On 6/19/20 5:41 PM, Thiago Jung Bauermann wrote:
Prakhar Srivastava writes:
Integrity measurement architecture(IMA) validates if files
have been accidentally or maliciously altered, both remotely and
locally, appraise a file's measurement against a "good" value stored
On 6/19/20 5:19 PM, Thiago Jung Bauermann wrote:
Prakhar Srivastava writes:
Powerpc has support to carry over the IMA measurement logs. Refatoring the
non-architecture specific code out of arch/powerpc and into security/ima.
The code adds support for reserving and freeing up of memory
Add support for arm64 to carry over IMA measurement logs.
Update arm64 code to call into functions made available in patch 1/3.
---
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/ima.h | 17 ++
arch/arm64/include/asm/kexec.h | 3 ++
arch/arm64/ker
Integrity measurement architecture(IMA) validates if files
have been accidentally or maliciously altered, both remotely and
locally, appraise a file's measurement against a "good" value stored
as an extended attribute, and enforce local file integrity.
IMA also measures singatures of kernel and in
ec or cold boot.
Prakhar Srivastava (3):
Refactoring powerpc code for carrying over IMA measurement logs, to
move non architecture specific code to security/ima.
dt-bindings: chosen: Document ima-kexec-buffer carrying over IMA
measuremnt logs over kexec.
Add support for arm64 to carry ove
Powerpc has support to carry over the IMA measurement logs. Refatoring the
non-architecture specific code out of arch/powerpc and into security/ima.
The code adds support for reserving and freeing up of memory for IMA measurement
logs.
---
arch/powerpc/include/asm/ima.h | 10 ---
arch/powe
Add Documentation regarding the ima-kexec-buffer node in
the chosen node documentation
Signed-off-by: Prakhar Srivastava
---
Documentation/devicetree/bindings/chosen.txt | 17 +
1 file changed, 17 insertions(+)
diff --git a/Documentation/devicetree/bindings/chosen.txt
b
IMA during kexec(kexec file load) verifies the kernel signature and measures
the signature of the kernel. The signature in the logs can be used to verfiy
the
authenticity of the kernel. The logs don not get carried over kexec and thus
remote attesation cannot verify the signature of the running k
This patch moves the non-architecture specific code out of powerpc and
adds to security/ima.
Update the arm64 and powerpc kexec file load paths to carry the IMA measurement
logs.
Signed-off-by: Prakhar Srivastava
---
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/ima.h
On 5/22/20 9:08 PM, Thiago Jung Bauermann wrote:
Hello Prakhar,
Prakhar Srivastava writes:
On 5/12/20 4:05 PM, Rob Herring wrote:
On Wed, May 06, 2020 at 10:50:04PM -0700, Prakhar Srivastava wrote:
Hi Mark,
Please don't top post.
This patch set currently only address the Pu
On 5/12/20 4:09 PM, Rob Herring wrote:
On Mon, May 04, 2020 at 01:38:28PM -0700, Prakhar Srivastava wrote:
Introduce a device tree layer for to read and store ima buffer
from the reserved memory section of a device tree.
But why do I need 'a layer of abstraction'? I don't li
On 5/12/20 4:05 PM, Rob Herring wrote:
On Wed, May 06, 2020 at 10:50:04PM -0700, Prakhar Srivastava wrote:
Hi Mark,
Please don't top post.
This patch set currently only address the Pure DT implementation.
EFI and ACPI implementations will be posted in subsequent patchsets.
The log
only changes the node information but memory still is
reserved via reserved-memory section.
On 5/5/20 2:59 AM, Mark Rutland wrote:
Hi Prakhar,
On Mon, May 04, 2020 at 01:38:27PM -0700, Prakhar Srivastava wrote:
IMA during kexec(kexec file load) verifies the kernel signature and measures
the signatu
Add support for ima buffer pass using reserved memory for
arm64 kexec. Update the arch sepcific code path in kexec file load to store
the ima buffer in the reserved memory. The same reserved memory is read on
kexec or cold boot.
Signed-off-by: Prakhar Srivastava
---
arch/arm64/Kconfig
:
arm64 with Uboot
Prakhar Srivastava (2):
Add a layer of abstraction to use the memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer
Introduce a device tree layer for to read and store ima buffer
from the reserved memory section of a device tree.
Signed-off-by: Prakhar Srivastava
---
drivers/of/Kconfig | 6 ++
drivers/of/Makefile | 1 +
drivers/of/of_ima.c | 165
include
16 matches
Mail list logo