All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Jonathan McDowell <noodles@fb.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"x86@kernel.org" <x86@kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>, Baoquan He <bhe@redhat.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"linux-security-module@vger.kernel.org"
	<linux-security-module@vger.kernel.org>,
	"kexec@lists.infradead.org" <kexec@lists.infradead.org>
Subject: Re: [PATCH v5] x86/kexec: Carry forward IMA measurement log on kexec
Date: Mon, 13 Jun 2022 17:01:50 -0400	[thread overview]
Message-ID: <60813f86e960d12ed3738531a14382769a061a02.camel@linux.ibm.com> (raw)
In-Reply-To: <YqcRuQFq5fg1XhB/@noodles-fedora.dhcp.thefacebook.com>

On Mon, 2022-06-13 at 10:30 +0000, Jonathan McDowell wrote:
> On kexec file load Integrity Measurement Architecture (IMA) subsystem
> may verify the IMA signature of the kernel and initramfs, and measure
> it. The command line parameters passed to the kernel in the kexec call
> may also be measured by IMA. A remote attestation service can verify
> a TPM quote based on the TPM event log, the IMA measurement list, and
> the TPM PCR data. This can be achieved only if the IMA measurement log
> is carried over from the current kernel to the next kernel across
> the kexec call.
> 
> powerpc and ARM64 both achieve this using device tree with a
> "linux,ima-kexec-buffer" node. x86 platforms generally don't make use of
> device tree, so use the setup_data mechanism to pass the IMA buffer to
> the new kernel.
> 
> (Mimi, Baoquan, I haven't included your reviewed-bys because this has
>  changed the compile guards around the ima_(free|get)_kexec_buffer
>  functions in order to fix the warning the kernel test robot found. I
>  think this is the right thing to do and avoids us compiling them on
>  platforms where they won't be used. The alternative would be to drop
>  the guards in ima.h that Mimi requested for v4.)hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
> 
> Signed-off-by: Jonathan McDowell <noodles@fb.com>
> ---
> v5:
>  - Guard ima_(free|get)_kexec_buffer functions with
>    CONFIG_HAVE_IMA_KEXEC (kernel test robot)
>  - Use setup_data_offset in setup_boot_parameters and update rather than
>    calculating in call to setup_ima_state.
> v4:
>  - Guard ima.h function prototypes with CONFIG_HAVE_IMA_KEXEC

> diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
> index 8d374cc552be..42a6c5721a43 100644
> --- a/drivers/of/kexec.c
> +++ b/drivers/of/kexec.c
> @@ -9,6 +9,7 @@
>   *  Copyright (C) 2016  IBM Corporation
>   */
>  
> +#include <linux/ima.h>
>  #include <linux/kernel.h>
>  #include <linux/kexec.h>
>  #include <linux/memblock.h>
> @@ -115,6 +116,7 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
>  	return 0;
>  }
>  
> +#ifdef CONFIG_HAVE_IMA_KEXEC
>  /**
>   * ima_get_kexec_buffer - get IMA buffer from the previous kernel
>   * @addr:	On successful return, set to point to the buffer contents.
> @@ -173,6 +175,7 @@ int ima_free_kexec_buffer(void)
>  
>  	return memblock_phys_free(addr, size);
>  }
> +#endif

Inside ima_{get,free}_kexec_buffer(), there's no need now to test
whether CONFIG_HAVE_IMA_KEXEC is enabled.

        if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC))
                return -ENOTSUPP;

Otherwise,

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>  # IMA function
definitions

>  
>  /**
>   * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
> diff --git a/include/linux/ima.h b/include/linux/ima.h


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

WARNING: multiple messages have this Message-ID
From: Mimi Zohar <zohar@linux.ibm.com>
To: Jonathan McDowell <noodles@fb.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"x86@kernel.org" <x86@kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>, Baoquan He <bhe@redhat.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>,
	"kexec@lists.infradead.org" <kexec@lists.infradead.org>
Subject: Re: [PATCH v5] x86/kexec: Carry forward IMA measurement log on kexec
Date: Mon, 13 Jun 2022 17:01:50 -0400	[thread overview]
Message-ID: <60813f86e960d12ed3738531a14382769a061a02.camel@linux.ibm.com> (raw)
In-Reply-To: <YqcRuQFq5fg1XhB/@noodles-fedora.dhcp.thefacebook.com>

On Mon, 2022-06-13 at 10:30 +0000, Jonathan McDowell wrote:
> On kexec file load Integrity Measurement Architecture (IMA) subsystem
> may verify the IMA signature of the kernel and initramfs, and measure
> it. The command line parameters passed to the kernel in the kexec call
> may also be measured by IMA. A remote attestation service can verify
> a TPM quote based on the TPM event log, the IMA measurement list, and
> the TPM PCR data. This can be achieved only if the IMA measurement log
> is carried over from the current kernel to the next kernel across
> the kexec call.
> 
> powerpc and ARM64 both achieve this using device tree with a
> "linux,ima-kexec-buffer" node. x86 platforms generally don't make use of
> device tree, so use the setup_data mechanism to pass the IMA buffer to
> the new kernel.
> 
> (Mimi, Baoquan, I haven't included your reviewed-bys because this has
>  changed the compile guards around the ima_(free|get)_kexec_buffer
>  functions in order to fix the warning the kernel test robot found. I
>  think this is the right thing to do and avoids us compiling them on
>  platforms where they won't be used. The alternative would be to drop
>  the guards in ima.h that Mimi requested for v4.)hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
> 
> Signed-off-by: Jonathan McDowell <noodles@fb.com>
> ---
> v5:
>  - Guard ima_(free|get)_kexec_buffer functions with
>    CONFIG_HAVE_IMA_KEXEC (kernel test robot)
>  - Use setup_data_offset in setup_boot_parameters and update rather than
>    calculating in call to setup_ima_state.
> v4:
>  - Guard ima.h function prototypes with CONFIG_HAVE_IMA_KEXEC

> diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
> index 8d374cc552be..42a6c5721a43 100644
> --- a/drivers/of/kexec.c
> +++ b/drivers/of/kexec.c
> @@ -9,6 +9,7 @@
>   *  Copyright (C) 2016  IBM Corporation
>   */
>  
> +#include <linux/ima.h>
>  #include <linux/kernel.h>
>  #include <linux/kexec.h>
>  #include <linux/memblock.h>
> @@ -115,6 +116,7 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
>  	return 0;
>  }
>  
> +#ifdef CONFIG_HAVE_IMA_KEXEC
>  /**
>   * ima_get_kexec_buffer - get IMA buffer from the previous kernel
>   * @addr:	On successful return, set to point to the buffer contents.
> @@ -173,6 +175,7 @@ int ima_free_kexec_buffer(void)
>  
>  	return memblock_phys_free(addr, size);
>  }
> +#endif

Inside ima_{get,free}_kexec_buffer(), there's no need now to test
whether CONFIG_HAVE_IMA_KEXEC is enabled.

        if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC))
                return -ENOTSUPP;

Otherwise,

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>  # IMA function
definitions

>  
>  /**
>   * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
> diff --git a/include/linux/ima.h b/include/linux/ima.h


  reply	other threads:[~2022-06-13 21:02 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-22 13:50 [PATCH] Carry forward IMA measurement log on kexec on x86_64 Jonathan McDowell
2022-04-25 16:29 ` Mimi Zohar
2022-04-26 12:08   ` Jonathan McDowell
2022-04-26 13:49     ` Mimi Zohar
2022-04-26 16:48       ` Jonathan McDowell
2022-04-26 18:10         ` Mimi Zohar
2022-04-28 10:40           ` Jonathan McDowell
2022-04-28 12:25             ` Mimi Zohar
2022-04-26 16:52 ` [PATCH v2] " Jonathan McDowell
2022-04-29 21:30   ` Mimi Zohar
2022-05-03 12:02     ` Jonathan McDowell
2022-05-04 13:49       ` Mimi Zohar
2022-05-09 10:40   ` Jonathan McDowell
2022-05-09 11:25     ` Boris Petkov
2022-05-09 17:46       ` Jonathan McDowell
2022-05-09 18:09         ` Borislav Petkov
2022-05-09 18:41           ` Jonathan McDowell
2022-05-09 19:40             ` Borislav Petkov
2022-05-10  8:02               ` Jonathan McDowell
2022-05-10 10:46   ` Borislav Petkov
2022-05-11  9:59   ` [PATCH v3] x86/kexec: Carry forward IMA measurement log on kexec Jonathan McDowell
2022-05-11 17:53     ` Mimi Zohar
2022-05-11 17:56       ` Borislav Petkov
2022-05-11 19:12         ` Mimi Zohar
2022-05-12  1:34       ` Mimi Zohar
2022-05-12 16:25     ` [PATCH v4] " Jonathan McDowell
2022-05-13 17:19       ` Lakshmi Ramasubramanian
2022-05-16 15:15         ` Jonathan McDowell
2022-05-17 17:19           ` Lakshmi Ramasubramanian
2022-05-18 10:42             ` Jonathan McDowell
2022-05-18 14:43       ` Mimi Zohar
2022-05-30  8:40         ` Jonathan McDowell
2022-06-03 15:55           ` Dave Hansen
2022-06-03 15:55             ` Dave Hansen
2022-06-06  3:54             ` Baoquan He
2022-06-06  3:54               ` Baoquan He
2022-06-06  4:06       ` Baoquan He
2022-06-10  9:52         ` Jonathan McDowell
2022-06-10  9:52           ` Jonathan McDowell
2022-06-13 10:30       ` [PATCH v5] " Jonathan McDowell
2022-06-13 10:30         ` Jonathan McDowell
2022-06-13 21:01         ` Mimi Zohar [this message]
2022-06-13 21:01           ` Mimi Zohar
2022-06-16  2:59           ` Baoquan He
2022-06-16  2:59             ` Baoquan He
2022-06-16 15:30         ` [PATCH v6] " Jonathan McDowell
2022-06-16 15:30           ` Jonathan McDowell
2022-06-30  8:36           ` [PATCH v7] " Jonathan McDowell
2022-06-30  8:36             ` Jonathan McDowell
2022-06-30 11:54             ` Mimi Zohar
2022-06-30 11:54               ` Mimi Zohar
2022-07-04  2:36             ` Baoquan He
2022-07-04  2:36               ` Baoquan He
2022-06-27 11:56 ` [tip: x86/kdump] " tip-bot2 for Jonathan McDowell
2022-07-01 14:37 ` tip-bot2 for Jonathan McDowell
2022-07-07 16:52 ` [tip: x86/boot] " tip-bot2 for Jonathan McDowell
2022-07-07 17:37   ` Jonathan McDowell
2022-07-07 17:50     ` Dave Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=60813f86e960d12ed3738531a14382769a061a02.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=bhe@redhat.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=hpa@zytor.com \
    --cc=jmorris@namei.org \
    --cc=kexec@lists.infradead.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=noodles@fb.com \
    --cc=serge@hallyn.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.