the local variable ima_kexec_file in ima_dump_measurement_list()
as local static to the file, so that it can be accessed from
as -> a
ima_alloc_kexec_file_buf().
- Make necessary changes to the function ima_add_kexec_buffer() to call
the above two functions.
Suggested-by: Ste
On 2/14/24 10:38, Tushar Sugandhi wrote:
The amount of memory allocated at kexec load, even with the extra memory
allocated, might not be large enough for the entire measurement list. The
indeterminate interval between kexec 'load' and 'execute' could exacerbate
this problem.
Define two new
On 2/14/24 10:38, Tushar Sugandhi wrote:
The amount of memory allocated at kexec load, even with the extra memory
allocated, might not be large enough for the entire measurement list. The
indeterminate interval between kexec 'load' and 'execute' could exacerbate
this problem.
Define two new
On 2/14/24 10:38, Tushar Sugandhi wrote:
ima_dump_measurement_list() is called during kexec 'load', which may
result in loss of IMA measurements during kexec soft reboot. It needs
to be called during kexec 'execute'.
This patch includes the following changes:
- Call
register_reboot_notifier(_buffer_nb);
+ ima_kexec_update_registered = true;
+ }
+}
+
#endif /* IMA_KEXEC */
/*
Reviewed-by: Stefan Berger
E_KERNEL);
+ kfree(src_pages);
+
+ if (!vaddr)
+ pr_err("%s: Could not map ima buffer.\n", __func__);
+
+ return vaddr;
+}
+
+void kimage_unmap_segment(void *segment_buffer)
+{
+ vunmap(segment_buffer);
+}
+
struct kexec_load_limit {
/* Mutex protects the limit count. */
struct mutex mutex;
Reviewed-by: Stefan Berger
On 1/23/24 21:54, Stefan Berger wrote:
On 1/22/24 13:37, Tushar Sugandhi wrote:
Refactor ima_dump_measurement_list() to move the memory allocation part
to a separate function ima_alloc_kexec_file_buf() which allocates buffer
of size 'kexec_segment_size' at kexec 'load'. Make the local
On 1/22/24 13:37, Tushar Sugandhi wrote:
Refactor ima_dump_measurement_list() to move the memory allocation part
to a separate function ima_alloc_kexec_file_buf() which allocates buffer
of size 'kexec_segment_size' at kexec 'load'. Make the local variable
ima_kexec_file in function
On 1/23/24 16:19, Tushar Sugandhi wrote:
Thanks again Stefan for taking a look.
On 1/23/24 11:02, Stefan Berger wrote:
On 1/22/24 13:38, Tushar Sugandhi wrote:
The extra memory allocated for carrying the IMA measurement list across
kexec is hardcoded as half a PAGE. Make it configurable
On 1/22/24 13:38, Tushar Sugandhi wrote:
The extra memory allocated for carrying the IMA measurement list across
kexec is hardcoded as half a PAGE. Make it configurable.
Define a Kconfig option, IMA_KEXEC_EXTRA_MEMORY_KB, to configure the
extra memory (in kb) to be allocated for IMA
() function not to measure
events when 'suspend_ima_measurements' flag is set.
This ensures the integrity of the IMA log while it is being copied over
to the new Kernel during kexec 'execute'.
