On 2/14/24 13:03, Stefan Berger wrote:
On 2/14/24 10:38, Tushar Sugandhi wrote:
The amount of memory allocated at kexec load, even with the extra memory
allocated, might not be large enough for the entire measurement list.
The
indeterminate interval between kexec 'load' and 'execute
On 2/14/24 13:00, Stefan Berger wrote:
On 2/14/24 10:38, Tushar Sugandhi wrote:
The amount of memory allocated at kexec load, even with the extra memory
allocated, might not be large enough for the entire measurement list.
The
indeterminate interval between kexec 'load' and 'execute
On 2/14/24 12:47, Stefan Berger wrote:
On 2/14/24 10:38, Tushar Sugandhi wrote:
...
...
+void kimage_file_post_load(struct kimage *image)
+{
+ ima_kexec_post_load(image);
+}
+
We get this here at this point but it disappears later -- missing header?
kernel/kexec_file.c:189:6
On 2/14/24 11:43, Stefan Berger wrote:
Reviewed-by: Stefan Berger
Thanks for the tag Stefan.
-by: Stefan Berger
Reviewed-by: Stefan Berger
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/Kconfig | 9 +
security/integrity/ima/ima_kexec.c | 15 ++-
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security
it is being copied over
to the new Kernel during kexec 'execute'.
Reviewed-by: Stefan Berger
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima/ima_kexec.c | 7 +++
security/integrity/ima/ima_queue.c | 32 ++
3 files
been loaded for kexec.
ima_kexec_post_load() maps the IMA buffer to a segment in the newly
loaded Kernel. It also registers the reboot notifier_block to trigger
ima_update_kexec_buffer() at exec 'execute'.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h| 3 ++
kernel
in that window which
results in inconsistency with TPM PCR quotes, necessitating a cold boot
for a successful remote attestation.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_kexec.c | 34 +-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git
the
file at kexec 'load' will corrupt the buffer.
Signed-off-by: Tushar Sugandhi
---
kernel/kexec_file.c| 3 ++
security/integrity/ima/ima_kexec.c | 45 +++---
2 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/kernel/kexec_file.c b/kernel
in ima_dump_measurement_list()
as local static to the file, so that it can be accessed from
ima_alloc_kexec_file_buf().
- Make necessary changes to the function ima_add_kexec_buffer() to call
the above two functions.
Suggested-by: Stefan Berger
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima
-by: Tushar Sugandhi
---
include/linux/kexec.h | 13 ++
kernel/kexec_core.c | 59 +++
2 files changed, 67 insertions(+), 5 deletions(-)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 400cb6c02176..3145447eb77a 100644
was copied fully or partially from the
current Kernel to the next.
- Refactored patches to ensure no warnings during individual patch
compilation.
- Used virt_to_page instead of phys_to_page.
- Updated patch descriptions as necessary.
Tushar Sugandhi (8):
ima: define and call
to the
'purgatory_sha_regions'.
Since verify_sha256_digest() only verifies 'purgatory_sha_regions',
no change is needed in verify_sha256_digest() in this context.
With this change, the IMA segment is not included in the digest
calculation, storage, and verification.
Signed-off-by: Tushar Sugandhi
Thanks for catching this Stefan.
On 1/23/24 19:38, Stefan Berger wrote:
kbuf.buffer = kexec_buffer;
kbuf.bufsz = kexec_buffer_size;
kbuf.memsz = kexec_segment_size;
A dent with this patch when only applying this patch:
Two consecutive kexec loads lead to this here:
[
On 1/24/24 06:35, Mimi Zohar wrote:
On Mon, 2024-01-22 at 10:38 -0800, Tushar Sugandhi wrote:
The problem statement could be written as:
The amount of memory allocated at kexec load, even with the extra memory
allocated, might not be large enough for the entire measurement list
On 1/24/24 06:07, Mimi Zohar wrote:
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -121,6 +121,7 @@ void ima_add_kexec_buffer(struct kimage *image)
.buf_min = 0, .buf_max = ULONG_MAX,
On 1/24/24 08:11, Mimi Zohar wrote:
On Mon, 2024-01-22 at 10:38 -0800, Tushar Sugandhi wrote:
ima_dump_measurement_list() is called during kexec 'load', which may
result in loss of IMA measurements during kexec soft reboot. It needs
to be called during kexec 'execute'.
