> > > +{
> > > +
> > > + if (action & IMA_MEASURE)
> > > + ret = ima_store_template(entry, violation, NULL, buf, pcr);
> > > +
> > > + if (action & IMA_AUDIT)
> > > + ima_audit_measurement(iint, event_data.filename);
> >
> > The cover letter and patch description
On Mon, May 13, 2019 at 9:56 AM Mimi Zohar wrote:
>
> On Fri, 2019-05-10 at 15:37 -0700, Prakhar Srivastava wrote:
>
> > +/*
> > + * process_buffer_measurement - Measure the buffer passed to ima log.
>
> "passed to ima log" is unnecessary.
>
> > + * (Instead of using the file hash use the buffer
On Fri, 2019-05-10 at 15:37 -0700, Prakhar Srivastava wrote:
> +/*
> + * process_buffer_measurement - Measure the buffer passed to ima log.
"passed to ima log" is unnecessary.
> + * (Instead of using the file hash use the buffer hash).
This comment, if needed, belongs in the text description
From: Prakhar Srivastava
For secure boot attestation, it is necessary to measure the kernel
command line and the kernel version. For cold boot, the boot loader
can be enhanced to measure these parameters. However, for attestation
across soft reboot boundary, these values also need to be measured
From: Prakhar Srivastava
For this reason, this patch adds support for measuring these
parameters during kexec. To achive this, a new ima policy and
hook id, defined KEXEC_CMDLINE and ima_kexec_cmdline respectively,
are added.
Signed-off-by: Prakhar Srivastava
---
5 matches
Mail list logo