Signed-off-by: Tushar Sugandhi
Reviewed-by: Stefan Berger
---
security/integrity/ima/ima.h | 2
On 1/22/24 13:37, Tushar Sugandhi wrote:
Implement kimage_map_segment() to enable mapping of IMA buffer source
pages to the kimage structure post kexec 'load'. This function,
accepting a kimage pointer, an address, and a size, will gather the
source pages within the specified address range,
On 1/11/24 13:13, Tushar Sugandhi wrote:
On 1/7/24 09:00, Mimi Zohar wrote:
On Fri, 2024-01-05 at 12:20 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/Kconfig
b/security/integrity/ima/Kconfig
index 60a511c6b583..8792b7aab768 100644
--- a/security/integrity/ima/Kconfig
On 11/16/23 17:07, Paul Moore wrote:
On Tue, Nov 14, 2023 at 1:58 PM Stefan Berger wrote:
On 11/14/23 13:36, Sush Shringarputale wrote:
On 11/13/2023 10:59 AM, Stefan Berger wrote:
On 10/19/23 14:49, Tushar Sugandhi wrote
On 11/14/23 13:36, Sush Shringarputale wrote:
On 11/13/2023 10:59 AM, Stefan Berger wrote:
On 10/19/23 14:49, Tushar Sugandhi wrote:
===
| Introduction
On 10/19/23 14:49, Tushar Sugandhi wrote:
===
| Introduction |
===
This document provides a detailed
On 10/20/23 16:39, Tushar Sugandhi wrote:
On 10/12/23 17:27, Stefan Berger wrote:
On 10/5/23 14:26, Tushar Sugandhi wrote:
IMA currently allocates half a PAGE_SIZE for the extra events that
would
be measured between kexec 'load' and 'execute'. Depending on the IMA
policy and the system
On 10/20/23 16:33, Tushar Sugandhi wrote:
Thanks a lot Stefan for reviewing this series.
Really appreciate it.
You are welcome.
What may be a bit problematic is the fact that between the time the
buffer for the flattened IMA log is allocated (kexec 'load') and the
time it is filled
On 10/5/23 14:25, Tushar Sugandhi wrote:
IMA allocates memory and dumps the measurement during kexec soft reboot
as a single function call ima_dump_measurement_list(). It gets called
during kexec 'load' operation. It results in the IMA measurements
between the window of kexec 'load' and
On 10/5/23 14:26, Tushar Sugandhi wrote:
The window between kexec 'load' and 'execute' could be arbitrarily long.
Even with the large chunk of memory allocated at kexec 'load', it may
run out which would result in missing events in IMA log after the system
soft reboots to the new Kernel. This
On 10/5/23 14:26, Tushar Sugandhi wrote:
IMA currently allocates half a PAGE_SIZE for the extra events that would
be measured between kexec 'load' and 'execute'. Depending on the IMA
policy and the system state, that memory may not be sufficient to hold
the extra IMA events measured after
On 10/5/23 14:25, Tushar Sugandhi wrote:
Currently, the mechanism to map and unmap segments to the kimage
structure is not available to the subsystems outside of kexec. This
functionality is needed when IMA is allocating the memory segments
during kexec 'load' operation.
Implement
On 10/5/23 14:25, Tushar Sugandhi wrote:
In the current IMA implementation, ima_dump_measurement_list() is called
during the kexec 'load' operation. This can result in loss of IMA
measurements taken between the 'load' and 'execute' phases when the
system goes through Kexec soft reboot to a
On 8/11/23 11:57, Tushar Sugandhi wrote:
[1]
https://patchwork.kernel.org/project/linux-integrity/cover/20230801181917.8535-1-tusha...@linux.microsoft.com/
The shards should will need to be written into some sort of standard location
or a config file needs to
be defined, so that
On 8/9/23 21:15, Tushar Sugandhi wrote:
Thanks a lot Stefan for looking into this proposal,
and providing your feedback. We really appreciate it.
On 8/7/23 15:49, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote
On 8/8/23 14:26, James Bottomley wrote:
On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not feasible, since it
makes the log go out
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not feasible, since it makes
the log go out of sync with the TPM PCR quote making remote
attestation fail.
This assumption isn't entirely
On 8/3/23 18:36, Mimi Zohar wrote:
On Thu, 2023-08-03 at 18:09 -0400, Stefan Berger wrote:
I can remove the kexec example if it is causing confusion.> Please let me know.
I am not convinced we need this series ... :-( Your kexec series prevents
further logging and especially
On 8/3/23 17:30, Tushar Sugandhi wrote:
Thanks Stefan for reviewing this series. Appreciate it.
