| Message ID | 20191007185943.1828-1-prsriva@linux.microsoft.com (mailing list archive) |
|---|---|
| Headers | show
Return-Path: <SRS0=ZCkU=YA=vger.kernel.org=linux-integrity-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3FDD417EE
for <patchwork-linux-integrity@patchwork.kernel.org>;
Mon, 7 Oct 2019 18:59:53 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id 1CE6A2084D
for <patchwork-linux-integrity@patchwork.kernel.org>;
Mon, 7 Oct 2019 18:59:53 +0000 (UTC)
Authentication-Results: mail.kernel.org;
dkim=pass (1024-bit key) header.d=linux.microsoft.com
header.i=@linux.microsoft.com header.b="bUMg9NWE"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1729244AbfJGS7w (ORCPT
<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
Mon, 7 Oct 2019 14:59:52 -0400
Received: from linux.microsoft.com ([13.77.154.182]:53512 "EHLO
linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1728723AbfJGS7w (ORCPT
<rfc822;linux-integrity@vger.kernel.org>);
Mon, 7 Oct 2019 14:59:52 -0400
Received: from prsriva-Precision-Tower-5810.corp.microsoft.com (unknown
[167.220.2.18])
by linux.microsoft.com (Postfix) with ESMTPSA id 69A6F20B71C6;
Mon, 7 Oct 2019 11:59:51 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 69A6F20B71C6
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
s=default; t=1570474791;
bh=i1YNYZkRfCpA/p84XvJ1BSmi0vYuNO3vasWc16x7h5w=;
h=From:To:Cc:Subject:Date:From;
b=bUMg9NWEr+pp4M2o41A1e1I9U30OnGMtJhnx5DLEgLo6Kvcv/b5OkxyhB8aSgkInp
eo2PjiRS6TrrYXd3ZUOJxHABmgq4nnQkVVg08ZYCrpoXmkqPAB1v5xw2pQTroT4DmQ
EHeXmaECc+Lvvmabg74le1t8VtAaamTGop/Rkdpw=
From: Prakhar Srivastava <prsriva@linux.microsoft.com>
To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-integrity@vger.kernel.org, kexec@lists.infradead.org
Cc: arnd@arndb.de, jean-philippe@linaro.org, allison@lohutok.net,
kristina.martsenko@arm.org, yamada.masahiro@socionext.com,
duwe@lst.de, mark.rutland@arm.com, tglx@linutronix.de,
takahiro.akashi@linaro.org, james.morse@arm.org,
catalin.marinas@arm.com, sboyd@kernel.org, bauerman@linux.ibm.com,
zohar@linux.ibm.com
Subject: [PATCH v2 0/2] Add support to carry ima measurement log in
kexec_file_load
Date: Mon, 7 Oct 2019 11:59:41 -0700
Message-Id: <20191007185943.1828-1-prsriva@linux.microsoft.com>
X-Mailer: git-send-email 2.17.1
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
|
| Series |
Add support to carry ima measurement log in kexec_file_load
|
expand
|
Add support to carry ima measurement log to the next kexec'ed session triggered via kexec_file_load. - Top of Linux 5.3-rc6 Currently during kexec the kernel file signatures are/can be validated prior to actual load, the information(PE/ima signature) is not carried to the next session. This lead to loss of information. Carrying forward the ima measurement log to the next kexec'ed session allows a verifying party to get the entire runtime event log since the last full reboot, since that is when PCRs were last reset. Tested for arm64 qemu and real hardware. I have not been unable to test the patch for powerpc 64bit. Any testing is greatly appretiated. TODO: Add support for 32 bit in the of_ima.c Changelog: v2: - move common code to drivers/of/of_ima.c. - point arm64 to use of_ima implementation. - point powerpc to use of_ima implementation v1: - add new fdt porperties to mark start and end for ima measurement log. - use fdt_* functions to add/remove fdt properties and memory allocations. - remove additional check for endian-ness as they are checked in fdt_* functions. v0: - Add support to carry ima measurement log in arm64, uses same code as powerpc. Prakhar Srivastava (2): Add support for arm64 to carry ima measurement log in kexec_file_load update powerpc implementation to call into of_ima* arch/Kconfig | 6 +- arch/arm64/include/asm/ima.h | 24 +++ arch/arm64/include/asm/kexec.h | 5 + arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/ima_kexec.c | 78 ++++++++++ arch/arm64/kernel/machine_kexec_file.c | 6 + arch/powerpc/include/asm/ima.h | 6 - arch/powerpc/kernel/Makefile | 8 +- arch/powerpc/kernel/ima_kexec.c | 170 ++------------------- drivers/of/Kconfig | 6 + drivers/of/Makefile | 1 + drivers/of/of_ima.c | 204 +++++++++++++++++++++++++ include/linux/of.h | 31 ++++ 13 files changed, 378 insertions(+), 170 deletions(-) create mode 100644 arch/arm64/include/asm/ima.h create mode 100644 arch/arm64/kernel/ima_kexec.c create mode 100644 drivers/of/of_ima.c