On 11/5/2019 12:24 AM, Eric Richter wrote:
From: Nayna Jain
The X.509 certificates trusted by the platform and required to secure boot
the OS kernel are wrapped in secure variables, which are controlled by
OPAL.
This patch adds firmware/kernel interface to read and write OPAL secure
On 11/5/2019 12:24 AM, Eric Richter wrote:
From: Nayna Jain
PowerNV secure variables, which store the keys used for OS kernel
verification, are managed by the firmware. These secure variables need to
be accessed by the userspace for addition/deletion of the certificates.
This patch adds the
On 10/30/19 8:31 PM, Mimi Zohar wrote:
void ima_kexec_cmdline(const void *buf, int size)
{
- u32 secid;
-
- if (buf && size != 0) {
- security_task_getsecid(current, );
+ if (buf && size != 0)
Open brace { is missing in the above if statement.
On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
process_buffer_measurement() is limited to measuring the kexec boot
command line. This patch makes process_buffer_measurement() more
generic, allowing it to measure other types of buffer data (e.g.
blacklisted binary hashes or key hashes).
Now
On 10/31/19 10:02 AM, Lakshmi Ramasubramanian wrote:
On 10/30/19 8:31 PM, Mimi Zohar wrote:
void ima_kexec_cmdline(const void *buf, int size)
{
- u32 secid;
-
- if (buf && size != 0) {
- security_task_getsecid(current, );
+ if (buf && size != 0)
Open br
On 11/10/19 7:10 PM, Nayna Jain wrote:
Hi Nayna,
In order to verify the OS kernel on PowerNV systems, secure boot requires
X.509 certificates trusted by the platform. These are stored in secure
variables controlled by OPAL, called OPAL secure variables. In order to
enable users to manage the
Hi Mimi,
On 10/30/2019 8:31 PM, Mimi Zohar wrote:
This patchset extends the previous version[1] by adding support for
checking against a blacklist of binary hashes.
The IMA subsystem supports custom, built-in, arch-specific policies to
define the files to be measured and appraised. These
On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
+void process_buffer_measurement(const void *buf, int size,
+ const char *eventname, enum ima_hooks func,
+ int pcr)
{
int ret = 0;
struct ima_template_entry *entry =
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+/*
+ * The "secure_and_trusted_rules" contains rules for both the secure boot and
+ * trusted boot. The "template=ima-modsig" option includes the appended
+ * signature, when available, in the IMA measurement list.
+ */
+static const char *const
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+/*
+ * The "secure_rules" are enabled only on "secureboot" enabled systems.
+ * These rules verify the file signatures against known good values.
+ * The "appraise_type=imasig|modsig" option allows the known good signature
+ * to be stored as an xattr
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+bool is_ppc_trustedboot_enabled(void)
+{
+ struct device_node *node;
+ bool enabled = false;
+
+ node = get_ppc_fw_sb_node();
+ enabled = of_property_read_bool(node, "trusted-enabled");
Can get_ppc_fw_sb_node return NULL?
Would
On 10/23/2019 8:47 PM, Nayna Jain wrote:
This patch defines a function to detect the secure boot state of a
PowerNV system.
+bool is_ppc_secureboot_enabled(void)
+{
+ struct device_node *node;
+ bool enabled = false;
+
+ node = of_find_compatible_node(NULL, NULL,
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+/*
+ * ima_check_blacklist - determine if the binary is blacklisted.
+ *
+ * Add the hash of the blacklisted binary to the measurement list, based
+ * on policy.
+ *
+ * Returns -EPERM if the hash is blacklisted.
+ */
+int ima_check_blacklist(struct
On 10/25/2019 10:24 AM, Nayna Jain wrote:
On 10/24/19 10:20 AM, Lakshmi Ramasubramanian wrote:
On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
+void process_buffer_measurement(const void *buf, int size,
+ const char *eventname, enum ima_hooks func,
+ int
On 10/24/19 5:47 PM, Nayna Jain wrote:
+static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr,
+char *buf)
+{
+ uint64_t dsize;
+ int rc;
+
+ rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, );
+ if (rc) {
+
On 10/25/2019 10:02 AM, Nayna Jain wrote:
>> Is there any way to not use conditional compilation in
>> the above array definition? Maybe define different functions to get
>> "secure_rules" for when CONFIG_MODULE_SIG_FORCE is defined and when
>> it is not defined.
