From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754493AbcHaW6J (ORCPT ); Wed, 31 Aug 2016 18:58:09 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:52685 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753015AbcHaW6H (ORCPT ); Wed, 31 Aug 2016 18:58:07 -0400 X-IBM-Helo: d28dlp01.in.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org Subject: Re: [PATHC v2 0/9] ima: carry the measurement list across kexec From: Mimi Zohar To: Andrew Morton Cc: linux-security-module , linux-ima-devel@lists.sourceforge.net, Dave Young , kexec@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Thiago Jung Bauermann Date: Wed, 31 Aug 2016 18:38:06 -0400 In-Reply-To: <20160831135047.4b05a7f912f158ed5f888241@linux-foundation.org> References: <1472596811-9596-1-git-send-email-zohar@linux.vnet.ibm.com> <20160831135047.4b05a7f912f158ed5f888241@linux-foundation.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16083122-0016-0000-0000-000003119318 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16083122-0017-0000-0000-000025DF96AD Message-Id: <1472683086.2607.17.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-08-31_05:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=4 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608310255 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2016-08-31 at 13:50 -0700, Andrew Morton wrote: > On Tue, 30 Aug 2016 18:40:02 -0400 Mimi Zohar wrote: > > > The TPM PCRs are only reset on a hard reboot. In order to validate a > > TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list > > of the running kernel must be saved and then restored on the subsequent > > boot, possibly of a different architecture. > > > > The existing securityfs binary_runtime_measurements file conveniently > > provides a serialized format of the IMA measurement list. This patch > > set serializes the measurement list in this format and restores it. > > > > Up to now, the binary_runtime_measurements was defined as architecture > > native format. The assumption being that userspace could and would > > handle any architecture conversions. With the ability of carrying the > > measurement list across kexec, possibly from one architecture to a > > different one, the per boot architecture information is lost and with it > > the ability of recalculating the template digest hash. To resolve this > > problem, without breaking the existing ABI, this patch set introduces > > the boot command line option "ima_canonical_fmt", which is arbitrarily > > defined as little endian. > > > > The need for this boot command line option will be limited to the > > existing version 1 format of the binary_runtime_measurements. > > Subsequent formats will be defined as canonical format (eg. TPM 2.0 > > support for larger digests). > > > > This patch set pre-req's Thiago Bauermann's "kexec_file: Add buffer > > hand-over for the next kernel" patch set. > > > > These patches can also be found in the next-kexec-restore branch of: > > git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git > > I'll merge these into -mm to get some linux-next exposure. I don't > know what your upstream merge plans will be? Sounds good. I'm hoping to get some review/comments on this patch set as well. At the moment, I'm chasing down a kernel test robot report from this afternoon. Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5] helo=mx0a-001b2d01.pphosted.com) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1bfE9X-0000Px-RV for kexec@lists.infradead.org; Wed, 31 Aug 2016 22:38:40 +0000 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u7VMaecc065977 for ; Wed, 31 Aug 2016 18:38:18 -0400 Received: from e28smtp02.in.ibm.com (e28smtp02.in.ibm.com [125.16.236.2]) by mx0a-001b2d01.pphosted.com with ESMTP id 255pm0vvd8-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 31 Aug 2016 18:38:17 -0400 Received: from localhost by e28smtp02.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 1 Sep 2016 04:08:14 +0530 Received: from d28relay05.in.ibm.com (d28relay05.in.ibm.com [9.184.220.62]) by d28dlp02.in.ibm.com (Postfix) with ESMTP id 02E8B3940060 for ; Thu, 1 Sep 2016 04:08:12 +0530 (IST) Received: from d28av03.in.ibm.com (d28av03.in.ibm.com [9.184.220.65]) by d28relay05.in.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u7VMcBbh34341042 for ; Thu, 1 Sep 2016 04:08:11 +0530 Received: from d28av03.in.ibm.com (localhost [127.0.0.1]) by d28av03.in.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u7VMcAgl001679 for ; Thu, 1 Sep 2016 04:08:11 +0530 Subject: Re: [PATHC v2 0/9] ima: carry the measurement list across kexec From: Mimi Zohar Date: Wed, 31 Aug 2016 18:38:06 -0400 In-Reply-To: <20160831135047.4b05a7f912f158ed5f888241@linux-foundation.org> References: <1472596811-9596-1-git-send-email-zohar@linux.vnet.ibm.com> <20160831135047.4b05a7f912f158ed5f888241@linux-foundation.org> Mime-Version: 1.0 Message-Id: <1472683086.2607.17.camel@linux.vnet.ibm.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Andrew Morton Cc: linuxppc-dev@lists.ozlabs.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Thiago Jung Bauermann , linux-security-module , linux-ima-devel@lists.sourceforge.net, Dave Young On Wed, 2016-08-31 at 13:50 -0700, Andrew Morton wrote: > On Tue, 30 Aug 2016 18:40:02 -0400 Mimi Zohar wrote: > > > The TPM PCRs are only reset on a hard reboot. In order to validate a > > TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list > > of the running kernel must be saved and then restored on the subsequent > > boot, possibly of a different architecture. > > > > The existing securityfs binary_runtime_measurements file conveniently > > provides a serialized format of the IMA measurement list. This patch > > set serializes the measurement list in this format and restores it. > > > > Up to now, the binary_runtime_measurements was defined as architecture > > native format. The assumption being that userspace could and would > > handle any architecture conversions. With the ability of carrying the > > measurement list across kexec, possibly from one architecture to a > > different one, the per boot architecture information is lost and with it > > the ability of recalculating the template digest hash. To resolve this > > problem, without breaking the existing ABI, this patch set introduces > > the boot command line option "ima_canonical_fmt", which is arbitrarily > > defined as little endian. > > > > The need for this boot command line option will be limited to the > > existing version 1 format of the binary_runtime_measurements. > > Subsequent formats will be defined as canonical format (eg. TPM 2.0 > > support for larger digests). > > > > This patch set pre-req's Thiago Bauermann's "kexec_file: Add buffer > > hand-over for the next kernel" patch set. > > > > These patches can also be found in the next-kexec-restore branch of: > > git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git > > I'll merge these into -mm to get some linux-next exposure. I don't > know what your upstream merge plans will be? Sounds good. I'm hoping to get some review/comments on this patch set as well. At the moment, I'm chasing down a kernel test robot report from this afternoon. Mimi _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec