On 5/22/20 9:08 PM, Thiago Jung Bauermann wrote:
Hello Prakhar,
Prakhar Srivastava <prsriva@xxxxxxxxxxxxxxxxxxx> writes:
On 5/12/20 4:05 PM, Rob Herring wrote:
On Wed, May 06, 2020 at 10:50:04PM -0700, Prakhar Srivastava wrote:
Hi Mark,
Please don't top post.
This patch set currently only address the Pure DT implementation.
EFI and ACPI implementations will be posted in subsequent patchsets.
The logs are intended to be carried over the kexec and once read the
logs are no longer needed and in prior conversation with James(
https://lore.kernel.org/linux-arm-kernel/0053eb68-0905-4679-c97a-00c5cb6f1abb@xxxxxxx/)
the apporach of using a chosen node doesn't
support the case.
The DT entries make the reservation permanent and thus doesnt need kernel
segments to be used for this, however using a chosen-node with
reserved memory only changes the node information but memory still is
reserved via reserved-memory section.
I think Mark's point was whether it needs to be permanent. We don't
hardcode the initrd address for example.
Thankyou for clarifying my misunderstanding, i am modelling this keeping to the
TPM log implementation that uses a reserved memory. I will rev up the version
with chosen-node support.
That will make the memory reservation free after use.
Nice. Do you intend to use the same property that powerpc uses
(linux,ima-kexec-buffer)?
I was naming it ima-buffer, but naming is not a huge concern.
I will use linux,ima-kexec-buffer.
On 5/5/20 2:59 AM, Mark Rutland wrote:
Hi Prakhar,
On Mon, May 04, 2020 at 01:38:27PM -0700, Prakhar Srivastava wrote:
IMA during kexec(kexec file load) verifies the kernel signature and measures
What's IMAIMA is a LSM attempting to detect if files have been accidentally or
maliciously altered, both remotely and locally, it can also be used
to appraise a file's measurement against a "good" value stored as an extended
attribute, and enforce local file integrity.
IMA also validates and measures the signers of the kernel and initrd
during kexec. The measurements are extended to PCR 10(configurable) and the logs
stored in memory, however once kexec'd the logs are lost. Kexec is used as
secondary boot loader in may use cases and loosing the signer
creates a security hole.
This patch is an implementation to carry over the logs and making it
possible to remotely validate the signers of the kernel and initrd. Such a
support exits only in powerpc.
This patch makes the carry over of logs architecture independent and puts the
complexity in a driver.
If I'm not mistaken, the code at arch/powerpc/kexec/ima.c isn't actually
powerpc-specific. It could be moved to an arch-independent directory and
used by any other architecture which supports device trees.
I think that's the simplest way forward. And to be honest I'm still
trying to understand why you didn't take that approach. Did you try it
and hit some obstacle or noticed a disadvantage for your use case?
The approach i have in this patch set is to provide an abstraction layer
that can be called from any architecture.
However taking a deeper look only the setup dtb is probably architecture
specific, only because the architecture specific kexec sets up the
device tree. I can also move the code up in security/ima. However i do
have some concerns with layering. I am hoping you can provide me with
some guidance in this aspect, i will send you the patch i am working on
to get some early feedback.
Thanks,
Prakhar Srivastava
--
Thiago Jung Bauermann
IBM Linux Technology Center