On Tue, 2017-05-16 at 14:53 +0200, Roberto Sassu wrote:
> Through the new interface binary_kexec_runtime_measurements, it will be
> possible to read the same content returned by binary_runtime_measurements,
> with the kexec header prepended.
>
> The new interface has been added for testing ima_res
On Tue, 2017-05-16 at 14:53 +0200, Roberto Sassu wrote:
> Through the new interface restore_kexec_list, it will be possible
> to restore a measurements list, previously read from
> binary_kexec_runtime_measurements.
For development, this was fine. You were able to save and restore the
measurement
Hi Roberto,
On Tue, 2017-05-16 at 14:53 +0200, Roberto Sassu wrote:
> ima_parse_buf() takes as input the buffer start and end pointers, and
> stores the result in a static array of ima_field_data structures,
> where the len field contains the length parsed from the buffer, and
> the data field con
On Tue, 2017-05-30 at 09:36 +0200, Roberto Sassu wrote:
> On 5/30/2017 5:35 AM, Mimi Zohar wrote:
> > On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> >> pcrlock() has been modified to pass the correct arguments
> >> to tpm_pcr_extend(): the pointer of a tpm2_
On Tue, 2017-05-30 at 09:28 +0200, Roberto Sassu wrote:
> On 5/30/2017 5:29 AM, Mimi Zohar wrote:
> > On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> >> @@ -876,29 +925,46 @@ static int tpm1_pcr_extend(struct tpm_chip *chip,
> >> int pcr_idx, const u8 *ha
On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> pcrlock() has been modified to pass the correct arguments
> to tpm_pcr_extend(): the pointer of a tpm2_digest structure containing
> a random value generated by tpm_get_random() and the size of the array (1).
If the number of arguments is w
On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> The tpm_pcr_extend() definition has been modified to take an array of
> tpm2_digest structures, and the size of the array as arguments.
>
> The function now checks if callers provided a digests for each active
> PCR bank (or a SHA1 digest f
Hi Guilherme,
(Wow, you should did Cc a lot of people.)
On Thu, 2017-05-25 at 19:04 +, Magalhaes, Guilherme (Brazil R&D-
CL) wrote:
> Mimi,
> With the securityfs symlink we would address the case of setting
> policy inside containers, but we still would need a way to set the
> IMA policy per
Hi John,
On Thu, 2017-05-25 at 00:36 -0700, John Johansen wrote:
> On 05/24/2017 01:12 PM, Mimi Zohar wrote:
> > On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
> >> Creating the namespace securityfs file under ima folder. When a mount
> >> namespace id
On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
> Creating the namespace securityfs file under ima folder. When a mount
> namespace id is written to the namespace file, a new folder is created and
> with a policy file for that specified namespace. Then, user defined policy
> for names
On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote:
> For some file systems we still memcpy into it, but in various places this
> already allows us to use the proper uuid helpers. More to come..
>
> Signed-off-by: Christoph Hellwig
Acked-by: Mimi Zohar (Change
On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote:
> Signed-off-by: Christoph Hellwig
Thanks!
Acked-by: Mimi Zohar
> ---
> security/integrity/ima/ima_policy.c | 11 +--
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/security/integrit
On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote:
> This helper was only used by IMA of all things, which would get spurious
> errors if CONFIG_BLOCK is disabled. Just opencode the call there.
>
> Signed-off-by: Christoph Hellwig
Acked-by: Mimi Zohar
> ---
> inc
On Sat, 2017-05-06 at 15:59 +0300, Gilad Ben-Yossef wrote:
> ima starts several async. crypto ops and waits for their completions.
> Move it over to generic code doing the same.
>
> Signed-off-by: Gilad Ben-Yossef
Acked-by: Mimi Zohar
> ---
> security/integrity/ima
On Tue, 2017-05-09 at 11:25 -0700, Laura Abbott wrote:
> cgroups2 is beginning to show up in wider usage. Add it to the default
> nomeasure/noappraise list like other filesystems.
>
> Signed-off-by: Laura Abbott
Thanks, queued for next.
Mimi
> ---
> security/integrity/ima/ima_policy.c | 3 +++
On Sat, 2017-05-06 at 23:40 +0800, Geliang Tang wrote:
> Use memdup_user_nul() helper instead of open-coding to simplify the
> code.
>
> Signed-off-by: Geliang Tang
Thanks, this patch will be queued.
Mimi
> ---
> security/integrity/ima/ima_fs.c | 13 -
> 1 file changed, 4 insertio
Hi Markus,
On Sun, 2017-05-07 at 15:40 +0200, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Sun, 7 May 2017 15:35:15 +0200
>
> A few update suggestions were taken into account
> from static source code analysis.
Sorry, these changes make backporting and upstreaming other changes
more
On Fri, 2017-05-05 at 11:15 -0600, Tycho Andersen wrote:
> While reading the code, I noticed that these #endif comments don't match
> how they're actually nested. This patch fixes that.
>
> Signed-off-by: Tycho Andersen
Thanks!
Mimi
> ---
> security/integrity/ima/ima.h | 4 ++--
> 1 file chang
Hi David,
On Mon, 2017-04-10 at 14:19 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > From an IMA perspective, either a file hash or signature are valid,
> > but for this usage it must be a signature.
>
> Not necessarily. If IMA can guarantee that a module
Add support for providing multiple builtin policies on the "ima_policy="
boot command line. Use "|" as the delimitor separating the policy names.
Signed-off-by: Mimi Zohar
---
Documentation/admin-guide/kernel-parameters.txt | 17 +++--
security/integr
Permit enabling the different "ima_appraise=" modes (eg. log, fix)
from the boot command line.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/Kconfig| 8
security/integrity/ima/ima_appraise.c | 2 ++
2 files changed, 10 insertions(+)
diff --git a/security/int
", which
can be specified on the "ima_policy=" boot command line, independently
or in conjunction with the "ima_appraise_tcb" policy, by specifing
ima_policy="appraise_tcb | secure_boot". The new appraisal rules
requiring file signatures will be added prior to
Only return enabled if in enforcing mode, not fix or log modes.
Signed-off-by: Mimi Zohar
Changes:
- Define is_ima_appraise_enabled() as a bool (Thiago Bauermann)
---
include/linux/ima.h | 6 ++
security/integrity/ima/ima_appraise.c | 10 ++
2 files changed, 16
quot; boot command line, and defines is_ima_appraise_enabled().
These changes provide some of the missing functionality needed for the
"locked-down" patch set to detect whether file signatures are being
validated.
Mimi
Mimi Zohar (4):
ima: extend the "ima_policy" boot comm
Hi Thiago,
On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> This patch introduces the appended_imasig keyword to the IMA policy syntax
> to specify that a given hook should expect the file to have the IMA
> signature appended to it. Here is how it can be used in a rule:
>
> appr
On Thu, 2017-04-20 at 17:40 -0300, Thiago Jung Bauermann wrote:
> Am Donnerstag, 20. April 2017, 08:13:23 BRT schrieb Mimi Zohar:
> > On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> > > If the func_tokens array uses the same indices as enum ima_hooks,
> >
On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> IMA will use the module_signature format for append signatures, so export
> the relevant definitions and factor out the code which verifies that the
> appended signature trailer is valid.
>
> Also, create a CONFIG_MODULE_SIG_FORMAT
On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> If the func_tokens array uses the same indices as enum ima_hooks,
> policy_func_show can be a lot simpler, and the func_* enum becomes
> unnecessary.
My main concern with separating the enumeration from the string
definition is that
On Fri, 2017-04-07 at 10:17 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA
> > > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?
