在 2019年03月12日 03:43, Kazuhito Hagio 写道:
> -Original Message-
[PATCH v3] Remove the memory encryption mask to obtain the true physical
address
>>>
>>> I forgot to comment on the subject and the commit log..
>>> I'll change this to
>>>
>>> x86_64: Add support for AMD Secure
Hi Mimi,
> Mimi Zohar (6):
> selftests/ima: cleanup the kexec selftest
> selftests/ima: define a set of common functions
> selftests/ima: define common logging functions
> kselftest/ima: define "require_root_privileges"
> selftests/ima: kexec_file_load syscall test
> selftests/ima:
Hi Mimi,
> Define, update and move get_secureboot_mode() to a common file for use
> by other tests.
> Updated to check both the efivar SecureBoot-$(UUID) and
> SetupMode-$(UUID), based on Dave Young's review.
> Signed-off-by: Mimi Zohar
> Reviewed-by: Petr Vorel
> Cc: Dave Young
Minor
-Original Message-
> >> [PATCH v3] Remove the memory encryption mask to obtain the true physical
> >> address
> >
> > I forgot to comment on the subject and the commit log..
> > I'll change this to
> >
> > x86_64: Add support for AMD Secure Memory Encryption
> >
> > On 1/29/2019 9:48
On Mon, Mar 11, 2019 at 9:55 AM Mimi Zohar wrote:
>
> On Fri, 2019-03-08 at 09:51 -0800, Matthew Garrett wrote:
> > Hm. And this only happens on certain firmware versions? If something's
> > stepping on boot_params then we have bigger problems.
>
> I was seeing this problem before and after
On Fri, 2019-03-08 at 09:51 -0800, Matthew Garrett wrote:
> On Fri, Mar 8, 2019 at 5:40 AM Mimi Zohar wrote:
> >
> > On Thu, 2019-03-07 at 14:50 -0800, Matthew Garrett wrote:
> > > Is the issue that it gives incorrect results on the first read, or is
> > > the issue that it gives incorrect
-Original Message-
> On 27.11.18 17:32, Kazuhito Hagio wrote:
> >> Linux marks pages that are logically offline via a page flag (map count).
> >> Such pages e.g. include pages infated as part of a balloon driver or
> >> pages that were not actually onlined when onlining the whole section.
Remove the few bashisms and use the complete option name for clarity.
Signed-off-by: Mimi Zohar
Reviewed-by: Petr Vorel
---
tools/testing/selftests/ima/test_kexec_load.sh | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git
Many tests require root privileges. Define a common function.
Suggested-by: Petr Vorel
Signed-off-by: Mimi Zohar
---
tools/testing/selftests/ima/ima_common_lib.sh | 7 +++
tools/testing/selftests/ima/test_kexec_load.sh | 4 +---
2 files changed, 8 insertions(+), 3 deletions(-)
diff
The kernel can be configured to require kexec kernel images and kernel
modules are signed. An IMA policy can be specified on the boot command
line or a custom IMA policy loaded requiring the kexec kernel image and
kernel modules be signed. In addition, systems booted in secure boot
mode with the
The kernel can be configured to verify PE signed kernel images, IMA
kernel image signatures, both types of signatures, or none. This test
verifies only properly signed kernel images are loaded into memory,
based on the kernel configuration and runtime policies.
Signed-off-by: Mimi Zohar
From: Petr Vorel
so the file can be used as kernel config snippet.
Signed-off-by: Petr Vorel
[zo...@linux.ibm.com: remove CONFIG_KEXEC_VERIFY_SIG from config]
Signed-off-by: Mimi Zohar
---
tools/testing/selftests/ima/config | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff
Define, update and move get_secureboot_mode() to a common file for use
by other tests.
Updated to check both the efivar SecureBoot-$(UUID) and
SetupMode-$(UUID), based on Dave Young's review.
Signed-off-by: Mimi Zohar
Reviewed-by: Petr Vorel
Cc: Dave Young
---
Define log_info, log_pass, log_fail, and log_skip functions.
Suggested-by: Petr Vorel
Signed-off-by: Mimi Zohar
Reviewed-by: Petr Vorel
---
tools/testing/selftests/ima/ima_common_lib.sh | 31 ++
tools/testing/selftests/ima/test_kexec_load.sh | 19 +---
2
While the appended kernel module signature can be verified, when loading
a kernel module via either the init_module or the finit_module syscall,
verifying the IMA signature requires access to the file descriptor,
which is only available via the finit_module syscall. As "modprobe"
does not provide
> > The patch has been merged, would you mind to send a documentation patch
> > for the vmcoreinfo, which is added recently in
> > Documentation/kdump/vmcoreinfo.txt
> >
> > A brief description about how this vmcoreinfo field is used is good to
> > have.
> >
>
> Turns out, it was already
On 11.03.19 10:04, Dave Young wrote:
> Hi David,
> On 11/22/18 at 11:06am, David Hildenbrand wrote:
>> Right now, pages inflated as part of a balloon driver will be dumped
>> by dump tools like makedumpfile. While XEN is able to check in the
>> crash kernel whether a certain pfn is actuall backed
Hi Bhupesh,
On 03/10/19 at 03:34pm, Bhupesh Sharma wrote:
> Changes since v1:
>
> - v1 was sent out as a single patch which can be seen here:
> http://lists.infradead.org/pipermail/kexec/2019-February/022411.html
>
> - v2 breaks the single patch into two independent patches:
>
Hi David,
On 11/22/18 at 11:06am, David Hildenbrand wrote:
> Right now, pages inflated as part of a balloon driver will be dumped
> by dump tools like makedumpfile. While XEN is able to check in the
> crash kernel whether a certain pfn is actuall backed by memory in the
> hypervisor (see
19 matches
Mail list logo