Re: [PATCH v2] x86_64, vmcoreinfo: Append 'page_offset_base' to vmcoreinfo

On 11/25/18 at 01:36am, Bhupesh Sharma wrote: > Hi Boris, > > Thanks for your review. Please see my replies inline: > > On Wed, Nov 21, 2018 at 5:10 PM Borislav Petkov wrote: > > > > + Kees. > > > > On Fri, Nov 16, 2018 at 03:17:49AM +0530, Bhupesh Sharma wrote: > > > x86_64 kernel uses 'page_of

[PATCH 5/7] efi: Import certificates from UEFI Secure Boot

From: Josh Boyer New Patch Description: == Secure Boot stores a list of allowed certificates in the 'db' variable. This patch imports those certificates into the platform keyring. The shim UEFI bootloader has a similar certificate list stored in the 'MokListRT' variable. We i

[PATCH 4/7] efi: Add an EFI signature blob parser

From: Dave Howells Add a function to parse an EFI signature blob looking for elements of interest. A list is made up of a series of sublists, where all the elements in a sublist are of the same type, but sublists can be of different types. For each sublist encountered, the function pointed to by

[PATCH 1/7] integrity: Define a trusted platform keyring

On secure boot enabled systems, a verified kernel may need to kexec additional kernels. For example, it may be used as a bootloader needing to kexec a target kernel or it may need to kexec a crashdump kernel. In such cases, it may want to verify the signature of the next kernel image. It is furth

[PATCH 6/7] efi: Allow the "db" UEFI variable to be suppressed

From: Josh Boyer If a user tells shim to not use the certs/hashes in the UEFI db variable for verification purposes, shim will set a UEFI variable called MokIgnoreDB. Have the uefi import code look for this and ignore the db variable if it is found. Signed-off-by: Josh Boyer Signed-off-by: Davi

[PATCH 0/7] add platform/firmware keys support for kernel verification by IMA

On secure boot enabled systems, a verified kernel may need to kexec additional kernels. For example, it may be used as a bootloader needing to kexec a target kernel or it may need to kexec a crashdump kernel. In such cases, it may want to verify the signature of the next kernel image. It is possib

[PATCH 2/7] integrity: Load certs to the platform keyring

The patch refactors integrity_load_x509(), making it a wrapper for a new function named integrity_add_key(). This patch also defines a new function named integrity_load_cert() for loading the platform keys. Signed-off-by: Nayna Jain Reviewed-by: Mimi Zohar --- security/integrity/digsig.c

[PATCH 3/7] efi: Add EFI signature data types

From: Dave Howells Add the data types that are used for containing hashes, keys and certificates for cryptographic verification along with their corresponding type GUIDs. Signed-off-by: David Howells Acked-by: Nayna Jain --- Changelog: v0: - No changes include/linux/efi.h | 25

[PATCH 7/7] ima: Support platform keyring for kernel appraisal

On secure boot enabled systems, the bootloader verifies the kernel image and possibly the initramfs signatures based on a set of keys. A soft reboot(kexec) of the system, with the same kernel image and initramfs, requires access to the original keys to verify the signatures. This patch allows IMA-

Re: [PATCH v2] x86_64, vmcoreinfo: Append 'page_offset_base' to vmcoreinfo

On 11/16/18 at 03:17am, Bhupesh Sharma wrote: > Adding 'page_offset_base' to the vmcoreinfo can be specially useful for > live-debugging of a running kernel via user-space utilities > like makedumpfile (see [1]). > > Recently, I saw an issue with the 'makedumpfile' utility (see [2] for > details),