The below changes
Thanks Mimi.
On 1/24/24 05:33, Mimi Zohar wrote:
Hi Tushar,
On Mon, 2024-01-22 at 10:37 -0800, Tushar Sugandhi wrote:
Missing from this and the other patch descriptions is the problem
description. Please refer to the section titled "Describe your changes" in
https://docs.kernel.o
Thanks again Stefan for taking a look.
On 1/23/24 11:02, Stefan Berger wrote:
On 1/22/24 13:38, Tushar Sugandhi wrote:
The extra memory allocated for carrying the IMA measurement list across
kexec is hardcoded as half a PAGE. Make it configurable.
Define a Kconfig option
On 1/23/24 10:18, Stefan Berger wrote:
On 1/22/24 13:38, Tushar Sugandhi wrote:
New measurements added to the IMA log while the log is being copied
during the kexec 'execute' may not get copied over. This can cause the
measurement log to be out of sync with the IMA TPM PCR, which could
Thanks Stefan for taking a look.
On 1/23/24 09:03, Stefan Berger wrote:
On 1/22/24 13:37, Tushar Sugandhi wrote:
Implement kimage_map_segment() to enable mapping of IMA buffer source
pages to the kimage structure post kexec 'load'. This function,
accepting a kimage pointer, an address
instead of phys_to_page.
- Updated patch descriptions as necessary.
Tushar Sugandhi (7):
ima: define and call ima_alloc_kexec_file_buf
kexec: define functions to map and unmap segments
ima: kexec: skip IMA segment validation after kexec soft reboot
ima: kexec: move ima log copy from
.
Signed-off-by: Tushar Sugandhi
---
include/linux/kexec.h | 13 +++
kernel/kexec_core.c| 59 +++---
security/integrity/ima/ima_kexec.c | 1 +
3 files changed, 68 insertions(+), 5 deletions(-)
diff --git a/include/linux/kexec.h b/include
-off-by: Tushar Sugandhi
---
security/integrity/ima/Kconfig | 11 +++
security/integrity/ima/ima_kexec.c | 15 ++-
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 60a511c6b583..fc103288852b
over
to the new Kernel during kexec 'execute'.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima/ima_kexec.c | 7 +++
security/integrity/ima/ima_queue.c | 32 ++
3 files changed, 41 insertions(+)
diff --git
is needed in verify_sha256_digest() in this context.
With this change, the IMA segment is not included in the digest
calculation, storage, and verification.
Signed-off-by: Tushar Sugandhi
---
include/linux/kexec.h | 3 +++
kernel/kexec_file.c| 8
security
loaded and prepared for kexec. Call it only on kexec soft
reboot and not for KEXEC_FILE_ON_CRASH.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h| 3 ++
kernel/kexec_file.c| 8 +++
security/integrity/ima/ima_kexec.c | 82 ++
3
, so that it can be accessed from ima_alloc_kexec_file_buf().
Make necessary changes to the function ima_add_kexec_buffer() to call the
above two functions.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_kexec.c | 96 +-
1 file changed, 67 insertions
implies this is a kexec soft
reboot, and not a cold-boot. And the absence of 'kexec_execute' event
after kexec soft reboot implies missing events in that window which
results in inconsistency with TPM PCR quotes, necessitating a cold boot
for a successful remote attestation.
Signed-off-by: Tushar
On 1/12/24 09:44, Mimi Zohar wrote:
On Thu, 2024-01-11 at 12:52 -0800, Tushar Sugandhi wrote:
[...]
If we go with the KBs approach -
half-a-page translates to different KBs on different architectures.
