[RFC PATCH v1 0/1] Add support for arm64 to carry ima measurement log in kexec_file_load
Add support for arm64 to carry ima measurement log to the next kexec'ed session triggered via kexec_file_load. - Top of Linux 5.3-rc6 Currently during kexec the kernel file signatures are/can be validated prior to actual load, the information(PE/ima signature) is not carried to the next session. This lead to loss of information. Carrying forward the ima measurement log to the next kexec'ed session allows a verifying party to get the entire runtime event log since the last full reboot, since that is when PCRs were last reset. Changelog: v1: - add new fdt porperties to mark start and end for ima measurement log. - use fdt_* functions to add/remove fdt properties and memory allocations. - remove additional check for endian-ness as they are checked in fdt_* functions. v0: - Add support to carry ima measurement log in arm64, uses same code as powerpc. Prakhar Srivastava (1): Add support for arm64 to carry ima measurement log in kexec_file_load arch/arm64/Kconfig | 7 + arch/arm64/include/asm/ima.h | 29 arch/arm64/include/asm/kexec.h | 5 + arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/ima_kexec.c | 213 + arch/arm64/kernel/machine_kexec_file.c | 6 + 6 files changed, 262 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/include/asm/ima.h create mode 100644 arch/arm64/kernel/ima_kexec.c -- 2.17.1
Re: [RFC][PATCH v1 0/1] Add support for arm64 to carry ima measurement log in kexec_file_load
Quoting Prakhar Srivastava (2019-09-06 16:51:09) > Add support for arm64 to carry ima measurement log > to the next kexec'ed session triggered via kexec_file_load. > - Top of Linux 5.3-rc6 > > Currently during kexec the kernel file signatures are/can be validated > prior to actual load, the information(PE/ima signature) is not carried > to the next session. This lead to loss of information. > > Carrying forward the ima measurement log to the next kexec'ed session. > This allows a verifying party to get the entire runtime event log since > the last full reboot since that is when PCRs were last reset. > > Prakhar Srivastava (1): > Add support for arm64 to carry ima measurement log in kexec_file_load Did anything change from the last round? Please include changelogs so we know what to look for.
[RFC][PATCH v1 0/1] Add support for arm64 to carry ima measurement log in kexec_file_load
Add support for arm64 to carry ima measurement log to the next kexec'ed session triggered via kexec_file_load. - Top of Linux 5.3-rc6 Currently during kexec the kernel file signatures are/can be validated prior to actual load, the information(PE/ima signature) is not carried to the next session. This lead to loss of information. Carrying forward the ima measurement log to the next kexec'ed session. This allows a verifying party to get the entire runtime event log since the last full reboot since that is when PCRs were last reset. Prakhar Srivastava (1): Add support for arm64 to carry ima measurement log in kexec_file_load arch/arm64/Kconfig | 7 + arch/arm64/include/asm/ima.h | 29 arch/arm64/include/asm/kexec.h | 5 + arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/ima_kexec.c | 213 + arch/arm64/kernel/machine_kexec_file.c | 6 + 6 files changed, 262 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/include/asm/ima.h create mode 100644 arch/arm64/kernel/ima_kexec.c -- 2.17.1