On 8/3/23 06:37, Stefan Berger wrote:
On 8/1/23 14:19, Tushar Sugandhi wrote:
Entries in IMA log may be lost due to code bugs, certain error conditions
I hope we don't have such bugs. And I
On 8/1/23 14:19, Tushar Sugandhi wrote:
Entries in IMA log may be lost due to code bugs, certain error conditions
I hope we don't have such bugs. And I guess the most critical ones would be
between logging and PCR extensions
being met etc. This can result in TPM PCRs getting out of sync
On 7/3/23 17:57, Tushar Sugandhi wrote:
The IMA subsystem needs a dedicated mechanism to reserve extra memory for
measurements added between the kexec 'load' and kexec 'execute'.
Update ima_add_kexec_buffer to allocate a buffer of a sufficient size
taking ima binary runtime measurements
On 7/11/23 14:41, Tushar Sugandhi wrote:
Adding Eric to cc.
On 7/7/23 05:28, Stefan Berger wrote:
On 7/3/23 17:57, Tushar Sugandhi wrote:
Currently, there's no mechanism to map and unmap segments to the kimage
structure. This functionality is needed when dealing with memory segments
On 7/3/23 17:57, Tushar Sugandhi wrote:
Currently, there's no mechanism to map and unmap segments to the kimage
structure. This functionality is needed when dealing with memory segments
in the context of a kexec operation.
The patch adds two new functions: kimage_map_segment() and
On 6/9/23 14:18, Jarkko Sakkinen wrote:
On Thu May 25, 2023 at 1:56 AM EEST, Jerry Snitselaar wrote:
On Tue, Apr 18, 2023 at 09:44:07AM -0400, Stefan Berger wrote:
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so
On 6/6/23 11:59, Mimi Zohar wrote:
On Tue, 2023-06-06 at 11:37 -0400, Stefan Berger wrote:
On 5/31/23 18:43, Mimi Zohar wrote:
On Wed, 2023-05-31 at 15:02 -0700, Tushar Sugandhi wrote:
Hi Mimi,
On 5/31/23 04:39, Mimi Zohar wrote:
Hi Tushar,
On Thu, 2023-05-25 at 10:21 -0700, Tushar
On 5/31/23 18:43, Mimi Zohar wrote:
On Wed, 2023-05-31 at 15:02 -0700, Tushar Sugandhi wrote:
Hi Mimi,
On 5/31/23 04:39, Mimi Zohar wrote:
Hi Tushar,
On Thu, 2023-05-25 at 10:21 -0700, Tushar Sugandhi wrote:
The issue of IMA measurements getting lost between kexec 'load' and 'execute'
On 5/24/23 19:16, Jerry Snitselaar wrote:
On Tue, Apr 18, 2023 at 09:44:08AM -0400, Stefan Berger wrote:
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed
a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
Tested-by: Nageswara R Sastry
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed-by: Mimi Zohar
Reviewed-by: Rob Herring
Tested-by: Nageswara R Sastry
Tested-by: Coiby Xu
---
v6:
- Add
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
for x86
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree specific function commonly available
of: kexec: Refactor IMA buffer related functions to make them reusable
tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
and
potentially better alternative, also from the perspective of the changes need,
which is a lot less , and it's already used for other stuff as well.
Stefan
On Thu, Sep 01, 2022 at 05:46:06PM -0400, Stefan Berger wrote:
The of-tree subsystem does not currently preserve the IBM vTPM 1.2 and
vTPM 2.0
On 9/14/22 14:01, Rob Herring wrote:
On Mon, Sep 12, 2022 at 8:01 AM Stefan Berger wrote:
Hi Rob,
can you take this series in your tree?
IMO, it should be someone that cares about TPM, kexec, or powerpc.
Yes, there's code in drivers/of/, but that is purely to avoid
duplication
Hi Rob,
can you take this series in your tree?
