From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D49BCA9EAF for ; Mon, 21 Oct 2019 17:38:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5776F20873 for ; Mon, 21 Oct 2019 17:38:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="GwxpzdMx" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727110AbfJURiq (ORCPT ); Mon, 21 Oct 2019 13:38:46 -0400 Received: from linux.microsoft.com ([13.77.154.182]:55542 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726672AbfJURip (ORCPT ); Mon, 21 Oct 2019 13:38:45 -0400 Received: from [10.137.104.46] (unknown [131.107.174.174]) by linux.microsoft.com (Postfix) with ESMTPSA id AE02B20106BE; Mon, 21 Oct 2019 10:38:44 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com AE02B20106BE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1571679524; bh=OppP3iKDSw2FPx3G6reM8oMns790vjDmP2JsXIZRv10=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=GwxpzdMx19YB+EITwNb0/yASP6lZVpv7uOVBwfLbkTsMI8lKaRMHq8T3aqp94ZyfQ 1pOpEt6kBoJlE5o+iN+wepjET/nW7/1AwItQl9J0HrOBsfGul2zsQYl2peg2/EVmJi f0QCt6DBCuq00I5V+U+IszHLzNa7Vt1yJ5pq+qy4= Subject: Re: [PATCH V4 0/2] Add support for arm64 to carry ima measurement To: Pavel Tatashin , James Morse Cc: Mark Rutland , jean-philippe@linaro.org, arnd@arndb.de, Masahiro Yamada , sboyd@kernel.org, Catalin Marinas , Ard Biesheuvel , kexec mailing list , LKML , zohar@linux.ibm.com, takahiro.akashi@linaro.org, duwe@lst.de, bauerman@linux.ibm.com, allison@lohutok.net, linux-integrity@vger.kernel.org, Thomas Gleixner , Linux ARM References: <20191011003600.22090-1-prsriva@linux.microsoft.com> <87d92514-e5e4-a79f-467f-f24a4ed279b6@arm.com> <0053eb68-0905-4679-c97a-00c5cb6f1abb@arm.com> From: prsriva Message-ID: <11036cd6-2977-5f78-7fe7-1085ba31f005@linux.microsoft.com> Date: Mon, 21 Oct 2019 10:38:44 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On 10/15/19 11:47 AM, Pavel Tatashin wrote: >> I think the UEFI persistent-memory-reservations thing is a better fit for this [0][1]. > > Hi James, > > Thank you for your thought. As I understand you propose the to use the > existing method as such: > 1. Use the existing kexec ABI to pass reservation from kernel to > kernel using EFI the same as is done for GICv3 tables. > 2. Allow this memory to be reservable only during first Linux boot via > EFI memory reserve > 3. Allow to have this memory pre-reserved by firmware or to be > embedded into device tree. > > A question I have is how to tell that a reserved region is reserved > for IMA use. With GICv3 it is done by reading the registers, finding > the interrupt tables memory, and check that the memory ranges are > indeed pre-reserved. > > Is there a way to name memory with the current ABI that you think is acceptable? > > Thank you, > Pasha > Friendly ping. Thanks, Prakhar Srivastava