> >
> > Not quite, since as Da
On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:
> On 04/07/17 at 08:07am, David Howells wrote:
> > Dave Young wrote:
> >
> > > > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > > > we're not
> > > > > > +* going to verify the signature on them
> > > > > > +
On Fri, 2017-04-07 at 08:09 +0100, David Howells wrote:
> Mimi Zohar wrote:
>
> > > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > > > kernel_is_locked_down())
> > > > + return -EPERM;
> > > > +
> > &g
On Fri, 2017-04-07 at 14:19 +0800, Dave Young wrote:
> On 04/06/17 at 11:49pm, Mimi Zohar wrote:
> > On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> > > On 04/05/17 at 09:15pm, David Howells wrote:
> > > > From: Chun-Yi Lee
> > > >
> >
On Fri, 2017-04-07 at 11:05 +0800, Dave Young wrote:
> On 04/05/17 at 09:15pm, David Howells wrote:
> > From: Chun-Yi Lee
> >
> > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> > through kexec_file systemcall if securelevel has been set.
> >
> > This code was showed in Mat
On Sat, 2017-04-01 at 20:33 -0700, Eric Biggers wrote:
> On Sat, Apr 01, 2017 at 10:23:57PM -0400, Mimi Zohar wrote:
> > On Sat, 2017-04-01 at 12:17 -0700, Eric Biggers wrote:
> > > From: Eric Biggers
> > >
> > > Since v4.9, the crypto API cannot (normally) be
;$datablob2" ] && echo "Success!"
Have you created an encrypted key on a kernel without this patch and
attempted to load that key on a kernel with this patch? Does it still
work?
Mimi
>
> Cc: Andy Lutomirski
> Cc: Herbert Xu
> Cc: Mimi Zohar
> Cc:
a delays for every TPM
> operation.
>
> This patch calls usleep_range() only if retry is to be done.
>
> Signed-off-by: Nayna Jain
> Cc: sta...@vger.kernel.org (linux-4.8)
> Reviewed-by: Mimi Zohar
Either Reviewed-by/Acked-by is fine.
Can you pick up this patch and rep
On Fri, 2017-02-17 at 20:45 +0200, Jarkko Sakkinen wrote:
> On Fri, Feb 17, 2017 at 07:46:38AM -0500, Mimi Zohar wrote:
> > Hi James,
> >
> > On Wed, 2017-02-15 at 20:09 +0200, Jarkko Sakkinen wrote:
> > > On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger
oblem where IMA gets errors with every PCR Extend.
> >
> > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data")
> > Signed-off-by: Stefan Berger
> > Acked-by: Mimi Zohar
>
> Reviewed-by: Jarkko Sakkinen
This patch needs to be incl
On Wed, 2017-02-01 at 12:30 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 31, 2017 at 05:31:50PM -0500, Mimi Zohar wrote:
> > On Wed, 2017-02-01 at 08:46 +1100, James Morris wrote:
> > > On Tue, 31 Jan 2017, Jarkko Sakkinen wrote:
> > >
> > > > James,
>
On Wed, 2017-02-01 at 08:46 +1100, James Morris wrote:
> On Tue, 31 Jan 2017, Jarkko Sakkinen wrote:
>
> > James,
> >
> > The discussion is about two features:
> >
> > 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks
> >instead of just SHA-1 banks. It is recommended by
On Wed, 2017-01-25 at 10:31 +0100, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Tue, 24 Jan 2017 20:30:55 +0100
>
> Move the jump label directly before the desired assignment for the
> variable "valid_policy" at the end so that the variable "result" will not
> be checked once more afte
On Wed, 2017-01-25 at 10:34 +0100, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Tue, 24 Jan 2017 22:47:07 +0100
>
> A local variable was set to an error code in three cases before a concrete
> error situation was detected. Thus move the corresponding assignments into
> if branches to i
On Thu, 2017-01-12 at 13:08 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > On Fri, 2016-12-16 at 12:08 +0300, Dan Carpenter wrote:
> > > This function has two callers and neither are able to handle a NULL
> > > return. Really, -EINVAL is the correct t
On Mon, 2017-01-09 at 14:44 -0500, Jeff Layton wrote:
> On Sun, 2017-01-08 at 20:09 +0100, Christoph Hellwig wrote:
> > On Sun, Jan 08, 2017 at 10:57:28AM -0800, James Bottomley wrote:
> > >
> > > I'm unsure about the DIO case, so lets try defining the semantics and
> > > see if they're implementa
On Sun, 2017-01-08 at 19:26 +, Al Viro wrote:
> On Sun, Jan 08, 2017 at 08:09:55PM +0100, Christoph Hellwig wrote:
>
> > No. We need an ->ima_measure file_operation, guts of process_measurement
> > turned into a library function that the FS can call after taking fs-specific
> > locks. And ma
On Sun, 2017-01-08 at 20:09 +0100, Christoph Hellwig wrote:
> On Sun, Jan 08, 2017 at 10:57:28AM -0800, James Bottomley wrote:
> > I'm unsure about the DIO case, so lets try defining the semantics and
> > see if they're implementable for DIO, otherwise simply exclude it.
>
> Let's start with the s
On Sun, 2017-01-08 at 10:57 -0800, James Bottomley wrote:
> On Sun, 2017-01-08 at 19:18 +0100, Christoph Hellwig wrote:
> > On Sun, Jan 08, 2017 at 09:59:25AM -0800, James Bottomley wrote:
> > > Hey, that's not really true: the inode lock (i_rwsem) is used in
> > > all sorts of generic places, inc
On Sun, 2017-01-08 at 16:37 +0100, Christoph Hellwig wrote:
> On Sun, Jan 08, 2017 at 10:31:22AM -0500, Mimi Zohar wrote:
> > > Depends on the file system. In addition to XFS at least the NFS
> > > also uses i_rwsem by default. Also all file systems supporting
On Sun, 2017-01-08 at 16:14 +0100, Christoph Hellwig wrote:
> On Sun, Jan 08, 2017 at 10:03:09AM -0500, Mimi Zohar wrote:
> > But not normally for a normal file read.
>
> Depends on the file system. In addition to XFS at least the NFS
> also uses i_rwsem by default. Als
On Sun, 2017-01-08 at 15:52 +0100, Christoph Hellwig wrote:
> On Sun, Jan 08, 2017 at 09:48:44AM -0500, Mimi Zohar wrote:
> > IMA takes the i_rwsem (fomerly i_mutex) before reading the file to
> > synchronize calculating the file hash and validating the file's
> >
Validation of a file's signature/hash, calculating a file's hash, or
simply audit logging a file's hash prior to use, with commit
6552321831dc "xfs: remove i_iolock and use i_rwsem in the VFS inode
instead" cause the system to hang.
IMA takes the i_rwsem (fomerly i_mutex) before reading the file t
On Tue, 2017-01-03 at 00:15 +0200, Jarkko Sakkinen wrote:
> On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> > IMA extends its hash measurements in the TPM PCRs, based on policy.
> > The existing in-kernel TPM extend function extends only the SHA1
> > PCR bank. TPM 2.0 defines multiple
Hi Dan,
On Fri, 2016-12-16 at 12:08 +0300, Dan Carpenter wrote:
> This function has two callers and neither are able to handle a NULL
> return. Really, -EINVAL is the correct thing return here anyway. This
> fixes some static checker warnings like:
>
> security/keys/encrypted-keys/encrypt
Since this discussion affects which keys can be added to trusted
keyrings, cc'ing linux-ima-devel.
On Fri, 2016-12-02 at 10:57 -0800, James Bottomley wrote:
> On Thu, 2016-11-24 at 11:17 -0800, James Bottomley wrote:
> > On Mon, 2016-11-21 at 16:16 +, Ard Biesheuvel wrote:
> > > On 16 November
On Wed, 2016-11-30 at 08:03 -0500, Mimi Zohar wrote:
> On Wed, 2016-11-30 at 15:52 +1100, Michael Ellerman wrote:
> Thaigo tested the patches yesterday. Everything seemed fine. After
> cherry picking the kexec_file_load() patches and rebasing the
> restore_kexec patches on top of i
(Thiago)
Changelog v3:
- include the ima_kexec_hdr size in the binary_runtime_measurement size.
