All of lore.kernel.org
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Jonathan McDowell <noodles@fb.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	James Morris <jmorris@namei.org>, Ingo Molnar <mingo@redhat.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	"x86@kernel.org" <x86@kernel.org>,
	Mimi Zohar <zohar@linux.ibm.com>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v2] Carry forward IMA measurement log on kexec on x86_64
Date: Mon, 9 May 2022 20:09:55 +0200	[thread overview]
Message-ID: <YnlY87wm6WmQjs7m@zn.tnic> (raw)
In-Reply-To: <YnlTaawPH6T7LOUs@noodles-fedora.dhcp.thefacebook.com>

On Mon, May 09, 2022 at 05:46:22PM +0000, Jonathan McDowell wrote:
> Device tree on x86 doesn't seem to be a thing;

Not a thing? What does that even mean?

We have arch/x86/kernel/devicetree.c which adds some minimal devicetree
support.

> none of the distros I regularly use enable CONFIG_OF for x86, I can
> only find 2 32-bit x86 platforms that actually select it and none of
> the plumbing for kexec on x86 ties in device tree.

And? That can get changed and enabled and so on.

> I agree for platforms that make active use of device tree that's the
> appropriate path, but it doesn't seem to be the case for x86.

I'm not sure what you're aim here is?

You want to pass that IMA measurement to the kexec kernel with minimal
changes, i.e., change only the kernel?

Why can't distros be also changed to use devicetree for the IMA
measurement, like the other arches do? Why does x86 need to do it
differently?

We also pass info to the kexec kernel by reading it from sysfs
and having kexec tools pass it to the kexec-ed kernel, see
Documentation/ABI/testing/sysfs-firmware-efi-runtime-map

kexec(8) itself can do:

kexec -l kernel-image --append=command-line-options
			^^^^^^^^^^^^^^^^^

and add those cmdline options which are dug out from the first kernel.

So is there any particular reason/pressing need to pass the measurement
with setup_data?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

  reply	other threads:[~2022-05-09 18:10 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-22 13:50 [PATCH] " Jonathan McDowell
2022-04-25 16:29 ` Mimi Zohar
2022-04-26 12:08   ` Jonathan McDowell
2022-04-26 13:49     ` Mimi Zohar
2022-04-26 16:48       ` Jonathan McDowell
2022-04-26 18:10         ` Mimi Zohar
2022-04-28 10:40           ` Jonathan McDowell
2022-04-28 12:25             ` Mimi Zohar
2022-04-26 16:52 ` [PATCH v2] " Jonathan McDowell
2022-04-29 21:30   ` Mimi Zohar
2022-05-03 12:02     ` Jonathan McDowell
2022-05-04 13:49       ` Mimi Zohar
2022-05-09 10:40   ` Jonathan McDowell
2022-05-09 11:25     ` Boris Petkov
2022-05-09 17:46       ` Jonathan McDowell
2022-05-09 18:09         ` Borislav Petkov [this message]
2022-05-09 18:41           ` Jonathan McDowell
2022-05-09 19:40             ` Borislav Petkov
2022-05-10  8:02               ` Jonathan McDowell
2022-05-10 10:46   ` Borislav Petkov
2022-05-11  9:59   ` [PATCH v3] x86/kexec: Carry forward IMA measurement log on kexec Jonathan McDowell
2022-05-11 17:53     ` Mimi Zohar
2022-05-11 17:56       ` Borislav Petkov
2022-05-11 19:12         ` Mimi Zohar
2022-05-12  1:34       ` Mimi Zohar
2022-05-12 16:25     ` [PATCH v4] " Jonathan McDowell
2022-05-13 17:19       ` Lakshmi Ramasubramanian
2022-05-16 15:15         ` Jonathan McDowell
2022-05-17 17:19           ` Lakshmi Ramasubramanian
2022-05-18 10:42             ` Jonathan McDowell
2022-05-18 14:43       ` Mimi Zohar
2022-05-30  8:40         ` Jonathan McDowell
2022-06-03 15:55           ` Dave Hansen
2022-06-03 15:55             ` Dave Hansen
2022-06-06  3:54             ` Baoquan He
2022-06-06  3:54               ` Baoquan He
2022-06-06  4:06       ` Baoquan He
2022-06-10  9:52         ` Jonathan McDowell
2022-06-10  9:52           ` Jonathan McDowell
2022-06-13 10:30       ` [PATCH v5] " Jonathan McDowell
2022-06-13 10:30         ` Jonathan McDowell
2022-06-13 21:01         ` Mimi Zohar
2022-06-13 21:01           ` Mimi Zohar
2022-06-16  2:59           ` Baoquan He
2022-06-16  2:59             ` Baoquan He
2022-06-16 15:30         ` [PATCH v6] " Jonathan McDowell
2022-06-16 15:30           ` Jonathan McDowell
2022-06-30  8:36           ` [PATCH v7] " Jonathan McDowell
2022-06-30  8:36             ` Jonathan McDowell
2022-06-30 11:54             ` Mimi Zohar
2022-06-30 11:54               ` Mimi Zohar
2022-07-04  2:36             ` Baoquan He
2022-07-04  2:36               ` Baoquan He
2022-06-27 11:56 ` [tip: x86/kdump] " tip-bot2 for Jonathan McDowell
2022-07-01 14:37 ` tip-bot2 for Jonathan McDowell
2022-07-07 16:52 ` [tip: x86/boot] " tip-bot2 for Jonathan McDowell
2022-07-07 17:37   ` Jonathan McDowell
2022-07-07 17:50     ` Dave Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YnlY87wm6WmQjs7m@zn.tnic \
    --to=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=hpa@zytor.com \
    --cc=jmorris@namei.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=noodles@fb.com \
    --cc=serge@hallyn.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=zohar@linux.ibm.com \
    --subject='Re: [PATCH v2] Carry forward IMA measurement log on kexec on x86_64' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.