Re: [V2 PATCH 2/3] dt-bindings: chosen: Document ima-kexec-buffer

On 6/19/20 5:41 PM, Thiago Jung Bauermann wrote: Prakhar Srivastava writes: Integrity measurement architecture(IMA) validates if files have been accidentally or maliciously altered, both remotely and locally, appraise a file's measurement against a "good" value stored

Re: [V2 PATCH 1/3] Refactoring powerpc code for carrying over IMA measurement logs, to move non architecture specific code to security/ima.

On 6/19/20 5:19 PM, Thiago Jung Bauermann wrote: Prakhar Srivastava writes: Powerpc has support to carry over the IMA measurement logs. Refatoring the non-architecture specific code out of arch/powerpc and into security/ima. The code adds support for reserving and freeing up of memory

[V2 PATCH 3/3] Add support for arm64 to carry over IMA measurement logs

Add support for arm64 to carry over IMA measurement logs. Update arm64 code to call into functions made available in patch 1/3. --- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/ima.h | 17 ++ arch/arm64/include/asm/kexec.h | 3 ++ arch/arm64/ker

[V2 PATCH 2/3] dt-bindings: chosen: Document ima-kexec-buffer

Integrity measurement architecture(IMA) validates if files have been accidentally or maliciously altered, both remotely and locally, appraise a file's measurement against a "good" value stored as an extended attribute, and enforce local file integrity. IMA also measures singatures of kernel and in

[V2 PATCH 0/3] Adding support for carrying IMA measurement logs

ec or cold boot. Prakhar Srivastava (3): Refactoring powerpc code for carrying over IMA measurement logs, to move non architecture specific code to security/ima. dt-bindings: chosen: Document ima-kexec-buffer carrying over IMA measuremnt logs over kexec. Add support for arm64 to carry ove

[V2 PATCH 1/3] Refactoring powerpc code for carrying over IMA measurement logs, to move non architecture specific code to security/ima.

Powerpc has support to carry over the IMA measurement logs. Refatoring the non-architecture specific code out of arch/powerpc and into security/ima. The code adds support for reserving and freeing up of memory for IMA measurement logs. --- arch/powerpc/include/asm/ima.h | 10 --- arch/powe

[v1 PATCH 2/2] Add Documentation regarding the ima-kexec-buffer node in the chosen node documentation

Add Documentation regarding the ima-kexec-buffer node in the chosen node documentation Signed-off-by: Prakhar Srivastava --- Documentation/devicetree/bindings/chosen.txt | 17 + 1 file changed, 17 insertions(+) diff --git a/Documentation/devicetree/bindings/chosen.txt b

[v1 PATCH 0/2] Adding support to carry IMA measurement logs

IMA during kexec(kexec file load) verifies the kernel signature and measures the signature of the kernel. The signature in the logs can be used to verfiy the authenticity of the kernel. The logs don not get carried over kexec and thus remote attesation cannot verify the signature of the running k

[v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.

This patch moves the non-architecture specific code out of powerpc and adds to security/ima. Update the arm64 and powerpc kexec file load paths to carry the IMA measurement logs. Signed-off-by: Prakhar Srivastava --- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/ima.h

Re: [RFC][PATCH 0/2] Add support for using reserved memory for ima buffer pass

On 5/22/20 9:08 PM, Thiago Jung Bauermann wrote: Hello Prakhar, Prakhar Srivastava writes: On 5/12/20 4:05 PM, Rob Herring wrote: On Wed, May 06, 2020 at 10:50:04PM -0700, Prakhar Srivastava wrote: Hi Mark, Please don't top post. This patch set currently only address the Pu

Re: [RFC][PATCH 1/2] Add a layer of abstraction to use the memory reserved by device tree for ima buffer pass.

On 5/12/20 4:09 PM, Rob Herring wrote: On Mon, May 04, 2020 at 01:38:28PM -0700, Prakhar Srivastava wrote: Introduce a device tree layer for to read and store ima buffer from the reserved memory section of a device tree. But why do I need 'a layer of abstraction'? I don't li

Re: [RFC][PATCH 0/2] Add support for using reserved memory for ima buffer pass

On 5/12/20 4:05 PM, Rob Herring wrote: On Wed, May 06, 2020 at 10:50:04PM -0700, Prakhar Srivastava wrote: Hi Mark, Please don't top post. This patch set currently only address the Pure DT implementation. EFI and ACPI implementations will be posted in subsequent patchsets. The log

Re: [RFC][PATCH 0/2] Add support for using reserved memory for ima buffer pass

only changes the node information but memory still is reserved via reserved-memory section. On 5/5/20 2:59 AM, Mark Rutland wrote: Hi Prakhar, On Mon, May 04, 2020 at 01:38:27PM -0700, Prakhar Srivastava wrote: IMA during kexec(kexec file load) verifies the kernel signature and measures the signatu

[RFC][PATCH 2/2] Add support for ima buffer pass using reserved memory arm64

Add support for ima buffer pass using reserved memory for arm64 kexec. Update the arch sepcific code path in kexec file load to store the ima buffer in the reserved memory. The same reserved memory is read on kexec or cold boot. Signed-off-by: Prakhar Srivastava --- arch/arm64/Kconfig

[RFC][PATCH 0/2] Add support for using reserved memory for ima buffer pass

: arm64 with Uboot Prakhar Srivastava (2): Add a layer of abstraction to use the memory reserved by device tree for ima buffer pass. Add support for ima buffer pass using reserved memory for arm64 kexec. Update the arch sepcific code path in kexec file load to store the ima buffer

[RFC][PATCH 1/2] Add a layer of abstraction to use the memory reserved by device tree for ima buffer pass.

Introduce a device tree layer for to read and store ima buffer from the reserved memory section of a device tree. Signed-off-by: Prakhar Srivastava --- drivers/of/Kconfig | 6 ++ drivers/of/Makefile | 1 + drivers/of/of_ima.c | 165 include