And setting the right default value in KBs which would translate to
the desired half
On 1/12/24 09:06, Mimi Zohar wrote:
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f989f5f1933b..bf758fd5062c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -734,6 +734,14 @@ static int kexec_calculate_store_digests(struct kimage
*image)
if
Zohar wrote:
Hi Tushar,
On Fri, 2023-12-15 at 17:07 -0800, Tushar Sugandhi wrote:
ima_dump_measurement_list() is called from ima_add_kexec_buffer() during
kexec 'load', which may result in loss of IMA measurements between kexec
'load' and 'execute'. It needs to be called during kexec 'execute
On 1/11/24 11:20, Stefan Berger wrote:
On 1/11/24 13:13, Tushar Sugandhi wrote:
On 1/7/24 09:00, Mimi Zohar wrote:
On Fri, 2024-01-05 at 12:20 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/Kconfig
b/security/integrity/ima/Kconfig
index 60a511c6b583..8792b7aab768
On 1/11/24 09:30, Mimi Zohar wrote:
On Fri, 2024-01-05 at 11:50 -0800, Tushar Sugandhi wrote:
On 12/20/23 12:44, Mimi Zohar wrote:
On Fri, 2023-12-15 at 17:07 -0800, Tushar Sugandhi wrote:
If the new measurements are added to the IMA log while it is being
being copied to the kexec buffer
On 1/7/24 09:00, Mimi Zohar wrote:
On Fri, 2024-01-05 at 12:20 -0800, Tushar Sugandhi wrote:
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 60a511c6b583..8792b7aab768 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
On 1/7/24 06:24, Mimi Zohar wrote:
On Fri, 2024-01-05 at 12:22 -0800, Tushar Sugandhi wrote:
@@ -194,6 +206,15 @@ static int ima_update_kexec_buffer(struct notifier_block
*self,
return ret;
}
+buf_size = ima_get_binary_runtime_size();
+scnprintf
On 12/20/23 12:41, Mimi Zohar wrote:
On Fri, 2023-12-15 at 17:07 -0800, Tushar Sugandhi wrote:
There could be a potential mismatch between IMA measurements and TPM PCR
quotes caused by the indeterminate interval between kexec 'load' and
'execute'. Memory allocated at kexec 'load' for IMA
s simplify the title to "ima: make the kexec extra
memory configurable".
Please remove any references to measurements between kexec load and
execute.
Thanks Mimi. I will make these changes.
On Fri, 2023-12-15 at 17:07 -0800, Tushar Sugandhi wrote:
IMA currently allocates half a PAGE_SIZE
On 12/20/23 12:44, Mimi Zohar wrote:
On Fri, 2023-12-15 at 17:07 -0800, Tushar Sugandhi wrote:
If the new measurements are added to the IMA log while it is being
being copied to the kexec buffer during kexec 'execute', it can miss
copying those new measurements to the kexec buffer
Thanks Mimi for the feedback on V3.
Sorry for the late response, I was on vacation during the holidays.
Responses inline.
Happy new year! :)
On 12/20/23 08:13, Mimi Zohar wrote:
On Fri, 2023-12-15 at 17:07 -0800, Tushar Sugandhi wrote:
Refactor ima_dump_measurement_list() to move the memory
'.
Signed-off-by: Tushar Sugandhi
---
include/linux/kexec.h | 3 ++
kernel/kexec_file.c| 8
security/integrity/ima/ima.h | 2 +
security/integrity/ima/ima_kexec.c | 61 +-
security/integrity/ima/ima_queue.c | 19 ++
5 files
for kexec. Call the function
kimage_file_post_load() only for kexec soft reboot scenarios and not
for KEXEC_FILE_ON_CRASH scenarios.
