On Thu, 22 Feb 2024 11:38:23 -0500
Mimi Zohar wrote:
> > > @@ -176,6 +195,19 @@ int ima_add_template_entry(struct ima_template_entry
> > > *entry, int violation,
> > > }
> > > }
> > >
> > > + /*
> > > + * suspend_ima_measurements will be set if the system is
> > > + * undergoing k
> > @@ -176,6 +195,19 @@ int ima_add_template_entry(struct ima_template_entry
> > *entry, int violation,
> > }
> > }
> >
> > + /*
> > +* suspend_ima_measurements will be set if the system is
> > +* undergoing kexec soft boot to a new kernel.
> > +* suspending measu
Hi Tushar,
On Wed, 2024-02-14 at 07:38 -0800, Tushar Sugandhi wrote:
> New measurements added to the IMA log while the log is being copied
> during the kexec 'execute' may not get copied over.
As long as there is enough memory for the additional records, isn't the problem
"after" copying the mesa
New measurements added to the IMA log while the log is being copied
during the kexec 'execute' may not get copied over. This can cause the
measurement log to be out of sync with the TPM PCRs that IMA extends,
which could result in breaking the integrity of the measurements after
kexec soft reboot.