>
> How will you decide which
On 10/24/19 5:58 PM, Nayna Jain wrote:
+
+/*
+ * Get a certificate list blob from the named secure variable.
+ */
+static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t
*size)
+{
+ int rc;
+ void *db;
+
+ rc = secvar_ops->get(key, keylen, NULL, size);
+
On 10/24/19 5:47 PM, Nayna Jain wrote:
diff --git a/arch/powerpc/include/asm/opal-api.h
b/arch/powerpc/include/asm/opal-api.h
index 378e3997845a..c1f25a760eb1 100644
--- a/arch/powerpc/include/asm/opal-api.h
+++ b/arch/powerpc/include/asm/opal-api.h
@@ -211,7 +211,10 @@
#define
Hi Nayna,
+
+config IMA_SECURE_AND_OR_TRUSTED_BOOT
+ bool
+ depends on IMA
+ depends on IMA_ARCH_POLICY
+ default n
+ help
+ This option is selected by architectures to enable secure and/or
+ trusted boot based on IMA runtime policies.
Why is
list in
the error code paths in ima_add_kexec_buffer() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
---
security/integrity/ima/ima_kexec.c | 2 ++
1 file changed, 2 insertions(+)
in "struct kimage" to store the virtual address
of the buffer allocated for the IMA measurement list.
Free the memory allocated for the IMA measurement list in
kimage_file_post_load_cleanup() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Fixes: 7b8589cc29e7 (&qu
he memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserved memory. The same reserved memory is read
on kexec or cold boot.
pc and arm64, in
of_kexec_setup_new_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 1 +
drivers/of/kexec.c | 236
for
kexec system call.
Rename elfcorehdr_addr to elf_headers_mem to align with arm64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
Acked-by: Will Deacon
---
arch/arm64/kernel/machine_kexec_file.c | 123 +
1 file changed, 3 insertions(+), 120 deletions(-)
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/kexec/file_load.c | 125 ++---
1 file changed, 6 insertions(+), 119 deletions(-)
diff --git a/arch/pow
.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/arm64/kernel/machine_kexec_file.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c
b/arch/arm64/kernel
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
in
KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: T
t functions from
"arch/powerpc/kexec/ima.c" to "drivers/of/kexec.c".
Delete "arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files in powerpc and in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar
rpc.
Move arch_ima_add_kexec_buffer() to ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Acked-by: Mimi Zohar
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/kexec/ima.c
On 1/22/21 2:30 PM, Thiago Jung Bauermann wrote:
Hi Lakshmi,
Lakshmi Ramasubramanian writes:
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. In error code paths
On 1/22/21 2:31 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. This buffer is not freed before
pc and arm64, in
of_kexec_setup_new_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 1 +
drivers/of/kexec.c | 236
for
kexec system call.
Rename elfcorehdr_addr to elf_headers_mem to align with arm64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c
ss using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserved memory. The same reserved memory is read
on kexec or cold boot.
Lakshmi Ramasubramanian (8):
powerpc: Move ima buffer fields to struct kimage
p
On 1/27/21 8:54 AM, Will Deacon wrote:
Hi Will,
On Fri, Jan 15, 2021 at 09:30:17AM -0800, Lakshmi Ramasubramanian wrote:
Address and size of the buffer containing the IMA measurement log need
to be passed from the current kernel to the next kernel on kexec.