Signed-off-by: Tushar Sugandhi
---
kernel/kexec_file.c | 8
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index
in that window which results in inconsistency with TPM PCR quotes,
necessitating a cold boot for further successful remote attestation.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_kexec.c | 23 ++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/security
based on the
Kconfig option value, rather than the currently hardcoded one.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/Kconfig | 9 +
security/integrity/ima/ima_kexec.c | 13 -
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/security/integrity
of the measurements during a kexec soft reboot.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_queue.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/security/integrity/ima/ima_queue.c
b/security/integrity/ima/ima_queue.c
index cb9abc02a304..5946a26a2849 100644
--- a/security
' of the new Kernel image. This function will map the IMA buffer,
allocated during kexec 'load', to a segment in the loaded image.
Lastly, relocate the for_each_kimage_entry() macro from kexec_core.c to
kexec.h for broader accessibility.
Signed-off-by: Tushar Sugandhi
---
include/linux/ima.h
ima_alloc_kexec_file_buf(). Make necessary changes to the function
ima_add_kexec_buffer() to call the above two functions.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_kexec.c | 96 +-
1 file changed, 67 insertions(+), 29 deletions(-)
diff --git
compilation.
- Used virt_to_page instead of phys_to_page.
- Updated patch descriptions as necessary.
Tushar Sugandhi (7):
ima: define and call ima_alloc_kexec_file_buf
ima: kexec: move ima log copy from kexec load to execute
ima: kexec: map IMA buffer source pages to image after kexec
On 11/16/23 14:28, Paul Moore wrote:
On Tue, Oct 31, 2023 at 3:15 PM Mimi Zohar wrote:
On Thu, 2023-10-19 at 11:49 -0700, Tushar Sugandhi wrote:
[...]
---
| C.1 Solution Summary
On 11/16/23 14:07, Paul Moore wrote:
On Tue, Nov 14, 2023 at 1:58 PM Stefan Berger wrote:
On 11/14/23 13:36, Sush Shringarputale wrote:
On 11/13/2023 10:59 AM, Stefan Berger wrote:
On 10/19/23 14:49, Tushar Sugandhi wrote
On 11/14/23 14:43, Tushar Sugandhi wrote:
In addition, this patch moves the function ima_dump_measurement_list()
to a new function named ima_update_kexec_buffer(), which is never
called. The patch set is thus not bisect safe.
BTW, ima_update_kexec_buffer() is part of the notifier_block
On 10/27/23 12:51, Mimi Zohar wrote:
Does this patch set take into account kexec_calculate_store_digests(),
which is called from kexec_load, and verify_sha256_digest()?
I am not yet sure if my patches will impact the
kexec_calculate_store_digests() and verify_sha256_digest()
functionality.
On 10/27/23 08:18, Mimi Zohar wrote:
On Thu, 2023-10-05 at 11:25 -0700, Tushar Sugandhi wrote:
The current Kernel behavior is IMA measurements snapshot is taken at
kexec 'load' and not at kexec 'execute'. IMA log is then carried
over to the new Kernel after kexec 'execute'.
Some systems
On 10/27/23 07:56, Mimi Zohar wrote:
Hi Tushar,
On Thu, 2023-10-05 at 11:26 -0700, Tushar Sugandhi wrote:
The window between kexec 'load' and 'execute' could be arbitrarily long.
Even with the large chunk of memory allocated at kexec 'load', it may
run out which would result in missing
On 10/27/23 06:08, Mimi Zohar wrote:
Hi Tushar,
On Thu, 2023-10-05 at 11:25 -0700, Tushar Sugandhi wrote:
In the current IMA implementation, ima_dump_measurement_list() is called
during the kexec 'load' operation. This can result in loss of IMA
measurements taken between the 'load
uffer()".
On Thu, 2023-10-05 at 11:25 -0700, Tushar Sugandhi wrote:
IMA allocates memory and dumps the measurement during kexec soft reboot
as a single function call ima_dump_measurement_list(). It gets called
during kexec 'load' operation. It results in the IMA measurements
between the window of k
Sure thing. I will shorten the subject line. Here and elsewhere.
