From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=BAYES_00,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D195C433DB for ; Tue, 12 Jan 2021 14:43:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EC4B823121 for ; Tue, 12 Jan 2021 14:43:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732332AbhALOne (ORCPT ); Tue, 12 Jan 2021 09:43:34 -0500 Received: from mail-ot1-f41.google.com ([209.85.210.41]:34043 "EHLO mail-ot1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726440AbhALOnc (ORCPT ); Tue, 12 Jan 2021 09:43:32 -0500 Received: by mail-ot1-f41.google.com with SMTP id a109so2482344otc.1; Tue, 12 Jan 2021 06:43:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=jLuXNEmtLsh4q/WoTJHKIzGwbfv3S50Xpe/RyA9VIyM=; b=A2iCrX+rVzFMlQuiC8ZLlPg4IOjM9d2FfMyWcp/Dt4cslwICMjoNaSmN0HMe1bm1iy QQJVYmPjlqBIYQYBBO4C0JrDEENz/AxTraizpCa3ogWJjwTJa66rZ63xqcl0V8/dE7rf q/q7ZNTS1BkuqajcaICD7qPrErmBxQG3oDGwA6+V3NxJMiU6csWOKEdmc3hH3UVd6e6V 7nCt5Js2XnSQKPkQQvfbYxwzG9I9u8girfeaOeDBgc4BaYsdSnpI+MKrWb9+vGXJFhWh aNLEAA8r+2pT5M4rZHsALWrqr8sLKZAPc9UPZZTOq1Rm191Ph09wNFdkMglmLnUCPCDb Rx6w== X-Gm-Message-State: AOAM531ntcqTSrfOj/3DQdxQTPMbFxS9JXbr53a+jnRfErzkTif1Ocab I7ZBizIqvtCJzG7LgePAwDFH5HbEwQ== X-Google-Smtp-Source: ABdhPJzjdAg7vY7kX3mqmavPKtL3svboVN48BuxP85NLoc3mx90pHjm3o+5h8okafMrBIipAWaNpRQ== X-Received: by 2002:a9d:ec5:: with SMTP id 63mr2969536otj.181.1610462571490; Tue, 12 Jan 2021 06:42:51 -0800 (PST) Received: from robh.at.kernel.org (24-155-109-49.dyn.grandenetworks.net. [24.155.109.49]) by smtp.gmail.com with ESMTPSA id c18sm675458oib.31.2021.01.12.06.42.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Jan 2021 06:42:50 -0800 (PST) Received: (nullmailer pid 321418 invoked by uid 1000); Tue, 12 Jan 2021 14:42:48 -0000 Date: Tue, 12 Jan 2021 08:42:48 -0600 From: Rob Herring To: Lakshmi Ramasubramanian Cc: zohar@linux.ibm.com, bauerman@linux.ibm.com, takahiro.akashi@linaro.org, gregkh@linuxfoundation.org, will@kernel.org, catalin.marinas@arm.com, mpe@ellerman.id.au, james.morse@arm.com, sashal@kernel.org, benh@kernel.crashing.org, paulus@samba.org, frowand.list@gmail.com, vincenzo.frascino@arm.com, mark.rutland@arm.com, dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, pasha.tatashin@soleen.com, allison@lohutok.net, masahiroy@kernel.org, bhsharma@redhat.com, mbrugger@suse.com, hsinyi@chromium.org, tao.li@vivo.com, christophe.leroy@c-s.fr, prsriva@linux.microsoft.com, balajib@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org, linuxppc-dev@vger.kernel.org Subject: Re: [PATCH v14 0/6] Carry forward IMA measurement log on kexec on ARM64 Message-ID: <20210112144248.GA256955@robh.at.kernel.org> References: <20210104192602.10131-1-nramas@linux.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210104192602.10131-1-nramas@linux.microsoft.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 04, 2021 at 11:25:56AM -0800, Lakshmi Ramasubramanian wrote: > On kexec file load Integrity Measurement Architecture (IMA) subsystem > may verify the IMA signature of the kernel and initramfs, and measure > it. The command line parameters passed to the kernel in the kexec call > may also be measured by IMA. A remote attestation service can verify > a TPM quote based on the TPM event log, the IMA measurement list, and > the TPM PCR data. This can be achieved only if the IMA measurement log > is carried over from the current kernel to the next kernel across > the kexec call. > > powerpc already supports carrying forward the IMA measurement log on > kexec. This patch set adds support for carrying forward the IMA > measurement log on kexec on ARM64. > > This patch set moves the platform independent code defined for powerpc > such that it can be reused for other platforms as well. A chosen node > "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold > the address and the size of the memory reserved to carry > the IMA measurement log. > > This patch set has been tested for ARM64 platform using QEMU. > I would like help from the community for testing this change on powerpc. > Thanks. > > This patch set is based on > commit a29a64445089 ("powerpc: Use common of_kexec_setup_new_fdt()") > in https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git > "dt/kexec" branch. This all looks good to me. I'd suggest you send the above patches out as part of this series because I don't plan to do so. I would like to also resolve the vmalloc vs. kmalloc difference for allocating the FDT. Then we can further consolidate the DT kexec code. It all needs some acks from arm64 and powerpc maintainers. As far as merging, I think via the integrity tree makes the most sense. Rob From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B5C7C433DB for ; Tue, 12 Jan 2021 14:44:37 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D0E3323121 for ; Tue, 12 Jan 2021 14:44:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D0E3323121 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Qi78bwsH/xH4QwIeVwEJ/i2YpHPESjyBGE564gOgamo=; b=zmvolKGUPHV8pIi1XvPndSX1j N4hiwkhyXopcJfJks3AkIFLiJg3+4+kt9TPgZtDeG3zJItd0TKQJwmJoqodE8K1G0YASQCoWERzbi f46/AET2wPly4miX1/78WMzUkKT6X6naxL8ebRItmcWUNK8WEE6PkJ0e/u0CrtSSsRMctTTz5zmt+ s4CcATSGllcR1fNJLsApMYVLLARRXaRs22ZCVLA3OhiCmpqIO0v3UDGLk0eiVS3Q2LoQKqjgtXglH GN6vaJ8mEvOj4xBwX92OhILVjctKGOUTSfaZm+8uC8YPASQ85YSI5zRgLoWXiCWgK2aNjgFjIkl+p CthSpZ4+A==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kzKss-0005rK-2h; Tue, 12 Jan 2021 14:42:59 +0000 Received: from mail-ot1-f49.google.com ([209.85.210.49]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kzKso-0005pP-7b for linux-arm-kernel@lists.infradead.org; Tue, 12 Jan 2021 14:42:55 +0000 Received: by mail-ot1-f49.google.com with SMTP id d20so2463622otl.3 for ; Tue, 12 Jan 2021 06:42:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=jLuXNEmtLsh4q/WoTJHKIzGwbfv3S50Xpe/RyA9VIyM=; b=U0+JEeFcKAea+OqbXpexPbuCB1VWRCjWsOLkmvSS1NWINx7LNCfjRZ7lvO+2ARGjQQ 3SIsAum0xmfT0LzdCGCYuudsRZbrRP5fVJiyxXjZmn5YDks0fhr17rCuNt8KrzwTnc12 6cwXHTgk/abOb5LYRWwo8RU76IY9+CNL5piAMHwaAWcEUimVW6Nav7ITcoyC0IvJH16R HWpUKHlWIvtxAyDP+6Nh8ZPcSck9ooncBEWDj+WShkeHsEsWZ5RSQg3SCGa8m55ECuQu lIIPsDkSK4tIfNBmQBTHdYJftMIqqYy7SMCh73iyxexBZyX3Ox0r9pJog4J0FMkDlace EE8g== X-Gm-Message-State: AOAM531lZ/nA3gj1OhpSR4VemVRebLM1XaeiVVXSiv+YaLtqNUD+G+o7 L5bDYj+ocohtGioW2OhQRA== X-Google-Smtp-Source: ABdhPJzjdAg7vY7kX3mqmavPKtL3svboVN48BuxP85NLoc3mx90pHjm3o+5h8okafMrBIipAWaNpRQ== X-Received: by 2002:a9d:ec5:: with SMTP id 63mr2969536otj.181.1610462571490; Tue, 12 Jan 2021 06:42:51 -0800 (PST) Received: from robh.at.kernel.org (24-155-109-49.dyn.grandenetworks.net. [24.155.109.49]) by smtp.gmail.com with ESMTPSA id c18sm675458oib.31.2021.01.12.06.42.