Hi Stefan,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on 03c765b0e3b4cb5063276b086c76f7a612856a9a]
url:
https://github.com/intel-lab-lkp/linux/commits/Stefan-Berger/tpm-Preserve-TPM-measurement-log-across-kexec-ppc64/20220706-232658
base
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v5:
- Rebased on Jonathan McDowell's commit "b69a2afd5afc x86/kexec: Carry
forward IMA measurement log on kexec"
The memory area of the TPM measurement log is currently not properly
duplicated for carrying it across kexec when an Open Firmware
Devicetree is used. Therefore, the contents of the log get corrupted.
Fix this for the kexec_file_load() syscall by allocating a buffer and
copying the contents of the
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command line parameters passed to the kernel in the
kexec call may also be measured by IMA.
A remote attestation servic
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the pre
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file change
The of-tree subsystem does not currently preserve the IBM vTPM 1.2 and
vTPM 2.0 measurement logs across a kexec on PowerVM and PowerKVM. This
series fixes this for the kexec_file_load() syscall using the flattened
device tree (fdt) to carry the TPM measurement log's buffer across kexec.
Stefan
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
On 7/6/22 10:00, Jonathan McDowell wrote:
On Tue, Jul 05, 2022 at 06:46:54PM -0400, Mimi Zohar wrote:
[Cc'ing Borislav Petkov , Jonathan McDowell
]
Hi Stefan,
On Thu, 2022-06-30 at 22:26 -0400, Stefan Berger wrote:
Refactor IMA buffer related functions to make them reusable for carrying
On Wed, 2022-07-06 at 12:48 +0100, Will Deacon wrote:
> On Wed, Jul 06, 2022 at 07:35:36AM -0400, Mimi Zohar wrote:
> > On Mon, 2022-07-04 at 09:51 +0800, Coiby Xu wrote:
> > > Currently when loading a kernel image via the kexec_file_load() system
> > > call, x86 can make use of three keyrings i.e.
On Wed, Jul 06, 2022 at 07:35:36AM -0400, Mimi Zohar wrote:
> On Mon, 2022-07-04 at 09:51 +0800, Coiby Xu wrote:
> > Currently when loading a kernel image via the kexec_file_load() system
> > call, x86 can make use of three keyrings i.e. the .builtin_trusted_keys,
> > .secondary_trusted_keys and .p
On Mon, 2022-07-04 at 09:51 +0800, Coiby Xu wrote:
> Currently when loading a kernel image via the kexec_file_load() system
> call, x86 can make use of three keyrings i.e. the .builtin_trusted_keys,
> .secondary_trusted_keys and .platform keyrings to verify a signature.
> However, arm64 and s390 ca
Hi Coiby,
Coiby Xu wrote:
Hi Baoquan and Naveen,
On Mon, Jul 04, 2022 at 12:10:00PM +0800, Baoquan He wrote:
On 07/01/22 at 01:04pm, Naveen N. Rao wrote:
Drop __weak attribute from functions in kexec_file.c:
- arch_kexec_kernel_image_probe()
- arch_kimage_file_post_load_cleanup()
- arch_kexec
13 matches
Mail list logo