On Thu, 2023-10-05 at 11:25 -0700, Tushar Sugandhi wrote:
IMA allocates memory and dumps the measurement during kexec soft reboot
as a single function call ima_dump_measurement_list(). It gets called
during kexec 'load' operation.
On 10/20/23 14:16, Stefan Berger wrote:
No, what I mean is you should ask the user for how many extra kilobytes
(kb) to allocate - not ask for pages.
Stefan
Ok. Will do.
I will align the input config value to the PAGE_SIZE as well.
On 10/20/23 14:21, Stefan Berger wrote:
On 10/20/23 16:33, Tushar Sugandhi wrote:
Thanks a lot Stefan for reviewing this series.
Really appreciate it.
You are welcome.
What may be a bit problematic is the fact that between the time the
buffer for the flattened IMA log is allocated
On 10/12/23 17:27, Stefan Berger wrote:
On 10/5/23 14:26, Tushar Sugandhi wrote:
The window between kexec 'load' and 'execute' could be arbitrarily long.
Even with the large chunk of memory allocated at kexec 'load', it may
run out which would result in missing events in IMA log after
On 10/12/23 17:27, Stefan Berger wrote:
On 10/5/23 14:26, Tushar Sugandhi wrote:
IMA currently allocates half a PAGE_SIZE for the extra events that would
be measured between kexec 'load' and 'execute'. Depending on the IMA
policy and the system state, that memory may not be sufficient
On 10/12/23 17:29, Stefan Berger wrote:
On 10/5/23 14:25, Tushar Sugandhi wrote:
Currently, the mechanism to map and unmap segments to the kimage
structure is not available to the subsystems outside of kexec. This
functionality is needed when IMA is allocating the memory segments
during
On 10/12/23 17:28, Stefan Berger wrote:
On 10/5/23 14:25, Tushar Sugandhi wrote:
In the current IMA implementation, ima_dump_measurement_list() is called
during the kexec 'load' operation. This can result in loss of IMA
measurements taken between the 'load' and 'execute' phases when
Thanks a lot Stefan for reviewing this series.
Really appreciate it.
On 10/12/23 17:28, Stefan Berger wrote:
On 10/5/23 14:25, Tushar Sugandhi wrote:
IMA allocates memory and dumps the measurement during kexec soft reboot
as a single function call ima_dump_measurement_list(). It gets called
===
| Introduction|
===
This document provides a detailed overview of the proposed Kernel
feature IMA log
will be available to the next Kernel after a kexec
soft reboot. This also ensures the measurements taken in the window
between kexec 'load' and 'execute' are captured and passed to the next
Kernel.
Signed-off-by: Tushar Sugandhi
---
kernel/kexec_file.c | 8
1 file changed, 8 insertions
needs
to be cold booted for the remote attestation to succeed again.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_kexec.c | 35 +-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_kexec.c
b/security/integrity
on the
Kconfig option value, rather than the currently hardcoded one.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/Kconfig | 9 +
security/integrity/ima/ima_kexec.c | 13 -
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/security/integrity/ima
while it is being copied to the new Kernel's buffer.
Add a reboot notifier_block 'update_buffer_nb' to ensure
the function ima_update_kexec_buffer() gets called during kexec
soft-reboot.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima
ima_kexec_post_load(), to be called by IMA after kexec
loads the new Kernel image. ima_kexec_post_load() would map the IMA
buffer allocated during kexec 'load' to a segment in the loaded image.
Finally, move for_each_kimage_entry() macro from kexec_core.c to kexec.h.
Signed-off-by: Tushar
of the measurements during a kexec soft reboot.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_queue.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/security/integrity/ima/ima_queue.c
b/security/integrity/ima/ima_queue.c
index 9e7d1196006e..498b6b92f3f0 100644
--- a/security
as necessary.
