Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Roberto Sassu <roberto.sassu@huawei.com>
To: Sasha Levin <sashal@kernel.org>,
	"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
	"James.Bottomley@HansenPartnership.com" 
	<James.Bottomley@HansenPartnership.com>,
	"jarkko.sakkinen@linux.intel.com"
	<jarkko.sakkinen@linux.intel.com>
Cc: "linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>,
	Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>
Subject: RE: [PATCH v2 2/8] ima: Switch to ima_hash_algo for boot aggregate
Date: Wed, 5 Feb 2020 15:36:57 +0000
Message-ID: <66d58599356749a7a533d700cefa025f@huawei.com> (raw)
In-Reply-To: <20200205144515.1DDE4217F4@mail.kernel.org>

> -----Original Message-----
> From: Sasha Levin [mailto:sashal@kernel.org]
> Sent: Wednesday, February 5, 2020 3:45 PM
> To: Sasha Levin <sashal@kernel.org>; Roberto Sassu
> <roberto.sassu@huawei.com>; zohar@linux.ibm.com;
> James.Bottomley@HansenPartnership.com
> Cc: linux-integrity@vger.kernel.org; stable@vger.kernel.org;
> stable@vger.kernel.org
> Subject: Re: [PATCH v2 2/8] ima: Switch to ima_hash_algo for boot
> aggregate
> 
> Hi,
> 
> [This is an automated email]
> 
> This commit has been processed because it contains a -stable tag.
> The stable tag indicates that it's relevant for the following trees: all
> 
> The bot has tested the following trees: v5.5.1, v5.4.17, v4.19.101, v4.14.169,
> v4.9.212, v4.4.212.
> 
> v5.5.1: Build OK!
> v5.4.17: Build OK!
> v4.19.101: Failed to apply! Possible dependencies:
>     100b16a6f290 ("tpm: sort objects in the Makefile")
>     1ad6640cd614 ("tpm: move tpm1_pcr_extend to tpm1-cmd.c")
>     70a3199a7101 ("tpm: factor out tpm_get_timeouts()")
>     879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR
> read")

Hi Sasha

this patch is necessary. However, backporting it won't be that easy
as it was part of a patch set. Before this patch, users of the TPM driver
could only read the SHA1 PCR bank. The IMA patch needs to read also
other PCR banks.

> NOTE: The patch will not be queued to stable trees until it is upstream.
> 
> How should we proceed with this patch?

This question should be for Jarkko (added in CC), as some patches for the
TPM driver must be backported to apply the IMA patch.

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

  parent reply index

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-05 10:33 [PATCH v2 0/8] ima: support stronger algorithms for attestation Roberto Sassu
2020-02-05 10:33 ` [PATCH v2 1/8] tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST Roberto Sassu
2020-02-05 21:57   ` Jarkko Sakkinen
2020-02-05 10:33 ` [PATCH v2 2/8] ima: Switch to ima_hash_algo for boot aggregate Roberto Sassu
     [not found]   ` <20200205144515.1DDE4217F4@mail.kernel.org>
2020-02-05 15:36     ` Roberto Sassu [this message]
2020-02-05 20:41   ` Mimi Zohar
2020-02-06  9:33     ` Roberto Sassu
2020-02-05 21:00   ` Mimi Zohar
2020-02-06  9:36     ` Roberto Sassu
2020-02-06 12:17       ` Mimi Zohar
2020-02-06 12:28         ` Roberto Sassu
2020-02-06 12:31           ` Mimi Zohar
2020-02-05 10:33 ` [PATCH v2 3/8] ima: Evaluate error in init_ima() Roberto Sassu
2020-02-05 10:39   ` Roberto Sassu
2020-02-05 10:33 ` [PATCH v2 4/8] ima: Store template digest directly in ima_template_entry Roberto Sassu
2020-02-05 10:33 ` [PATCH v2 5/8] ima: Switch to dynamically allocated buffer for template digests Roberto Sassu
2020-02-05 16:39   ` Roberto Sassu
2020-02-06 16:08   ` Mimi Zohar
2020-02-06 16:27     ` Roberto Sassu
2020-02-06 16:33       ` Mimi Zohar
2020-02-06 16:36         ` Roberto Sassu
2020-02-05 10:33 ` [PATCH v2 6/8] ima: Allocate and initialize tfm for each PCR bank Roberto Sassu
2020-02-05 23:41   ` kbuild test robot
2020-02-05 23:41   ` [RFC PATCH] ima: ima_init_ima_crypto() can be static kbuild test robot
2020-02-05 10:33 ` [PATCH v2 7/8] ima: Calculate and extend PCR with digests in ima_template_entry Roberto Sassu
2020-02-05 10:33 ` [PATCH v2 8/8] ima: Use ima_hash_algo for collision detection in the measurement list Roberto Sassu
     [not found]   ` <20200302012218.GU6548@shao2-debian>
2020-03-02  9:46     ` [ima] 9165b814d2: BUG:kernel_NULL_pointer_dereference,address Roberto Sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=66d58599356749a7a533d700cefa025f@huawei.com \
    --to=roberto.sassu@huawei.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=Silviu.Vlasceanu@huawei.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git