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Jan 2021 06:42:50 -0800 (PST) Received: (nullmailer pid 321418 invoked by uid 1000); Tue, 12 Jan 2021 14:42:48 -0000 Date: Tue, 12 Jan 2021 08:42:48 -0600 From: Rob Herring To: Lakshmi Ramasubramanian Subject: Re: [PATCH v14 0/6] Carry forward IMA measurement log on kexec on ARM64 Message-ID: <20210112144248.GA256955@robh.at.kernel.org> References: <20210104192602.10131-1-nramas@linux.microsoft.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210104192602.10131-1-nramas@linux.microsoft.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210112_094254_311675_D8E10FB9 X-CRM114-Status: GOOD ( 25.04 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, benh@kernel.crashing.org, bhsharma@redhat.com, tao.li@vivo.com, zohar@linux.ibm.com, paulus@samba.org, vincenzo.frascino@arm.com, frowand.list@gmail.com, sashal@kernel.org, mpe@ellerman.id.au, masahiroy@kernel.org, jmorris@namei.org, takahiro.akashi@linaro.org, linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com, serge@hallyn.com, devicetree@vger.kernel.org, pasha.tatashin@soleen.com, will@kernel.org, linuxppc-dev@vger.kernel.org, prsriva@linux.microsoft.com, hsinyi@chromium.org, allison@lohutok.net, christophe.leroy@c-s.fr, mbrugger@suse.com, balajib@linux.microsoft.com, dmitry.kasatkin@gmail.com, linux-kernel@vger.kernel.org, james.morse@arm.com, gregkh@linuxfoundation.org, linux-integrity@vger.kernel.org, bauerman@linux.ibm.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Jan 04, 2021 at 11:25:56AM -0800, Lakshmi Ramasubramanian wrote: > On kexec file load Integrity Measurement Architecture (IMA) subsystem > may verify the IMA signature of the kernel and initramfs, and measure > it. The command line parameters passed to the kernel in the kexec call > may also be measured by IMA. A remote attestation service can verify > a TPM quote based on the TPM event log, the IMA measurement list, and > the TPM PCR data. This can be achieved only if the IMA measurement log > is carried over from the current kernel to the next kernel across > the kexec call. > > powerpc already supports carrying forward the IMA measurement log on > kexec. This patch set adds support for carrying forward the IMA > measurement log on kexec on ARM64. > > This patch set moves the platform independent code defined for powerpc > such that it can be reused for other platforms as well. A chosen node > "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold > the address and the size of the memory reserved to carry > the IMA measurement log. > > This patch set has been tested for ARM64 platform using QEMU. > I would like help from the community for testing this change on powerpc. > Thanks. > > This patch set is based on > commit a29a64445089 ("powerpc: Use common of_kexec_setup_new_fdt()") > in https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git > "dt/kexec" branch. This all looks good to me. I'd suggest you send the above patches out as part of this series because I don't plan to do so. I would like to also resolve the vmalloc vs. kmalloc difference for allocating the FDT. Then we can further consolidate the DT kexec code. It all needs some acks from arm64 and powerpc maintainers. As far as merging, I think via the integrity tree makes the most sense. Rob _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel