Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

On 1/12/24 09:44, Mimi Zohar wrote: On Thu, 2024-01-11 at 12:52 -0800, Tushar Sugandhi wrote: [...] If we go with the KBs approach - half-a-page translates to different KBs on different architectures. And setting the right default value in KBs which would translate to the desired

Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

On Thu, 2024-01-11 at 12:52 -0800, Tushar Sugandhi wrote: [...] > If we go with the KBs approach - > > half-a-page translates to different KBs on different architectures. > And setting the right default value in KBs which would translate to > the desired half-a-page, on a given arch, inside the

Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

On 1/11/24 11:20, Stefan Berger wrote: On 1/11/24 13:13, Tushar Sugandhi wrote: On 1/7/24 09:00, Mimi Zohar wrote: On Fri, 2024-01-05 at 12:20 -0800, Tushar Sugandhi wrote: diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 60a511c6b583..8792b7aab768

Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

On 1/11/24 13:13, Tushar Sugandhi wrote: On 1/7/24 09:00, Mimi Zohar wrote: On Fri, 2024-01-05 at 12:20 -0800, Tushar Sugandhi wrote: diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 60a511c6b583..8792b7aab768 100644 --- a/security/integrity/ima/Kconfig

Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

On 1/7/24 09:00, Mimi Zohar wrote: On Fri, 2024-01-05 at 12:20 -0800, Tushar Sugandhi wrote: diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 60a511c6b583..8792b7aab768 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@

Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

On Fri, 2024-01-05 at 12:20 -0800, Tushar Sugandhi wrote: > >> diff --git a/security/integrity/ima/Kconfig > >> b/security/integrity/ima/Kconfig > >> index 60a511c6b583..8792b7aab768 100644 > >> --- a/security/integrity/ima/Kconfig > >> +++ b/security/integrity/ima/Kconfig > >> @@ -338,3 +338,12

Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

On 12/20/23 12:15, Mimi Zohar wrote: Hi Tushar, The Subject line should include the word "extra". The use of the extra memory isn't limited to the measurements between the kexec load and exec. Additional records could be added as a result of the kexec load itself. Let's simplify the

Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

Hi Tushar, The Subject line should include the word "extra". The use of the extra memory isn't limited to the measurements between the kexec load and exec. Additional records could be added as a result of the kexec load itself. Let's simplify the title to "ima: make the kexec extra memory

[PATCH v3 6/7] ima: configure memory to log events between kexec load and execute

IMA currently allocates half a PAGE_SIZE for the extra events that would be measured between kexec 'load' and 'execute'. Depending on the IMA policy and the system state, that memory may not be sufficient to hold the extra IMA events measured after kexec 'load'. The memory requirements vary from