Tushar Sugandhi (7):
ima: refactor ima_dump_measurement_list to move memory allocation to a
separate function
ima: move ima_dump_measurement_list call from kexec load to execute
ima: kexec: map source pages containing IMA buffer to image post kexec
load
kexec: update
the local variables in
function ima_dump_measurement_list() global, so that they can be accessed
from ima_alloc_kexec_buf(). Make necessary changes to the function
ima_add_kexec_buffer() to call the above two functions.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_kexec.c | 126
On 7/11/23 10:51, Tushar Sugandhi wrote:
Thanks for reviewing this series Mimi. Appreciate it.
Adding Eric to cc.
On 7/7/23 08:55, Mimi Zohar wrote:
On Mon, 2023-07-03 at 14:56 -0700, Tushar Sugandhi wrote:
The current Kernel behavior is IMA measurements snapshot is taken at
kexec 'load
On 8/30/23 11:12, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
- A user-mode process will trigger the snapshot by opening a file in
SysFS
say /sys/kernel/security/ima/snapshot (referred to as
sysk_ima_snapshot_file
here onwards).
- The Kernel will get the current
On 8/30/23 12:12, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
For remote attestation to work, the service will need to know how to
validate the snapshot_aggregate entry in the IMA log. It will have
to read the PCR values present in the template data of
Thanks a lot Ken for looking at the proposal, and sharing your thoughts.
On 8/30/23 11:06, Ken Goldman wrote:
On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
In addition, a large IMA log can add pressure on the network bandwidth
when
the attestation client sends it to
On 8/10/23 07:12, Stefan Berger wrote:
On 8/9/23 21:15, Tushar Sugandhi wrote:
Thanks a lot Stefan for looking into this proposal,
and providing your feedback. We really appreciate it.
On 8/7/23 15:49, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01
On 8/10/23 04:43, James Bottomley wrote:
On Wed, 2023-08-09 at 21:43 -0700, Tushar Sugandhi wrote:
On 8/8/23 14:41, James Bottomley wrote:
On Tue, 2023-08-08 at 16:09 -0400, Stefan Berger wrote:
[...]
at this point doesn't seem necessary since one presumably can
verify the log and PCR
On 8/8/23 14:41, James Bottomley wrote:
On Tue, 2023-08-08 at 16:09 -0400, Stefan Berger wrote:
On 8/8/23 14:26, James Bottomley wrote:
On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/8/23 11:26, James Bottomley wrote:
On Tue, 2023-08-08 at 09:31 -0400, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale
On 8/8/23 06:31, Stefan Berger wrote:
On 8/8/23 08:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not
hi James,
Thanks for addressing Stefan's concerns.
On 8/8/23 05:35, James Bottomley wrote:
On Mon, 2023-08-07 at 18:49 -0400, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory
Thanks a lot Stefan for looking into this proposal,
and providing your feedback. We really appreciate it.
On 8/7/23 15:49, Stefan Berger wrote:
On 8/1/23 17:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is
Thanks a lot James for looking at this proposal,
and sharing your thoughts. Really appreciate it.
On 8/1/23 14:21, James Bottomley wrote:
On Tue, 2023-08-01 at 12:12 -0700, Sush Shringarputale wrote:
[...]
Truncating IMA log to reclaim memory is not feasible, since it makes
the log go out of
On 8/3/23 18:22, Mimi Zohar wrote:
On Thu, 2023-08-03 at 16:01 -0700, Tushar Sugandhi wrote:
+scnprintf(buf, IMA_TPM_UPDATE_CTR_BUF_SIZE, "update_counter=%u;",
+ update_counter);
+
+buf_len = strlen(buf);
+
+result = ima_measure_cri
On 8/3/23 18:18, Mimi Zohar wrote:
On Thu, 2023-08-03 at 16:34 -0700, Tushar Sugandhi wrote:
+++ b/security/integrity/ima/ima_init.c
@@ -154,5 +154,8 @@ int __init ima_init(void)
UTS_RELEASE, strlen(UTS_RELEASE), false,
NULL
On 8/3/23 15:15, Mimi Zohar wrote:
On Tue, 2023-08-01 at 11:19 -0700, Tushar Sugandhi wrote:
IMA log entries can be lost due to a variety of causes, such as code bugs
or error conditions, leading to a mismatch between TPM PCRs and
the IMA log. Measuring TPM PCR update counter during ima_init
Thanks for the review Mimi.
