From: Nageswara R Sastry <nasastry@in.ibm.com>
To: Stefan Berger <stefanb@linux.ibm.com>,
"kexec@lists.infradead.org" <kexec@lists.infradead.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Cc: "nayna@linux.ibm.com" <nayna@linux.ibm.com>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
Rob Herring <robh+dt@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Eric Biederman <ebiederm@xmission.com>
Subject: Re: [PATCH v6 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Date: Wed, 20 Jul 2022 13:48:40 +0000 [thread overview]
Message-ID: <MWHPR15MB11506932B2AD3EDD6B439E13EB8E9@MWHPR15MB1150.namprd15.prod.outlook.com> (raw)
In-Reply-To: <20220707172026.831614-7-stefanb@linux.ibm.com>
________________________________________
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: 07 July 2022 10:50 PM
> To: kexec@lists.infradead.org; devicetree@vger.kernel.org; linux-integrity@vger.kernel.org; linux-kernel@vger.kernel.org; linuxppc-dev@lists.ozlabs.org
> Cc: nayna@linux.ibm.com; Nageswara R Sastry; mpe@ellerman.id.au; Stefan Berger; Rob Herring; Frank Rowand; Eric Biederman
> Subject: [PATCH v6 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
> The memory area of the TPM measurement log is currently not properly
> duplicated for carrying it across kexec when an Open Firmware
> Devicetree is used. Therefore, the contents of the log get corrupted.
> Fix this for the kexec_file_load() syscall by allocating a buffer and
> copying the contents of the existing log into it. The new buffer is
> preserved across the kexec and a pointer to it is available when the new
> kernel is started. To achieve this, store the allocated buffer's address
> in the flattened device tree (fdt) under the name linux,tpm-kexec-buffer
> and search for this entry early in the kernel startup before the TPM
> subsystem starts up. Adjust the pointer in the of-tree stored under
> linux,sml-base to point to this buffer holding the preserved log. The TPM
> driver can then read the base address from this entry when making the log
> available. Invalidate the log by removing 'linux,sml-base' from the
> devicetree if anything goes wrong with updating the buffer.
> Use subsys_initcall() to call the function to restore the buffer even if
> the TPM subsystem or driver are not used. This allows the buffer to be
> carried across the next kexec without involvement of the TPM subsystem
> and ensures a valid buffer pointed to by the of-tree.
> Use the subsys_initcall(), rather than an ealier initcall, since
> page_is_ram() in get_kexec_buffer() only starts working at this stage.
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Frank Rowand <frowand.list@gmail.com>
> Cc: Eric Biederman <ebiederm@xmission.com>
> ---
> v6:
> - Define prototype for tpm_add_kexec_buffer under same config options
> as drivers/of/kexec.c is compiled, provide inline function otherwise.
> (kernel test robot)
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
WARNING: multiple messages have this Message-ID (diff)
From: Nageswara R Sastry <nasastry@in.ibm.com>
To: Stefan Berger <stefanb@linux.ibm.com>,
"kexec@lists.infradead.org" <kexec@lists.infradead.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Cc: "nayna@linux.ibm.com" <nayna@linux.ibm.com>,
Frank Rowand <frowand.list@gmail.com>,
Eric Biederman <ebiederm@xmission.com>,
Rob Herring <robh+dt@kernel.org>
Subject: Re: [PATCH v6 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Date: Wed, 20 Jul 2022 13:48:40 +0000 [thread overview]
Message-ID: <MWHPR15MB11506932B2AD3EDD6B439E13EB8E9@MWHPR15MB1150.namprd15.prod.outlook.com> (raw)
In-Reply-To: <20220707172026.831614-7-stefanb@linux.ibm.com>
________________________________________
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: 07 July 2022 10:50 PM
> To: kexec@lists.infradead.org; devicetree@vger.kernel.org; linux-integrity@vger.kernel.org; linux-kernel@vger.kernel.org; linuxppc-dev@lists.ozlabs.org
> Cc: nayna@linux.ibm.com; Nageswara R Sastry; mpe@ellerman.id.au; Stefan Berger; Rob Herring; Frank Rowand; Eric Biederman
> Subject: [PATCH v6 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
> The memory area of the TPM measurement log is currently not properly
> duplicated for carrying it across kexec when an Open Firmware
> Devicetree is used. Therefore, the contents of the log get corrupted.
> Fix this for the kexec_file_load() syscall by allocating a buffer and
> copying the contents of the existing log into it. The new buffer is
> preserved across the kexec and a pointer to it is available when the new
> kernel is started. To achieve this, store the allocated buffer's address
> in the flattened device tree (fdt) under the name linux,tpm-kexec-buffer
> and search for this entry early in the kernel startup before the TPM
> subsystem starts up. Adjust the pointer in the of-tree stored under
> linux,sml-base to point to this buffer holding the preserved log. The TPM
> driver can then read the base address from this entry when making the log
> available. Invalidate the log by removing 'linux,sml-base' from the
> devicetree if anything goes wrong with updating the buffer.
> Use subsys_initcall() to call the function to restore the buffer even if
> the TPM subsystem or driver are not used. This allows the buffer to be
> carried across the next kexec without involvement of the TPM subsystem
> and ensures a valid buffer pointed to by the of-tree.
> Use the subsys_initcall(), rather than an ealier initcall, since
> page_is_ram() in get_kexec_buffer() only starts working at this stage.
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Frank Rowand <frowand.list@gmail.com>
> Cc: Eric Biederman <ebiederm@xmission.com>
> ---
> v6:
> - Define prototype for tpm_add_kexec_buffer under same config options
> as drivers/of/kexec.c is compiled, provide inline function otherwise.