Add address and size fields
On 1/27/21 10:02 AM, Will Deacon wrote:
On Wed, Jan 27, 2021 at 09:56:53AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8:54 AM, Will Deacon wrote:
On Fri, Jan 15, 2021 at 09:30:17AM -0800, Lakshmi Ramasubramanian wrote:
Address and size of the buffer containing the IMA measurement log
On 1/27/21 8:14 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 1/27/21 7:52 PM, Thiago Jung Bauermann wrote:
Will Deacon writes:
On Wed, Jan 27, 2021 at 09:59:38AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8:52 AM, Will Deacon wrote:
Hi Will,
On Fri, Jan
On 1/27/21 7:52 PM, Thiago Jung Bauermann wrote:
Will Deacon writes:
On Wed, Jan 27, 2021 at 09:59:38AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8:52 AM, Will Deacon wrote:
Hi Will,
On Fri, Jan 15, 2021 at 09:30:16AM -0800, Lakshmi Ramasubramanian wrote:
create_dtb() function
On 1/27/21 3:13 PM, Will Deacon wrote:
On Wed, Jan 27, 2021 at 01:31:02PM -0500, Mimi Zohar wrote:
On Wed, 2021-01-27 at 10:24 -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 10:02 AM, Will Deacon wrote:
On Wed, Jan 27, 2021 at 09:56:53AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8
On 4/21/21 9:36 AM, Lakshmi Ramasubramanian wrote:
Hi Dan,
There are a few "goto out;" statements before the local variable "fdt"
is initialized through the call to of_kexec_alloc_and_setup_fdt() in
elf64_load(). This will result in an uninitialized "fd
On 2/4/21 11:26 AM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 10:42 AM Lakshmi Ramasubramanian
wrote:
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c to allocate and free memory for FDT.
Use of_alloc_and_init_fdt() and of_free_fdt() to allocate
On 2/4/21 3:36 PM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 5:23 PM Lakshmi Ramasubramanian
wrote:
On 2/4/21 11:26 AM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 10:42 AM Lakshmi Ramasubramanian
wrote:
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
Acked-by: Will Deacon
---
arch/arm64/kernel/machine_kexec_file.c | 123 +
1 file changed, 3 insertions(+), 120 deletions(-)
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/kexec/file_load.c | 125 ++---
1 file changed, 6 insertions(+), 119 deletions(-)
diff --git a/arch/pow
r() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -
t functions from
"arch/powerpc/kexec/ima.c" to "drivers/of/kexec.c".
Delete "arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files in powerpc and in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
architecures do not have to duplicate the code.
Define of_alloc_and_init_fdt() and of_free_fdt() in drivers/of/kexec.c
to allocate and initialize FDT, and to free the FDT buffer respectively.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Suggested-by: Joe Perches
---
drivers/of/kexec.c
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
in
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c to allocate and free memory for FDT.
Use of_alloc_and_init_fdt() and of_free_fdt() to allocate and
initialize the FDT, and to free the FDT respectively.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob
kimage_arch" for powerpc to store
the address of FDT, and free the memory in powerpc specific
arch_kimage_file_post_load_cleanup().
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Suggested-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 2 ++
arch/pow
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
On 2/5/21 2:05 AM, Greg KH wrote:
On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. In error
On 2/5/21 9:49 AM, Mimi Zohar wrote:
Hi Mimi,
On Fri, 2021-02-05 at 09:39 -0800, Lakshmi Ramasubramanian wrote:
On 2/5/21 2:05 AM, Greg KH wrote:
On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
IMA allocates kernel virtual memory to carry forward the measurement
evice tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 29 ---
arch/powerpc/kexec/file_load.c| 132 +-
ar
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
node documentation
v0:
Add a layer of abstraction to use the memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserve
evice tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec
r() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -
information is
present in the device tree for powerpc.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 107bb4319e0e
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
in
arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 6 ++
drivers/of/kexec.c | 258
include/linux/of.h | 13 +++
3
for
kexec system call.
