Add support for arm64 to carry ima measurement log
to the next kexec'ed session triggered via kexec_file_load.
- Top of Linux 5.3-rc6
Currently during kexec the kernel file signatures are/can be validated
prior to actual load, the information(PE/ima signature) is not carried
to the next session. This lead to loss of information.
Carrying forward the ima measurement log to the next kexec'ed session
allows a verifying party to get the entire runtime event log since the
last full reboot, since that is when PCRs were last reset.
Changelog:
v1:
- add new fdt porperties to mark start and end for ima measurement
log.
- use fdt_* functions to add/remove fdt properties and memory
allocations.
- remove additional check for endian-ness as they are checked
in fdt_* functions.
v0:
- Add support to carry ima measurement log in arm64,
uses same code as powerpc.
Prakhar Srivastava (1):
Add support for arm64 to carry ima measurement log in kexec_file_load
arch/arm64/Kconfig | 7 +
arch/arm64/include/asm/ima.h | 29 ++++
arch/arm64/include/asm/kexec.h | 5 +
arch/arm64/kernel/Makefile | 3 +-
arch/arm64/kernel/ima_kexec.c | 213 +++++++++++++++++++++++++
arch/arm64/kernel/machine_kexec_file.c | 6 +
6 files changed, 262 insertions(+), 1 deletion(-)
create mode 100644 arch/arm64/include/asm/ima.h
create mode 100644 arch/arm64/kernel/ima_kexec.c
--
2.17.1
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
