Re: [PATCH v9 04/11] arm64: kexec_file: allocate memory walking through memblock list

Baoquan, On Fri, May 18, 2018 at 09:37:35AM +0800, Baoquan He wrote: > On 05/17/18 at 07:04pm, James Morse wrote: > > Hi Baoquan, > > > > On 17/05/18 03:15, Baoquan He wrote: > > > On 05/17/18 at 10:10am, Baoquan He wrote: > > >> On 05/07/18 at 02:59pm, AKASHI Takahiro wrote: > > >>> On Tue, May

Re: [PATCH v2 3/9] security: define security_kernel_read_blob() wrapper

Casey Schaufler writes: > On 5/17/2018 7:48 AM, Mimi Zohar wrote: >> In order for LSMs and IMA-appraisal to differentiate between the original >> and new syscalls (eg. kexec, kernel modules, firmware), both the original >> and new syscalls must call an LSM hook. >> >>

Re: [PATCH v9 04/11] arm64: kexec_file: allocate memory walking through memblock list

On 05/17/18 at 07:04pm, James Morse wrote: > Hi Baoquan, > > On 17/05/18 03:15, Baoquan He wrote: > > On 05/17/18 at 10:10am, Baoquan He wrote: > >> On 05/07/18 at 02:59pm, AKASHI Takahiro wrote: > >>> On Tue, May 01, 2018 at 06:46:09PM +0100, James Morse wrote: > On 25/04/18 07:26, AKASHI

Re: [PATCH v2 3/9] security: define security_kernel_read_blob() wrapper

On 5/17/2018 7:48 AM, Mimi Zohar wrote: > In order for LSMs and IMA-appraisal to differentiate between the original > and new syscalls (eg. kexec, kernel modules, firmware), both the original > and new syscalls must call an LSM hook. > > Commit 2e72d51b4ac3 ("security: introduce

Re: [PATCH v9 04/11] arm64: kexec_file: allocate memory walking through memblock list

Hi Baoquan, On 17/05/18 03:15, Baoquan He wrote: > On 05/17/18 at 10:10am, Baoquan He wrote: >> On 05/07/18 at 02:59pm, AKASHI Takahiro wrote: >>> On Tue, May 01, 2018 at 06:46:09PM +0100, James Morse wrote: On 25/04/18 07:26, AKASHI Takahiro wrote: > We need to prevent firmware-reserved

[PATCH v2 1/9] ima: based on policy verify firmware signatures (pre-allocated buffer)

Don't differentiate between kernel_read_file_id READING_FIRMWARE and READING_FIRMWARE_PREALLOC_BUFFER enumerations. Fixes: a098ecd firmware: support loading into a pre-allocated buffer (since 4.8) Signed-off-by: Mimi Zohar Cc: Luis R. Rodriguez Cc:

[PATCH v2 3/9] security: define security_kernel_read_blob() wrapper

In order for LSMs and IMA-appraisal to differentiate between the original and new syscalls (eg. kexec, kernel modules, firmware), both the original and new syscalls must call an LSM hook. Commit 2e72d51b4ac3 ("security: introduce kernel_module_from_file hook") introduced calling

[PATCH v2 0/9] kexec/firmware: support system wide policy requiring signatures

IMA-appraisal is mostly being used in the embedded or single purpose closed system environments. In these environments, both the Kconfig options and the userspace tools can be modified appropriately to limit syscalls. For stock kernels, userspace applications need to continue to work with older

[PATCH v2 4/9] kexec: add call to LSM hook in original kexec_load syscall

In order for LSMs and IMA-appraisal to differentiate between the original and new syscalls, both the original and new syscalls must call an LSM hook. This patch adds a call to security_kernel_read_blob() in the original kexec syscall. Signed-off-by: Mimi Zohar Cc: Eric

[PATCH v2 5/9] ima: based on policy require signed kexec kernel images

The original kexec_load syscall can not verify file signatures. This patch differentiates between the kexec_load and kexec_file_load syscalls. Signed-off-by: Mimi Zohar Cc: Eric Biederman Cc: Luis R. Rodriguez Cc: Kees Cook

[PATCH v2 6/9] firmware: add call to LSM hook before firmware sysfs fallback

Add an LSM hook prior to allowing firmware sysfs fallback loading. Signed-off-by: Mimi Zohar Cc: Luis R. Rodriguez Cc: David Howells Cc: Kees Cook Changelog: - call security_kernel_read_blob() - rename the

[PATCH v2 9/9] ima: based on policy prevent loading firmware (pre-allocated buffer)

Question: can the device access the pre-allocated buffer at any time? By allowing devices to request firmware be loaded directly into a pre-allocated buffer, will this allow the device access to the firmware before the kernel has verified the firmware signature? Is it dependent on the type of

[PATCH v2 8/9] ima: add build time policy

IMA by default does not measure, appraise or audit files, but can be enabled at runtime by specifying a builtin policy on the boot command line or by loading a custom policy. This patch defines a build time policy, which verifies kernel modules, firmware, kexec image, and/or the IMA policy

[PATCH v2 7/9] ima: based on policy require signed firmware (sysfs fallback)

With an IMA policy requiring signed firmware, this patch prevents the sysfs fallback method of loading firmware. Signed-off-by: Mimi Zohar Cc: Luis R. Rodriguez Cc: David Howells Cc: Matthew Garrett ---

[PATCH v2 2/9] ima: fix updating the ima_appraise flag

As IMA policy rules are added, a mask of the type of rule (eg. kexec kernel image, firmware, IMA policy) is updated. Based on this mask, integrity decisions can be made quickly. Unlike custom IMA policy rules, which replace the original builtin policy rules and update the mask, the builtin

Re: [PATCH 0/2] support kdump for AMD secure memory encryption(sme)

在 2018年05月15日 21:31, Tom Lendacky 写道: > On 5/14/2018 8:51 PM, Lianbo Jiang wrote: >> It is convenient to remap the old memory encrypted to the second kernel by >> calling ioremap_encrypted(). >> >> When sme enabled on AMD server, we also need to support kdump. Because >> the memory is encrypted in