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
---
security/integrity/ima/Kconfig | 12 +
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_queue.c | 53
"synchronize_rcu" (reported by Dmitry Kasatkin)
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
---
security/integrity/ima/ima_template.c | 52 +--
1 file changed, 49 insertions(+), 3 deletions(-)
diff --git a/security/integrity/ima/ima_template.c
ystems
expecting the binary_runtime_measurements list to be in platform native
format.
Changelog v3:
- restore PCR value properly
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 4
security/integrity/ima/ima.h | 6 ++
security/in
l IMA functions (Mimi)
- move code from ima_template.c to ima_kexec.c (Mimi)
Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zohar
Acked-by: "Eric W. Biederman"
Acked-by: Dmitry Kasatkin
---
include/linux/ima.h| 12
kernel/kexec_file.c
-off-by: Mimi Zohar
---
security/integrity/ima/ima_crypto.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index 38f2ed830dd6..802d5d20f36f 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b
alled during __setup before normal initialization. (kernel
test robot)
- remove __init annotation of ima_init_template_list()
Changelog v2:
- fix lookup_template_desc() preemption imbalance (kernel test robot)
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
---
security/integrity/ima/ima.h
igned long for size arguments.
- Use CONFIG_IMA_KEXEC to build this code only when necessary.
Signed-off-by: Thiago Jung Bauermann
Acked-by: "Eric W. Biederman"
Signed-off-by: Mimi Zohar
---
arch/powerpc/include/asm/ima.h | 16 +
arch/powerpc/include/asm/kexec.h
Jung Bauermann
Acked-by: "Eric W. Biederman"
Signed-off-by: Mimi Zohar
---
arch/Kconfig| 3 +
arch/powerpc/Kconfig| 1 +
arch/powerpc/include/asm/ima.h | 13 +++
arch/powerpc/include/asm/kexec.h| 1
se types with well defined sizes (M. Ellerman)
- defined missing ima_load_kexec_buffer() stub function
Changelog v1:
- call ima_load_kexec_buffer() (Thiago)
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
---
security/integrity/ima/Makefile | 1 +
security/integrity/ima/ima.h
try is the delimiter between soft
boots.
Changelog v7:
- use boolean for indicating hash should be added to hash table.
(Reported by Dmitry Kasatkin)
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
---
security/integrity/ima/ima_queue.c | 16 ++--
1 file changed, 10 insertions(+), 6
m/linux/kernel/git/zohar/linux-integrity.git
Changelog v8:
- Additional change, based on Dmitry Kataskin's review, and Acks
Changelog v7:
- Updated to reflect Dmitry Kasatkin's patch review
- Rebased on top of "next-fixes" branch
Andreas Steffen (1):
ima: platform-independent hash val
On Wed, 2016-11-30 at 15:52 +1100, Michael Ellerman wrote:
> Andrew Morton writes:
>
> > On Tue, 29 Nov 2016 23:45:46 +1100 Michael Ellerman
> > wrote:
> >
> >> This is v11 of the kexec_file_load() for powerpc series.
> >>
> >> I've stripped this down to the minimum we need, so we can get this
On Mon, 2016-11-21 at 15:17 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > > > > This allows keys in the UEFI database to be added in secure boot mode
> > > > > for the purposes of module signing.