> (kernel test robot)
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
WARNING: multiple messages have this Message-ID (diff)
From: Nageswara R Sastry <nasastry@in.ibm.com>
To: Stefan Berger <stefanb@linux.ibm.com>,
"kexec@lists.infradead.org" <kexec@lists.infradead.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Cc: "nayna@linux.ibm.com" <nayna@linux.ibm.com>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
Rob Herring <robh+dt@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Eric Biederman <ebiederm@xmission.com>
Subject: Re: [PATCH v6 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Date: Wed, 20 Jul 2022 13:48:40 +0000 [thread overview]
Message-ID: <MWHPR15MB11506932B2AD3EDD6B439E13EB8E9@MWHPR15MB1150.namprd15.prod.outlook.com> (raw)
In-Reply-To: <20220707172026.831614-7-stefanb@linux.ibm.com>
________________________________________
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: 07 July 2022 10:50 PM
> To: kexec@lists.infradead.org; devicetree@vger.kernel.org; linux-integrity@vger.kernel.org; linux-kernel@vger.kernel.org; linuxppc-dev@lists.ozlabs.org
> Cc: nayna@linux.ibm.com; Nageswara R Sastry; mpe@ellerman.id.au; Stefan Berger; Rob Herring; Frank Rowand; Eric Biederman
> Subject: [PATCH v6 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
> The memory area of the TPM measurement log is currently not properly
> duplicated for carrying it across kexec when an Open Firmware
> Devicetree is used. Therefore, the contents of the log get corrupted.
> Fix this for the kexec_file_load() syscall by allocating a buffer and
> copying the contents of the existing log into it. The new buffer is
> preserved across the kexec and a pointer to it is available when the new
> kernel is started. To achieve this, store the allocated buffer's address
> in the flattened device tree (fdt) under the name linux,tpm-kexec-buffer
> and search for this entry early in the kernel startup before the TPM
> subsystem starts up. Adjust the pointer in the of-tree stored under
> linux,sml-base to point to this buffer holding the preserved log. The TPM
> driver can then read the base address from this entry when making the log
> available. Invalidate the log by removing 'linux,sml-base' from the
> devicetree if anything goes wrong with updating the buffer.
> Use subsys_initcall() to call the function to restore the buffer even if
> the TPM subsystem or driver are not used. This allows the buffer to be
> carried across the next kexec without involvement of the TPM subsystem
> and ensures a valid buffer pointed to by the of-tree.
> Use the subsys_initcall(), rather than an ealier initcall, since
> page_is_ram() in get_kexec_buffer() only starts working at this stage.
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Frank Rowand <frowand.list@gmail.com>
> Cc: Eric Biederman <ebiederm@xmission.com>
> ---
> v6:
> - Define prototype for tpm_add_kexec_buffer under same config options
> as drivers/of/kexec.c is compiled, provide inline function otherwise.
> (kernel test robot)
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2022-07-20 13:49 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-07 17:20 [PATCH v6 0/6] tpm: Preserve TPM measurement log across kexec (ppc64) Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` [PATCH v6 1/6] of: check previous kernel's ima-kexec-buffer against memory bounds Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-20 13:41 ` Nageswara R Sastry
2022-07-20 13:41 ` Nageswara R Sastry
2022-07-20 13:41 ` Nageswara R Sastry
2022-07-07 17:20 ` [PATCH v6 2/6] drivers: of: kexec ima: Support 32-bit platforms Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-20 13:42 ` Nageswara R Sastry
2022-07-20 13:42 ` Nageswara R Sastry
2022-07-20 13:42 ` Nageswara R Sastry
2022-07-07 17:20 ` [PATCH v6 3/6] x86/kexec: Carry forward IMA measurement log on kexec Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-20 13:44 ` Nageswara R Sastry
2022-07-20 13:44 ` Nageswara R Sastry
2022-07-20 13:44 ` Nageswara R Sastry
2022-07-07 17:20 ` [PATCH v6 4/6] tpm: of: Make of-tree specific function commonly available Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-11 22:04 ` Mimi Zohar
2022-07-11 22:04 ` Mimi Zohar
2022-07-11 22:04 ` Mimi Zohar
2022-07-12 13:25 ` Stefan Berger
2022-07-12 13:25 ` Stefan Berger
2022-07-12 13:25 ` Stefan Berger
2022-07-20 13:45 ` Nageswara R Sastry
2022-07-20 13:45 ` Nageswara R Sastry
2022-07-20 13:45 ` Nageswara R Sastry
2022-07-07 17:20 ` [PATCH v6 5/6] of: kexec: Refactor IMA buffer related functions to make them reusable Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-11 22:05 ` Mimi Zohar
2022-07-11 22:05 ` Mimi Zohar
2022-07-11 22:05 ` Mimi Zohar
2022-07-14 17:21 ` Rob Herring
2022-07-14 17:21 ` Rob Herring
2022-07-14 17:21 ` Rob Herring
2022-07-20 13:47 ` Nageswara R Sastry
2022-07-20 13:47 ` Nageswara R Sastry
2022-07-20 13:47 ` Nageswara R Sastry
2022-07-07 17:20 ` [PATCH v6 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-07 17:20 ` Stefan Berger
2022-07-20 13:48 ` Nageswara R Sastry [this message]
2022-07-20 13:48 ` Nageswara R Sastry
2022-07-20 13:48 ` Nageswara R Sastry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MWHPR15MB11506932B2AD3EDD6B439E13EB8E9@MWHPR15MB1150.namprd15.prod.outlook.com \
--to=nasastry@in.ibm.com \
--cc=devicetree@vger.kernel.org \
--cc=ebiederm@xmission.com \
--cc=frowand.list@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=robh+dt@kernel.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.