96acc833dec8 ("ima: Free IMA measurement buffer after kexec syscall")
> in https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> "next-integrity" branch.
Is that a hard dependency still? Given this is now almost entirely
deleting arch code and adding drivers/of/ code, I was going to apply it.
Rob
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-10 17:17 UTC|newest]
Thread overview: 134+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 18:21 [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 01/10] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 02/10] of: Add a common kexec FDT setup function Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-11 16:50 ` kernel test robot
2021-02-11 17:42 ` Fwd: " Lakshmi Ramasubramanian
2021-02-11 17:42 ` Lakshmi Ramasubramanian
2021-02-11 17:47 ` Lakshmi Ramasubramanian
2021-02-11 17:47 ` Lakshmi Ramasubramanian
2021-02-11 23:59 ` Thiago Jung Bauermann
2021-02-11 23:59 ` Thiago Jung Bauermann
2021-02-11 23:59 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Lakshmi Ramasubramanian
2021-02-12 1:09 ` Lakshmi Ramasubramanian
2021-02-12 1:09 ` Lakshmi Ramasubramanian
2021-02-12 2:11 ` Thiago Jung Bauermann
2021-02-12 2:11 ` Thiago Jung Bauermann
2021-02-12 2:11 ` Thiago Jung Bauermann
2021-02-12 2:28 ` Lakshmi Ramasubramanian
2021-02-12 2:28 ` Lakshmi Ramasubramanian
2021-02-12 2:28 ` Lakshmi Ramasubramanian
2021-02-12 3:21 ` Thiago Jung Bauermann
2021-02-12 3:21 ` Thiago Jung Bauermann
2021-02-12 3:21 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 14:38 ` Rob Herring
2021-02-12 14:38 ` Rob Herring
2021-02-12 14:38 ` Rob Herring
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 03/10] arm64: Use common of_kexec_alloc_and_setup_fdt() Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-10 17:26 ` Will Deacon
2021-02-10 17:26 ` Will Deacon
2021-02-10 17:26 ` Will Deacon
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 04/10] powerpc: " Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 05/10] powerpc: Move ima buffer fields to struct kimage Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-10 17:20 ` Rob Herring
2021-02-10 17:20 ` Rob Herring
2021-02-10 17:20 ` Rob Herring
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 06/10] powerpc: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 07/10] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 08/10] kexec: Use fdt_appendprop_addrrange() to add ima buffer to FDT Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 09/10] powerpc: Delete unused function delete_fdt_mem_rsv() Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-09 18:22 ` [PATCH v17 10/10] arm64: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-09 18:22 ` Lakshmi Ramasubramanian
2021-02-09 18:22 ` Lakshmi Ramasubramanian
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-10 17:15 ` Rob Herring [this message]
2021-02-10 17:15 ` [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Rob Herring
2021-02-10 17:15 ` Rob Herring
2021-02-10 17:33 ` Lakshmi Ramasubramanian
2021-02-10 17:33 ` Lakshmi Ramasubramanian
2021-02-10 17:33 ` Lakshmi Ramasubramanian
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:55 ` Mimi Zohar
2021-02-10 20:55 ` Mimi Zohar
2021-02-10 20:55 ` Mimi Zohar
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 22:34 ` Lakshmi Ramasubramanian
2021-02-10 22:34 ` Lakshmi Ramasubramanian
2021-02-10 22:34 ` Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210210171500.GA2328209@robh.at.kernel.org \
--to=robh@kernel.org \
--cc=allison@lohutok.net \
--cc=balajib@linux.microsoft.com \
--cc=bauerman@linux.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=catalin.marinas@arm.com \
--cc=christophe.leroy@c-s.fr \
--cc=devicetree@vger.kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=frowand.list@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hsinyi@chromium.org \
--cc=james.morse@arm.com \
--cc=jmorris@namei.org \
--cc=joe@perches.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=mbrugger@suse.com \
--cc=mpe@ellerman.id.au \
--cc=nramas@linux.microsoft.com \
--cc=pasha.tatashin@soleen.com \
--cc=paulus@samba.org \
--cc=prsriva@linux.microsoft.com \
--cc=sashal@kernel.org \
--cc=serge@hallyn.com \
--cc=takahiro.akashi@linaro.org \
--cc=tao.li@vivo.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.