Rename elfcorehdr_addr to elf_headers_mem to align with arm64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c
t;arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files and functions in powerpc and
in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/
On 2/10/21 9:15 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
On kexec file load Integrity Measurement Architecture (IMA) subsystem
may verify the IMA signature of the kernel and initramfs, and measure
it. The command line parameters passed
On 2/10/21 9:23 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:52AM -0800, Lakshmi Ramasubramanian wrote:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
or additional properties
On 2/10/21 9:20 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:55AM -0800, Lakshmi Ramasubramanian wrote:
The fields ima_buffer_addr and ima_buffer_size in "struct kimage_arch"
for powerpc are used to carry forward the IMA measurement list across
kexec system call. Th
On 2/10/21 5:42 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
From: Rob Herring
The code for setting up the /chosen node in the device tree
and updating the memory reservation for the next kernel has been
moved to of_kexec_alloc_and_setup_fdt() defined in "dr
On 2/10/21 1:39 PM, Mimi Zohar wrote:
On Wed, 2021-02-10 at 15:55 -0500, Mimi Zohar wrote:
On Wed, 2021-02-10 at 14:42 -0600, Rob Herring wrote:
On Wed, Feb 10, 2021 at 11:33 AM Lakshmi Ramasubramanian
Ideally, we don't apply the same patch in 2 branches. It looks like
there's a conflict
On 2/11/21 9:42 AM, Lakshmi Ramasubramanian wrote:
Hi Rob,
[PATCH] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem
This change causes build problem for x86_64 architecture (please see the
mail from kernel test bot below) since arch/x86/include/asm/kexec.h uses
"elf_load
tion
Date: Fri, 12 Feb 2021 00:50:20 +0800
From: kernel test robot
To: Lakshmi Ramasubramanian
CC: kbuild-...@lists.01.org
Hi Lakshmi,
I love your patch! Yet something to improve:
[auto build test ERROR on integrity/next-integrity]
[also build test ERROR on v5.11-rc7 next-20210211]
[cannot apply
kernel command line and /chosen properties.
Therefore change kexec_fdt_totalsize_ppc64() to calculate just the extra
space needed by the kdump kernel, and change the function name so that it
better reflects what the function is now doing.
Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Lak
On 3/2/21 7:06 AM, Rob Herring wrote:
On Sun, Feb 21, 2021 at 11:49 AM Lakshmi Ramasubramanian
wrote:
On kexec file load Integrity Measurement Architecture (IMA) subsystem
may verify the IMA signature of the kernel and initramfs, and measure
it. The command line parameters passed
On 2/23/21 5:20 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
or additional properties that will be ignored
On 4/15/21 12:14 PM, Lakshmi Ramasubramanian wrote:
Sorry - missed copying device-tree and powerpc mailing lists.
There are a few "goto out;" statements before the local variable "fdt"
is initialized through the call to of_kexec_alloc_and_setup_fdt() in
elf64_load
On 4/19/21 4:30 PM, Michael Ellerman wrote:
Lakshmi Ramasubramanian writes:
On 4/16/21 2:05 AM, Michael Ellerman wrote:
Daniel Axtens writes:
On 4/15/21 12:14 PM, Lakshmi Ramasubramanian wrote:
Sorry - missed copying device-tree and powerpc mailing lists.
There are a few "got
On 4/19/21 10:00 PM, Dan Carpenter wrote:
On Tue, Apr 20, 2021 at 09:30:16AM +1000, Michael Ellerman wrote:
Lakshmi Ramasubramanian writes:
On 4/16/21 2:05 AM, Michael Ellerman wrote:
Daniel Axtens writes:
On 4/15/21 12:14 PM, Lakshmi Ramasubramanian wrote:
Sorry - missed copying device
On 4/20/21 6:06 AM, Rob Herring wrote:
On Tue, Apr 20, 2021 at 12:20 AM Lakshmi Ramasubramanian
wrote:
On 4/19/21 10:00 PM, Dan Carpenter wrote:
On Tue, Apr 20, 2021 at 09:30:16AM +1000, Michael Ellerman wrote:
Lakshmi Ramasubramanian writes:
On 4/16/21 2:05 AM, Michael Ellerman wrote
On 4/20/21 7:42 AM, Lakshmi Ramasubramanian wrote:
On 4/20/21 6:06 AM, Rob Herring wrote:
On Tue, Apr 20, 2021 at 12:20 AM Lakshmi Ramasubramanian
wrote:
On 4/19/21 10:00 PM, Dan Carpenter wrote:
On Tue, Apr 20, 2021 at 09:30:16AM +1000, Michael Ellerman wrote:
Lakshmi Ramasubramanian
On 4/20/21 8:47 AM, Rob Herring wrote:
On Tue, Apr 20, 2021 at 10:04 AM Lakshmi Ramasubramanian
wrote:
On 4/20/21 7:42 AM, Lakshmi Ramasubramanian wrote:
On 4/20/21 6:06 AM, Rob Herring wrote:
On Tue, Apr 20, 2021 at 12:20 AM Lakshmi Ramasubramanian
wrote:
On 4/19/21 10:00 PM, Dan
re is an error before the call to
of_kexec_alloc_and_setup_fdt().
