Hello Prakhar,
Prakhar Srivastava <prsr...@linux.microsoft.com> writes: > On 5/12/20 4:05 PM, Rob Herring wrote: >> On Wed, May 06, 2020 at 10:50:04PM -0700, Prakhar Srivastava wrote: >>> Hi Mark, >> >> Please don't top post. >> >>> This patch set currently only address the Pure DT implementation. >>> EFI and ACPI implementations will be posted in subsequent patchsets. >>> >>> The logs are intended to be carried over the kexec and once read the >>> logs are no longer needed and in prior conversation with James( >>> https://lore.kernel.org/linux-arm-kernel/0053eb68-0905-4679-c97a-00c5cb6f1...@arm.com/) >>> the apporach of using a chosen node doesn't >>> support the case. >>> >>> The DT entries make the reservation permanent and thus doesnt need kernel >>> segments to be used for this, however using a chosen-node with >>> reserved memory only changes the node information but memory still is >>> reserved via reserved-memory section. >> >> I think Mark's point was whether it needs to be permanent. We don't >> hardcode the initrd address for example. >> > Thankyou for clarifying my misunderstanding, i am modelling this keeping to > the > TPM log implementation that uses a reserved memory. I will rev up the version > with chosen-node support. > That will make the memory reservation free after use. Nice. Do you intend to use the same property that powerpc uses (linux,ima-kexec-buffer)? >>> On 5/5/20 2:59 AM, Mark Rutland wrote: >>>> Hi Prakhar, >>>> >>>> On Mon, May 04, 2020 at 01:38:27PM -0700, Prakhar Srivastava wrote: >>>>> IMA during kexec(kexec file load) verifies the kernel signature and >>>>> measures >> >> What's IMAIMA is a LSM attempting to detect if files have been accidentally >> or > maliciously altered, both remotely and locally, it can also be used > to appraise a file's measurement against a "good" value stored as an extended > attribute, and enforce local file integrity. > > IMA also validates and measures the signers of the kernel and initrd > during kexec. The measurements are extended to PCR 10(configurable) and the > logs > stored in memory, however once kexec'd the logs are lost. Kexec is used as > secondary boot loader in may use cases and loosing the signer > creates a security hole. > > This patch is an implementation to carry over the logs and making it > possible to remotely validate the signers of the kernel and initrd. Such a > support exits only in powerpc. > This patch makes the carry over of logs architecture independent and puts the > complexity in a driver. If I'm not mistaken, the code at arch/powerpc/kexec/ima.c isn't actually powerpc-specific. It could be moved to an arch-independent directory and used by any other architecture which supports device trees. I think that's the simplest way forward. And to be honest I'm still trying to understand why you didn't take that approach. Did you try it and hit some obstacle or noticed a disadvantage for your use case? -- Thiago Jung Bauermann IBM Linux Technology Center
