From: Mimi Zohar <zohar@linux.ibm.com> To: Jonathan McDowell <noodles@fb.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, "x86@kernel.org" <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, James Morris <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>, Baoquan He <bhe@redhat.com> Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>, "linux-security-module@vger.kernel.org" <linux-security-module@vger.kernel.org>, "kexec@lists.infradead.org" <kexec@lists.infradead.org> Subject: Re: [PATCH v5] x86/kexec: Carry forward IMA measurement log on kexec Date: Mon, 13 Jun 2022 17:01:50 -0400 [thread overview] Message-ID: <60813f86e960d12ed3738531a14382769a061a02.camel@linux.ibm.com> (raw) In-Reply-To: <YqcRuQFq5fg1XhB/@noodles-fedora.dhcp.thefacebook.com> On Mon, 2022-06-13 at 10:30 +0000, Jonathan McDowell wrote: > On kexec file load Integrity Measurement Architecture (IMA) subsystem > may verify the IMA signature of the kernel and initramfs, and measure > it. The command line parameters passed to the kernel in the kexec call > may also be measured by IMA. A remote attestation service can verify > a TPM quote based on the TPM event log, the IMA measurement list, and > the TPM PCR data. This can be achieved only if the IMA measurement log > is carried over from the current kernel to the next kernel across > the kexec call. > > powerpc and ARM64 both achieve this using device tree with a > "linux,ima-kexec-buffer" node. x86 platforms generally don't make use of > device tree, so use the setup_data mechanism to pass the IMA buffer to > the new kernel. > > (Mimi, Baoquan, I haven't included your reviewed-bys because this has > changed the compile guards around the ima_(free|get)_kexec_buffer > functions in order to fix the warning the kernel test robot found. I > think this is the right thing to do and avoids us compiling them on > platforms where they won't be used. The alternative would be to drop > the guards in ima.h that Mimi requested for v4.)hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh > > Signed-off-by: Jonathan McDowell <noodles@fb.com> > --- > v5: > - Guard ima_(free|get)_kexec_buffer functions with > CONFIG_HAVE_IMA_KEXEC (kernel test robot) > - Use setup_data_offset in setup_boot_parameters and update rather than > calculating in call to setup_ima_state. > v4: > - Guard ima.h function prototypes with CONFIG_HAVE_IMA_KEXEC > diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c > index 8d374cc552be..42a6c5721a43 100644 > --- a/drivers/of/kexec.c > +++ b/drivers/of/kexec.c > @@ -9,6 +9,7 @@ > * Copyright (C) 2016 IBM Corporation > */ > > +#include <linux/ima.h> > #include <linux/kernel.h> > #include <linux/kexec.h> > #include <linux/memblock.h> > @@ -115,6 +116,7 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr, > return 0; > } > > +#ifdef CONFIG_HAVE_IMA_KEXEC > /** > * ima_get_kexec_buffer - get IMA buffer from the previous kernel > * @addr: On successful return, set to point to the buffer contents. > @@ -173,6 +175,7 @@ int ima_free_kexec_buffer(void) > > return memblock_phys_free(addr, size); > } > +#endif Inside ima_{get,free}_kexec_buffer(), there's no need now to test whether CONFIG_HAVE_IMA_KEXEC is enabled. if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) return -ENOTSUPP; Otherwise, Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> # IMA function definitions > > /** > * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt > diff --git a/include/linux/ima.h b/include/linux/ima.h _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com> To: Jonathan McDowell <noodles@fb.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, "x86@kernel.org" <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, James Morris <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>, Baoquan He <bhe@redhat.com> Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>, "linux-security-module@vger.kernel.org" <linux-security-module@vger.kernel.org>, "kexec@lists.infradead.org" <kexec@lists.infradead.org> Subject: Re: [PATCH v5] x86/kexec: Carry forward IMA measurement log on kexec Date: Mon, 13 Jun 2022 17:01:50 -0400 [thread overview] Message-ID: <60813f86e960d12ed3738531a14382769a061a02.camel@linux.ibm.com> (raw) In-Reply-To: <YqcRuQFq5fg1XhB/@noodles-fedora.dhcp.thefacebook.com> On Mon, 2022-06-13 at 10:30 +0000, Jonathan McDowell wrote: > On kexec file load Integrity Measurement Architecture (IMA) subsystem > may verify the IMA signature of the kernel and initramfs, and measure > it. The command line parameters passed to the kernel in the kexec call > may also be measured by IMA. A remote attestation service can verify > a TPM quote based on the TPM event log, the IMA measurement list, and > the TPM PCR data. This can be achieved only if the IMA measurement log > is carried over from the current kernel to the next kernel across > the kexec call. > > powerpc and ARM64 both achieve this using device tree with a > "linux,ima-kexec-buffer" node. x86 platforms generally don't make use of > device tree, so use the setup_data mechanism to pass the IMA buffer to > the new kernel. > > (Mimi, Baoquan, I haven't included your reviewed-bys because this has > changed the compile guards around the ima_(free|get)_kexec_buffer > functions in order to fix the warning the kernel test robot found. I > think this is the right thing to do and avoids us compiling them on > platforms where they won't be used. The alternative would be to drop > the guards in ima.h that Mimi requested for v4.)hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh > > Signed-off-by: Jonathan McDowell <noodles@fb.com> > --- > v5: > - Guard ima_(free|get)_kexec_buffer functions with > CONFIG_HAVE_IMA_KEXEC (kernel test robot) > - Use setup_data_offset in setup_boot_parameters and update rather than > calculating in call to setup_ima_state. > v4: > - Guard ima.h function prototypes with CONFIG_HAVE_IMA_KEXEC > diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c > index 8d374cc552be..42a6c5721a43 100644 > --- a/drivers/of/kexec.c > +++ b/drivers/of/kexec.c > @@ -9,6 +9,7 @@ > * Copyright (C) 2016 IBM Corporation > */ > > +#include <linux/ima.h> > #include <linux/kernel.h> > #include <linux/kexec.h> > #include <linux/memblock.h> > @@ -115,6 +116,7 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr, > return 0; > } > > +#ifdef CONFIG_HAVE_IMA_KEXEC > /** > * ima_get_kexec_buffer - get IMA buffer from the previous kernel > * @addr: On successful return, set to point to the buffer contents. > @@ -173,6 +175,7 @@ int ima_free_kexec_buffer(void) > > return memblock_phys_free(addr, size); > } > +#endif Inside ima_{get,free}_kexec_buffer(), there's no need now to test whether CONFIG_HAVE_IMA_KEXEC is enabled. if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) return -ENOTSUPP; Otherwise, Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> # IMA function definitions > > /** > * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt > diff --git a/include/linux/ima.h b/include/linux/ima.h
next prev parent reply other threads:[~2022-06-13 21:02 UTC|newest] Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-04-22 13:50 [PATCH] Carry forward IMA measurement log on kexec on x86_64 Jonathan McDowell 2022-04-25 16:29 ` Mimi Zohar 2022-04-26 12:08 ` Jonathan McDowell 2022-04-26 13:49 ` Mimi Zohar 2022-04-26 16:48 ` Jonathan McDowell 2022-04-26 18:10 ` Mimi Zohar 2022-04-28 10:40 ` Jonathan McDowell 2022-04-28 12:25 ` Mimi Zohar 2022-04-26 16:52 ` [PATCH v2] " Jonathan McDowell 2022-04-29 21:30 ` Mimi Zohar 2022-05-03 12:02 ` Jonathan McDowell 2022-05-04 13:49 ` Mimi Zohar 2022-05-09 10:40 ` Jonathan McDowell 2022-05-09 11:25 ` Boris Petkov 2022-05-09 17:46 ` Jonathan McDowell 2022-05-09 18:09 ` Borislav Petkov 2022-05-09 18:41 ` Jonathan McDowell 2022-05-09 19:40 ` Borislav Petkov 2022-05-10 8:02 ` Jonathan McDowell 2022-05-10 10:46 ` Borislav Petkov 2022-05-11 9:59 ` [PATCH v3] x86/kexec: Carry forward IMA measurement log on kexec Jonathan McDowell 2022-05-11 17:53 ` Mimi Zohar 2022-05-11 17:56 ` Borislav Petkov 2022-05-11 19:12 ` Mimi Zohar 2022-05-12 1:34 ` Mimi Zohar 2022-05-12 16:25 ` [PATCH v4] " Jonathan McDowell 2022-05-13 17:19 ` Lakshmi Ramasubramanian 2022-05-16 15:15 ` Jonathan McDowell 2022-05-17 17:19 ` Lakshmi Ramasubramanian 2022-05-18 10:42 ` Jonathan McDowell 2022-05-18 14:43 ` Mimi Zohar 2022-05-30 8:40 ` Jonathan McDowell 2022-06-03 15:55 ` Dave Hansen 2022-06-03 15:55 ` Dave Hansen 2022-06-06 3:54 ` Baoquan He 2022-06-06 3:54 ` Baoquan He 2022-06-06 4:06 ` Baoquan He 2022-06-10 9:52 ` Jonathan McDowell 2022-06-10 9:52 ` Jonathan McDowell 2022-06-13 10:30 ` [PATCH v5] " Jonathan McDowell 2022-06-13 10:30 ` Jonathan McDowell 2022-06-13 21:01 ` Mimi Zohar [this message] 2022-06-13 21:01 ` Mimi Zohar 2022-06-16 2:59 ` Baoquan He 2022-06-16 2:59 ` Baoquan He 2022-06-16 15:30 ` [PATCH v6] " Jonathan McDowell 2022-06-16 15:30 ` Jonathan McDowell 2022-06-30 8:36 ` [PATCH v7] " Jonathan McDowell 2022-06-30 8:36 ` Jonathan McDowell 2022-06-30 11:54 ` Mimi Zohar 2022-06-30 11:54 ` Mimi Zohar 2022-07-04 2:36 ` Baoquan He 2022-07-04 2:36 ` Baoquan He 2022-06-27 11:56 ` [tip: x86/kdump] " tip-bot2 for Jonathan McDowell 2022-07-01 14:37 ` tip-bot2 for Jonathan McDowell 2022-07-07 16:52 ` [tip: x86/boot] " tip-bot2 for Jonathan McDowell 2022-07-07 17:37 ` Jonathan McDowell 2022-07-07 17:50 ` Dave Hansen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=60813f86e960d12ed3738531a14382769a061a02.camel@linux.ibm.com \ --to=zohar@linux.ibm.com \ --cc=bhe@redhat.com \ --cc=bp@alien8.de \ --cc=dave.hansen@linux.intel.com \ --cc=dmitry.kasatkin@gmail.com \ --cc=hpa@zytor.com \ --cc=jmorris@namei.org \ --cc=kexec@lists.infradead.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=mingo@redhat.com \ --cc=noodles@fb.com \ --cc=serge@hallyn.com \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.