Russell Currey writes:
> Very rudimentary, just
>
> echo 1 > [debugfs]/check_wx_pages
>
> and check the kernel log. Useful for testing strict module RWX.
I was very confused that this requires the boot-time testing to be
enabled to appear in debugfs. Could you change the kconfig snippet
> -Original Message-
> From: Andrew Murray
> Sent: 2019年9月30日 22:57
> To: Xiaowei Bao
> Cc: robh...@kernel.org; mark.rutl...@arm.com; shawn...@kernel.org; Leo
> Li ; kis...@ti.com; lorenzo.pieral...@arm.com; M.h.
> Lian ; Mingkai Hu ; Roy
> Zang ; jingooh...@gmail.com;
>
This patch updates the arch specific policies for PowernV systems
to add check against blacklisted binary hashes before doing the
verification.
Signed-off-by: Nayna Jain
---
arch/powerpc/kernel/ima_arch.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
Asymmetric private keys are used to sign multiple files. The kernel
currently support checking against the blacklisted keys. However, if the
public key is blacklisted, any file signed by the blacklisted key will
automatically fail signature verification. We might not want to blacklist
all the
The existing is_hash_blacklisted() function returns -EKEYREJECTED
error code for both the blacklisted keys and binaries.
This patch adds a wrapper function is_binary_blacklisted() to check
against binary hashes and returns -EPERM.
Signed-off-by: Nayna Jain
---
certs/blacklist.c | 9
An additional measurement record is needed to indicate the blacklisted
binary. The record will measure the blacklisted binary hash.
This patch makes the function process_buffer_measurement() generic to be
called by the blacklisting function. It modifies the function to handle
more than just the
This patch adds the measurement rules to the arch specific policies on
trusted boot enabled systems.
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
---
arch/powerpc/kernel/ima_arch.c | 45 +++---
1 file changed, 42 insertions(+), 3 deletions(-)
diff --git
PowerNV systems enables the IMA measurement rules only if the
trusted boot is enabled on the system.
This patch adds the function to detect if the system has trusted
boot enabled.
Signed-off-by: Nayna Jain
---
arch/powerpc/include/asm/secure_boot.h | 6 +
arch/powerpc/kernel/secure_boot.c
Secure boot on PowerNV defines different IMA policies based on the secure
boot state of the system.
This patch defines a function to detect the secure boot state of the
system.
The PPC_SECURE_BOOT config represents the base enablement of secureboot
on POWER.
Signed-off-by: Nayna Jain
---
PowerNV systems uses kernel based bootloader, thus its secure boot
implementation uses kernel IMA security subsystem to verify the kernel
before kexec. Since the verification policy might differ based on the
secure boot mode of the system, the policies are defined at runtime.
This patch
This patchset extends the previous version of the patchset[1] by adding
the support for checking against the binary blacklisted hashes.
IMA subsystem supports custom, built-in, arch-specific policies to define
the files to be measured and appraised. These policies are honored based
on the
On Friday, 4 October 2019 12:53:17 PM AEDT Jordan Niethe wrote:
> kvmhv_switch_to_host() in arch/powerpc/kvm/book3s_hv_rmhandlers.S needs
> to set kvmppc_vcore->in_guest to 0 to signal secondary CPUs to continue.
> This happens after resetting the PCR. Before commit 13c7bb3c57dc
> ("powerpc/64s:
On Fri, Oct 4, 2019 at 4:57 PM Krzysztof Kozlowski wrote:
> Adjust indentation from spaces to tab (+optional two spaces) as in
> coding style with command like:
> $ sed -e 's/^/\t/' -i */Kconfig
>
> Signed-off-by: Krzysztof Kozlowski
> arch/m68k/Kconfig.bus | 2 +-
walk_page_range() is going to be allowed to walk page tables other than
those of user space. For this it needs to know when it has reached a
'leaf' entry in the page tables. This information is provided by the
p?d_leaf() functions/macros.
For powerpc pmd_large() already exists and does what we
On Mon, Oct 07, 2019 at 03:51:58PM +0200, Ingo Molnar wrote:
>
> * Kirill A. Shutemov wrote:
>
> > On Mon, Oct 07, 2019 at 03:06:17PM +0200, Ingo Molnar wrote:
> > >
> > > * Anshuman Khandual wrote:
> > >
> > > > This adds a test module which will validate architecture page table
> > > >
* Kirill A. Shutemov wrote:
> On Mon, Oct 07, 2019 at 03:06:17PM +0200, Ingo Molnar wrote:
> >
> > * Anshuman Khandual wrote:
> >
> > > This adds a test module which will validate architecture page table
> > > helpers
> > > and accessors regarding compliance with generic MM semantics
On Mon, Oct 07, 2019 at 03:06:17PM +0200, Ingo Molnar wrote:
>
> * Anshuman Khandual wrote:
>
> > This adds a test module which will validate architecture page table helpers
> > and accessors regarding compliance with generic MM semantics expectations.
> > This will help various architectures
* Anshuman Khandual wrote:
> This adds a test module which will validate architecture page table helpers
> and accessors regarding compliance with generic MM semantics expectations.
> This will help various architectures in validating changes to the existing
> page table helpers or addition of
The patch
ASoC: fsl_mqs: Fix error handling in probe
has been applied to the asoc tree at
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.5
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and
The patch
ASoC: fsl_mqs: remove set but not used variable 'bclk'
has been applied to the asoc tree at
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.5
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> index a3c70e275f4e..9fb7a16f42ae 100644
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -690,8 +690,19 @@ merge_or_add_vmap_area(struct vmap_area *va,
> struct list_head *next;
> struct rb_node **link;
> struct rb_node *parent;
> +
On 9/25/19 9:36 AM, Ravi Bangoria wrote:
v3: https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-July/193339.html
v3->v4:
- Instead of considering exception as extraneous when dar is outside of
user specified range, analyse the instruction and check for overlap
between user
22 matches
Mail list logo