Re: [PATCH v15 06/16] of/fdt: add helper functions for handling properties

On Thu, Oct 4, 2018 at 10:07 PM AKASHI, Takahiro wrote: > > Rob, > > # I haven't replied to this comment yet. > > On Fri, Sep 28, 2018 at 08:44:42AM -0500, Rob Herring wrote: > > +David Gibson > > > > On Fri, Sep 28, 2018 at 1:48 AM AKASHI Takahiro > > wrote: > > > > > > These functions will be u

[PATCH v5 2/5] ima: prevent kexec_load syscall based on runtime secureboot flag

From: Nayna Jain When CONFIG_KEXEC_VERIFY_SIG is enabled, the kexec_file_load syscall requires the kexec'd kernel image to be signed. Distros are concerned about totally disabling the kexec_load syscall. As a compromise, the kexec_load syscall will only be disabled when CONFIG_KEXEC_VERIFY_SIG is

[PATCH v5 1/5] x86/ima: define arch_ima_get_secureboot

From: Nayna Jain Distros are concerned about totally disabling the kexec_load syscall. As a compromise, the kexec_load syscall will only be disabled when CONFIG_KEXEC_VERIFY_SIG is configured and the system is booted with secureboot enabled. This patch defines the new arch specific function call

[PATCH v5 0/6] Add support for architecture specific IMA policies

From: Nayna Jain The architecture specific policy, introduced in this patch set, permits different architectures to define IMA policy rules based on kernel configuration and system runtime information. For example, on x86, there are two methods of verifying the kexec'ed kernel image signature -

[PATCH v5 3/5] ima: refactor ima_init_policy()

From: Nayna Jain This patch removes the code duplication in ima_init_policy() by defining a new function named add_rules(). The new function adds the rules to the initial IMA policy, the custom policy or both based on the policy mask (IMA_DEFAULT_POLICY, IMA_CUSTOM_POLICY). Signed-off-by: Nayna

[PATCH v5 4/5] ima: add support for arch specific policies

From: Nayna Jain Builtin IMA policies can be enabled on the boot command line, and replaced with a custom policy, normally during early boot in the initramfs. Build time IMA policy rules were recently added. These rules are automatically enabled on boot and persist after loading a custom policy.

[PATCH v5 5/5] x86/ima: define arch_get_ima_policy() for x86

From: Eric Richter On x86, there are two methods of verifying a kexec'ed kernel image signature being loaded via the kexec_file_load syscall - an architecture specific implementaton or a IMA KEXEC_KERNEL_CHECK appraisal rule. Neither of these methods verify the kexec'ed kernel image signature bei