> > > >
> > > > T
On Thu, 2016-11-17 at 09:56 +, David Howells wrote:
> Petko Manolov wrote:
>
> > On 16-11-16 18:11:13, David Howells wrote:
> > > Allow keys to be added to the system secondary certificates keyring
> > > during
> > > kernel initialisation in an unrestricted fashion. Such keys are
> > > im
Hi Andrew,
Thank you for carrying the IMA kexec patches. I have a couple of
patches that need to be included in linux-next. (I've just pushed them
to my #next branch.) On 11/10, I posted a more recent version of the
IMA kexec patches based on top these fixes, with some bug fixes and
cleanup, b
l IMA functions (Mimi)
- move code from ima_template.c to ima_kexec.c (Mimi)
Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zohar
Acked-by: "Eric W. Biederman"
---
include/linux/ima.h| 12
kernel/kexec_file.c| 4 ++
security/integr
r() stub function
Changelog v1:
- call ima_load_kexec_buffer() (Thiago)
Signed-off-by: Mimi Zohar
---
security/integrity/ima/Makefile | 1 +
security/integrity/ima/ima.h | 21
security/integrity/ima/ima_init.c | 2 +
security/integrity/ima/ima_kexec.c| 44 +
(Thiago)
Changelog v3:
- include the ima_kexec_hdr size in the binary_runtime_measurement size.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/Kconfig | 12 +
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_queue.c | 53 --
3
m/linux/kernel/git/zohar/linux-integrity.git
Changelog v7:
- Updated to reflect Dmitry Kasatkin's patch review
- Rebased on top of "next-fixes" branch
Andreas Steffen (1):
ima: platform-independent hash value
Mimi Zohar (7):
ima: on soft reboot, restore the measurement list
ima: pe
Jung Bauermann
Acked-by: "Eric W. Biederman"
Signed-off-by: Mimi Zohar
---
arch/Kconfig| 3 +
arch/powerpc/Kconfig| 1 +
arch/powerpc/include/asm/ima.h | 13 +++
arch/powerpc/include/asm/kexec.h| 1
alled during __setup before normal initialization. (kernel
test robot)
- remove __init annotation of ima_init_template_list()
Changelog v2:
- fix lookup_template_desc() preemption imbalance (kernel test robot)
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima.h | 2 ++
security/inte
try is the delimiter between soft
boots.
Changelog v7:
- use boolean for indicating hash should be added to hash table.
(Reported by Dmitry Kasatkin)
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_queue.c | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git
-off-by: Mimi Zohar
---
security/integrity/ima/ima_crypto.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index 38f2ed830dd6..802d5d20f36f 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b
igned long for size arguments.
- Use CONFIG_IMA_KEXEC to build this code only when necessary.
Signed-off-by: Thiago Jung Bauermann
Acked-by: "Eric W. Biederman"
Signed-off-by: Mimi Zohar
---
arch/powerpc/include/asm/ima.h | 16 +
arch/powerpc/include/asm/kexec.h
"synchronize_rcu" (reported by Dmitry Kasatkin)
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_template.c | 52 +--
1 file changed, 49 insertions(+), 3 deletions(-)
diff --git a/security/integrity/ima/ima_template.c
b/security/integrity/ima/ima_templa
ystems
expecting the binary_runtime_measurements list to be in platform native
format.