Regards,
Stefan
On 9/1/22 17:46, Stefan Berger wrote:
The of-tree subsystem does not currently preserve the IBM vTPM 1.2 and
vTPM 2.0 measurement logs across a kexec on PowerVM and PowerKVM. This
series fixes this for the kexec_file_load
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed-by: Mimi Zohar
Reviewed-by: Rob Herring
Tested-by: Nageswara R Sastry
Tested-by: Coiby Xu
---
v6:
- Add
a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
Tested-by: Nageswara R Sastry
- Changes to individual patches documented in patch descripitons
v3:
- Moved TPM Open Firmware related function to
drivers/char/tpm/eventlog/tpm_of.c
v2:
- rearranged patches
- fixed compilation issues for x86
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan
On 8/15/22 02:48, Coiby Xu wrote:
I can confirm this patch set fixes an issue that guest kdump kernel
crashes on POWER9 host by applying it to 5.19.1 (there is a conflict
when applying this patch set to latest kernel i.e. 6.0.0-rc1)
I rebased it. 2 of the borrowed patches disappeared now
On 8/12/22 13:10, Borislav Petkov wrote:
On Fri, Aug 12, 2022 at 12:43:02PM -0400, Stefan Berger wrote:
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed-by: Mimi Zohar
Reviewed-by: Rob Herring
Tested-by: Nageswara R Sastry
---
v6:
- Add __init
a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
Tested-by: Nageswara R Sastry
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command line parameters passed to the kernel in the
kexec call may also be measured by IMA.
A remote attestation
function to
drivers/char/tpm/eventlog/tpm_of.c
v2:
- rearranged patches
- fixed compilation issues for x86
Jonathan McDowell (1):
x86/kexec: Carry forward IMA measurement log on kexec
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree
On 7/10/22 23:04, Jarkko Sakkinen wrote:
On Wed, Jul 06, 2022 at 11:23:27AM -0400, Stefan Berger wrote:
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new
On 7/11/22 18:04, Mimi Zohar wrote:
Hi Stefan,
On Thu, 2022-07-07 at 13:20 -0400, Stefan Berger wrote:
- /*
-* For both vtpm/tpm, firmware has log addr and log size in big
-* endian format. But in case of vtpm, there is a method called
-* sml-handover which
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v6:
- Add __init to get_kexec_buffer as suggested by Jonathan
v5:
- Rebased on Jonathan McDowell's commit
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the
McDowell (1):
x86/kexec: Carry forward IMA measurement log on kexec
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree specific function commonly available
of: kexec: Refactor IMA buffer related functions to make them reusable
tpm
a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
---
v6:
- Define prototype
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command line parameters passed to the kernel in the
kexec call may also be measured by IMA.
A remote attestation
On 7/7/22 10:47, Jonathan McDowell wrote:
On Wed, Jul 06, 2022 at 11:23:28AM -0400, Stefan Berger wrote:
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v5
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v5:
- Rebased on Jonathan McDowell's commit "b69a2afd5afc x86/kexec: Carry
forward IMA measurement log on
a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
---
v4:
- Added #include due
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command line parameters passed to the kernel in the
kexec call may also be measured by IMA.
A remote attestation
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file
: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree specific function commonly available
of: kexec: Refactor IMA buffer related functions to make them reusable
tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Vaibhav Jain (1):
of: check previous kernel's ima
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
On 7/6/22 10:00, Jonathan McDowell wrote:
On Tue, Jul 05, 2022 at 06:46:54PM -0400, Mimi Zohar wrote:
[Cc'ing Borislav Petkov , Jonathan McDowell
]
Hi Stefan,
On Thu, 2022-06-30 at 22:26 -0400, Stefan Berger wrote:
Refactor IMA buffer related functions to make them reusable for carrying
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
to
drivers/char/tpm/eventlog/tpm_of.c
v2:
- rearranged patches
- fixed compilation issues for x86
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree specific function commonly available
of: kexec: Refactor IMA buffer related