If there is any error after fdt is allocated, but before it is
saved in the arch specific kimage struct, free the fdt.
Signed-off-by: Lakshmi Ramasubramanian
Reported-by: kernel test robot
Reported-by: Dan Carpenter
Suggested-by: Michael Ellerman
--
Uninitialized local variable "elf_info" would be passed to
kexec_free_elf_info() if kexec_build_elf_info() returns an error
in elf64_load().
If kexec_build_elf_info() returns an error, return the error
immediately.
Signed-off-by: Lakshmi Ramasubramanian
Reported-by: Dan Carpenter
t" being passed
to kvfree() in this function if there is an error before the call to
of_kexec_alloc_and_setup_fdt().
If there is any error after fdt is allocated, but before it is
saved in the arch specific kimage struct, free the fdt.
Signed-off-by: Lakshmi Ramasubramanian
Reported-by: kernel test rob
On 4/21/21 12:18 AM, Michael Ellerman wrote:
Lakshmi Ramasubramanian writes:
There are a few "goto out;" statements before the local variable "fdt"
is initialized through the call to of_kexec_alloc_and_setup_fdt() in
elf64_load(). This will result in an uninitialize
On 4/16/21 2:05 AM, Michael Ellerman wrote:
Daniel Axtens writes:
On 4/15/21 12:14 PM, Lakshmi Ramasubramanian wrote:
Sorry - missed copying device-tree and powerpc mailing lists.
There are a few "goto out;" statements before the local variable "fdt"
is initiali
On 2/12/21 6:38 AM, Rob Herring wrote:
On Thu, Feb 11, 2021 at 7:17 PM Lakshmi Ramasubramanian
wrote:
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complication that I just noticed and needs to be
addressed. More below.
<...>
+
+/*
+ * of_kexec_alloc_and_set
On 2/12/21 10:24 AM, Rob Herring wrote:
On Fri, Feb 12, 2021 at 11:19 AM Lakshmi Ramasubramanian
wrote:
On 2/12/21 6:38 AM, Rob Herring wrote:
On Thu, Feb 11, 2021 at 7:17 PM Lakshmi Ramasubramanian
wrote:
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complication
in "struct kimage" to store the virtual address
of the buffer allocated for the IMA measurement list.
Free the memory allocated for the IMA measurement list in
kimage_file_post_load_cleanup() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Reviewed-by: Thiago Jung
list in
the error code paths in ima_add_kexec_buffer() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
---
security/integrity/ima/ima_kexec.c | 1 +
1 file changed, 1 insertion(+)
ELF related fields elf_headers, elf_headers_sz, and elf_headers_mem
have been moved from 'struct kimage_arch' to 'struct kimage' as
elf_headers, elf_headers_sz, and elf_load_addr respectively.
Use the ELF fields defined in 'struct kimage'.
Signed-off-by: Lakshmi Ramasubramanian
Suggested
arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Fixes: 33488dc4d61f ("of: Add a common kexec FDT setup function")
Reported-by: kernel t
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/ar
evice tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --
evice tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 30 ---
arch/powerpc/kexec/file_load.
r_size in ima_add_kexec_buffer()
in security/integrity/ima/ima_kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ima.h | 3 ---
ar
1 - 100 of 132 matches
Mail list logo