On 8/3/23 14:42, Mimi Zohar wrote:
On Tue, 2023-08-01 at 11:19 -0700, Tushar Sugandhi wrote:
Currently TPM update counter is not available external to the system,
for instance, a remote attestation service. It is a problem because
the service cannot easily
Thanks Stefan for reviewing this series. Appreciate it.
Re-sending this email. I accidentally had some HTML content, the email
bounced back from integrity mailing list.
On 8/3/23 06:37, Stefan Berger wrote:
On 8/1/23 14:19, Tushar Sugandhi wrote:
Entries in IMA log may be lost due to code
On 8/3/23 01:57, Jarkko Sakkinen wrote:
On Thu Aug 3, 2023 at 4:22 AM EEST, Mimi Zohar wrote:
On Wed, 2023-08-02 at 06:58 +0300, Jarkko Sakkinen wrote:
From long description I see zero motivation to ack this change, except
some heresay about IMA requiring it. Why does IMA need update_cnt and
On 8/3/23 01:43, Jarkko Sakkinen wrote:
On Thu Aug 3, 2023 at 12:04 AM EEST, Tushar Sugandhi wrote:
Btw, the function tpm2_pcr_read is not exposed directly to the other
subsystems (like IMA). It is exposed via tpm_pcr_read.
Do you want to expose tpm2_pcr_read directly,
or do you want me
On 8/2/23 18:22, Mimi Zohar wrote:
On Wed, 2023-08-02 at 06:58 +0300, Jarkko Sakkinen wrote:
From long description I see zero motivation to ack this change, except
some heresay about IMA requiring it. Why does IMA need update_cnt and
why this is not documented to the long description?
The
On 8/1/23 20:58, Jarkko Sakkinen wrote:
On Wed Aug 2, 2023 at 12:01 AM EEST, Tushar Sugandhi wrote:
Thanks for the response Jarkko.
On 8/1/23 12:02, Jarkko Sakkinen wrote:
The short summary is cryptic to say the least.
Do you mean the patch subject line, or the description below
e and
implementation of tpm2_pcr_read(). It felt disruptive.
But I can update tpm2_pcr_read() if you are ok with it.
Please let me know.
I also have a few more thoughts on this in the comment below.
On Tue Aug 1, 2023 at 9:19 PM EEST, Tushar Sugandhi wrote:
The TPM2_PCR_Read command returns TPM2_PCR_Re
to monitor PCR status
in the Linux Kernel.
[1]
https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_pub.pdf
Section 22.4.2, Page 206.
Signed-off-by: Tushar Sugandhi
---
drivers/char/tpm/tpm.h | 3 +++
drivers/char/tpm/tpm2-cmd.c | 48
attestation service can compare this baseline
counter with a subsequent measured one (e.g., post-kexec soft-boot) to
identify if there are any lost IMA log events.
Measure the TPM update counter at ima init.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima_init.c | 3 +++
security
()' function from the TPM driver interface
to retrieve the PCR update counter of the TPM chip in use.
Signed-off-by: Tushar Sugandhi
---
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_queue.c | 16
2 files changed, 17 insertions(+)
diff --git a/security/integrity
://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_pub.pdf
Section 22.4.2, Page 206.
Tushar Sugandhi (6):
tpm: implement TPM2 function to get update counter
tpm: provide functionality to get update counter
ima: get TPM update counter
ima: implement functionality to measure TPM
/20230703215709.1195644-1-tusha...@linux.microsoft.com/
ima: measure events between kexec load and execute
Signed-off-by: Tushar Sugandhi
---
kernel/kexec_file.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f1a0e4e3fb5c..4b6391b02c5a 100644
--- a/kernel
1 - 100 of 129 matches
Mail list logo