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
[ Several tags removed; for testing by krobot ]
Signed-off-by: Palmer Dabbelt
---
drivers/of/kexec.c | 4 ++--
1 file
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v4:
- Move debug output into setup_buffer()
---
drivers/of/kexec.c | 131
a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
---
v4:
- Added #include due
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the
On 6/28/22 22:45, Jarkko Sakkinen wrote:
On Tue, Jun 28, 2022 at 09:29:48AM -0400, Stefan Berger wrote:
On 6/27/22 18:43, Rob Herring wrote:
On Thu, Jun 16, 2022 at 11:41:28AM -0400, Stefan Berger wrote:
Simplify tpm_read_log_of() by moving Openfirmware-specific code
On 6/28/22 12:58, Stefan Berger wrote:
The of-tree subsystem does not currently preserve the IBM vTPM 1.2 and
vTPM 2.0 measurement logs across a kexec on ppc64. This series fixes this
for the kexec_file_load() syscall using the flattened device tree (fdt) to
carry the measurement log's buffer
the function to restore the buffer even if
the TPM subsystem or driver are not used. This allows the buffer to be
carried across the next kexec without involvement of the TPM subsystem
and ensures a valid buffer pointed to by the of-tree.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
drivers/of/kexec.c | 99 +-
1 file changed, 62 insertions(+), 37
that
of_tpm_get_sml_parameters() can be called from kexec even if the TPM
subsystem is not enabled.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
Cc: Jason Gunthorpe
Cc: Rob Herring
Cc: Frank Rowand
---
drivers/char/Makefile | 1 +
drivers/char/tpm/Makefile | 1
The of-tree subsystem does not currently preserve the IBM vTPM 1.2 and
vTPM 2.0 measurement logs across a kexec on ppc64. This series fixes this
for the kexec_file_load() syscall using the flattened device tree (fdt) to
carry the measurement log's buffer across kexec.
Stefan
Stefan Berger (3
On 6/27/22 18:43, Rob Herring wrote:
On Thu, Jun 16, 2022 at 11:41:28AM -0400, Stefan Berger wrote:
Simplify tpm_read_log_of() by moving Openfirmware-specific code into
the Openfirmware driver to make the code reusable. Call the new
There is no such 'Openfirmware driver
On 6/27/22 18:33, Rob Herring wrote:
On Thu, Jun 16, 2022 at 11:41:27AM -0400, Stefan Berger wrote:
The of-tree driver does not currently preserve the IBM vTPM 1.2 and
vTPM 2.0 measurement logs across a kexec. This series fixes this for the
kexec_file_load() syscall using the flattened
the function to restore the buffer even if
the TPM subsystem or driver are not used. This allows the buffer to be
carried across the next kexec without involvement of the TPM subsystem
and ensures a valid buffer pointed to by the of-tree.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc
- fixed compilation issues for x86
Stefan Berger (3):
tpm: of: Move of-tree specific code from tpm driver into of driver
of: kexec: Refactor IMA buffer related functions to make them reusable
tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
drivers/char/tpm/eventlog/of.c | 31
Simplify tpm_read_log_of() by moving Openfirmware-specific code into
the Openfirmware driver to make the code reusable. Call the new
of_tpm_get_sml_parameters() function from the TPM Openfirmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
Cc: Jason Gunthorpe
Cc: Rob Herring
Cc
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
drivers/of/kexec.c | 99 +-
1 file changed, 62 insertions(+), 37
On 6/15/22 16:14, Rob Herring wrote:
On Wed, Jun 15, 2022 at 09:08:04AM -0400, Stefan Berger wrote:
On 6/14/22 13:48, Rob Herring wrote:
(),On Tue, Jun 14, 2022 at 10:13 AM Stefan Berger wrote:
The memory area of the TPM measurement log is currently not properly
duplicated for carrying
On 6/14/22 13:48, Rob Herring wrote:
(),On Tue, Jun 14, 2022 at 10:13 AM Stefan Berger wrote:
The memory area of the TPM measurement log is currently not properly
duplicated for carrying it across kexec when an Open Firmware
Devicetree is used. Therefore, the contents of the log get
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
---
drivers/of/kexec.c | 98 +-
1 file changed, 62 insertions(+), 36 deletions(-)
diff
Simplify tpm_read_log_of() and call of_tpm_get_sml_parameters() to get
the base and size of the TPM log.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
Cc: Jason Gunthorpe
---
drivers/char/tpm/eventlog/of.c | 31 +--
1 file changed, 5 insertions(+), 26 deletions
1 - 100 of 102 matches
Mail list logo