Changelog v3:
- restore PCR value properly
Signed-off-by: Mimi Zohar
---
Documentation/kernel-parameters.txt | 4
security/integrity/ima/ima.h | 6 ++
security/integrity/ima/ima
On Tue, 2016-11-08 at 15:47 -0500, Mimi Zohar wrote:
> On Tue, 2016-11-08 at 21:46 +0200, Dmitry Kasatkin wrote:
> > On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
> > > +/* Restore the serialized binary measurement list without extending
> &g
On Wed, 2016-11-09 at 15:19 +1100, Stephen Rothwell wrote:
> Hi Andrew,
>
> Today's linux-next merge of the akpm tree got a conflict in:
>
> Documentation/admin-guide/kernel-parameters.rst
>
> between commit:
>
> e52347bd66f6 ("Documentation/admin-guide: split the kernel parameter list
> t
On Tue, 2016-11-08 at 22:05 +0200, Dmitry Kasatkin wrote:
> On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
> wrote:
> > From: Mimi Zohar
> >
> > In preparation for serializing the binary_runtime_measurements, this patch
> > maintains the amount of memory
On Tue, 2016-11-08 at 21:46 +0200, Dmitry Kasatkin wrote:
> On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
> wrote:
> > From: Mimi Zohar
> >
> > The TPM PCRs are only reset on a hard reboot. In order to validate a
> > TPM's quote after a soft reboot
On Thu, 2016-09-29 at 16:37 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > The TPM PCRs are only reset on a hard reboot. In order to validate a
> > TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> > of the running kernel must
dr_v1->template_name_len (Colin King)
Changelog v2:
- redefined ima_kexec_hdr to use types with well defined sizes (M. Ellerman)
- defined missing ima_load_kexec_buffer() stub function
Changelog v1:
- call ima_load_kexec_buffer() (Thiago)
Signed-off-by: Mimi Zohar
---
security/integrity/ima/
try is the delimiter between soft
boots.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_queue.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/security/integrity/ima/ima_queue.c
b/security/integrity/ima/ima_queue.c
index 4b1bb77..12d1b04 100644
---
.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/Kconfig | 12 +
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_queue.c | 53 --
3 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/Kconfig
otation of ima_init_template_list()
Changelog v2:
- fix lookup_template_desc() preemption imbalance (kernel test robot)
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima/ima_main.c | 1 +
security/integrity/ima/ima_templ
The configured IMA measurement list template format can be replaced at
runtime on the boot command line, including a custom template format.
This patch adds support for restoring a measuremement list containing
multiple builtin/custom template formats.
Signed-off-by: Mimi Zohar
---
security
ystems
expecting the binary_runtime_measurements list to be in platform native
format.
Changelog v3:
- restore PCR value properly
Signed-off-by: Mimi Zohar
---
Documentation/kernel-parameters.txt | 4
security/integrity/ima/ima.h | 6 ++
security/integrity/ima/ima
l IMA functions (Mimi)
- move code from ima_template.c to ima_kexec.c (Mimi)
Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zohar
---
include/linux/ima.h| 12
kernel/kexec_file.c| 4 ++
security/integrity/ima/ima.h | 1 +
securit
From: Thiago Jung Bauermann
The IMA kexec buffer allows the currently running kernel to pass
the measurement list via a kexec segment to the kernel that will be
kexec'd.
This is the architecture-specific part of setting up the IMA kexec
buffer for the next kernel. It will be used in the next pat
From: Thiago Jung Bauermann
The IMA kexec buffer allows the currently running kernel to pass
the measurement list via a kexec segment to the kernel that will be
kexec'd. The second kernel can check whether the previous kernel sent
the buffer and retrieve it.
This is the architecture-specific par
ting the segment size to half
of the totalram_pages.
- Fixed kernel test robot reports as enumerated in the respective
patch changelog.
Changelog v2:
- Canonical measurement list support added
- Redefined the ima_kexec_hdr struct to use well defined sizes
Andreas Steffen (1):
ima: platform-i
-off-by: Mimi Zohar
---
security/integrity/ima/ima_crypto.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index 38f2ed8..802d5d2 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security
Hi Colin,
On Tue, 2016-09-20 at 18:25 +0100, Colin King wrote:
> From: Colin Ian King
>
> The comparison of dr_v1->template_name_len is off-by-one, so
> currently if the length is MAX_TEMPLATE_NAME_LEN we end up
> with an out-of-bounds write on template_name when the terminating
> zero character
Hi Andrew,
On Wed, 2016-08-31 at 18:38 -0400, Mimi Zohar wrote:
> On Wed, 2016-08-31 at 13:50 -0700, Andrew Morton wrote:
> > On Tue, 30 Aug 2016 18:40:02 -0400 Mimi Zohar
> > wrote:
> >
> > > The TPM PCRs are only reset on a hard reboot. In order to validate a
ormat.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_fs.c| 2 +-
security/integrity/ima/ima_kexec.c | 51 ++
3 files changed, 53 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima.h b/sec
1001 - 1100 of 1804 matches
Mail list logo