diff for duplicates of <1530623259.3452.28.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 054c859..ae9afa8 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -12,22 +12,16 @@ On Mon, 2018-07-02 at 11:31 -0700, J Freyensee wrote: kexec is used to collect the memory used to analyze the crash dump. > If this is true, how would this work if kexec_load() is -> being denied? I don't think I'd want to be hindered in cases where I'm +> being denied? I don't think I'd want to be hindered in cases where I'm > trying to diagnose a crash. For trusted & secure boot, we need a full measurement list and -signature chain of trust rooted in HW. Permitting kexec_load would +signature chain of trust rooted in HW. Permitting kexec_load would break these chains of trust. -Permitting/denying kexec_load is based on a runtime IMA policy. Patch +Permitting/denying kexec_load is based on a runtime IMA policy. Patch 6/8 "ima: add build time policy", in this patch set, introduces the -concept of a build time policy. With these patches, you could +concept of a build time policy. With these patches, you could configure your kernel and/or load an IMA policy permitting kexec_load. Mimi - - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec diff --git a/a/content_digest b/N1/content_digest index 0404832..1bd5eba 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,16 +6,16 @@ "Date\0Tue, 03 Jul 2018 09:07:39 -0400\0" "To\0J Freyensee <why2jjj.linux@gmail.com>" " linux-integrity@vger.kernel.org\0" - "Cc\0Andres Rodriguez <andresx7@gmail.com>" - Kees Cook <keescook@chromium.org> - Ard Biesheuvel <ard.biesheuvel@linaro.org> - Greg Kroah-Hartman <gregkh@linuxfoundation.org> - kexec@lists.infradead.org + "Cc\0linux-security-module@vger.kernel.org" linux-kernel@vger.kernel.org David Howells <dhowells@redhat.com> - linux-security-module@vger.kernel.org + Luis R . Rodriguez <mcgrof@kernel.org> Eric Biederman <ebiederm@xmission.com> - " Luis R . Rodriguez <mcgrof@kernel.org>\0" + kexec@lists.infradead.org + Andres Rodriguez <andresx7@gmail.com> + Greg Kroah-Hartman <gregkh@linuxfoundation.org> + Ard Biesheuvel <ard.biesheuvel@linaro.org> + " Kees Cook <keescook@chromium.org>\0" "\00:1\0" "b\0" "On Mon, 2018-07-02 at 11:31 -0700, J Freyensee wrote:\n" @@ -32,24 +32,18 @@ "kexec is used to collect the memory used to analyze the crash dump.\n" "\n" "> If this is true, how would this work if kexec_load() is \n" - "> being denied?\302\240 I don't think I'd want to be hindered in cases where I'm \n" + "> being denied? I don't think I'd want to be hindered in cases where I'm \n" "> trying to diagnose a crash.\n" "\n" "For trusted & secure boot, we need a full measurement list and\n" - "signature chain of trust rooted in HW. \302\240Permitting kexec_load would\n" + "signature chain of trust rooted in HW. Permitting kexec_load would\n" "break these chains of trust.\n" "\n" - "Permitting/denying kexec_load is based on a runtime IMA policy. \302\240Patch\n" + "Permitting/denying kexec_load is based on a runtime IMA policy. Patch\n" "6/8 \"ima: add build time policy\", in this patch set, introduces the\n" - "concept of a build time policy. \302\240With these patches, you could\n" + "concept of a build time policy. With these patches, you could\n" "configure your kernel and/or load an IMA policy permitting kexec_load.\n" "\n" - "Mimi\n" - "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + Mimi -ecaf9ac7f99cccc2cd9b501baea229bad475758e3e8b100e8908397ece126dd5 +c4f3bd285fbbe420573b888b1a8592a9e7c921d19dc26bda1588e4a74dcfe01c
diff --git a/a/1.txt b/N2/1.txt index 054c859..f7f08b9 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -12,22 +12,21 @@ On Mon, 2018-07-02 at 11:31 -0700, J Freyensee wrote: kexec is used to collect the memory used to analyze the crash dump. > If this is true, how would this work if kexec_load() is -> being denied? I don't think I'd want to be hindered in cases where I'm +> being denied?? I don't think I'd want to be hindered in cases where I'm > trying to diagnose a crash. For trusted & secure boot, we need a full measurement list and -signature chain of trust rooted in HW. Permitting kexec_load would +signature chain of trust rooted in HW. ?Permitting kexec_load would break these chains of trust. -Permitting/denying kexec_load is based on a runtime IMA policy. Patch +Permitting/denying kexec_load is based on a runtime IMA policy. ?Patch 6/8 "ima: add build time policy", in this patch set, introduces the -concept of a build time policy. With these patches, you could +concept of a build time policy. ?With these patches, you could configure your kernel and/or load an IMA policy permitting kexec_load. Mimi - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 0404832..673e1ee 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,21 +1,10 @@ "ref\01530542283-26145-1-git-send-email-zohar@linux.vnet.ibm.com\0" "ref\01530542283-26145-4-git-send-email-zohar@linux.vnet.ibm.com\0" "ref\0840dae63-5a90-1327-437e-1ed92e165754@gmail.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v5 3/8] ima: based on policy require signed kexec kernel images\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v5 3/8] ima: based on policy require signed kexec kernel images\0" "Date\0Tue, 03 Jul 2018 09:07:39 -0400\0" - "To\0J Freyensee <why2jjj.linux@gmail.com>" - " linux-integrity@vger.kernel.org\0" - "Cc\0Andres Rodriguez <andresx7@gmail.com>" - Kees Cook <keescook@chromium.org> - Ard Biesheuvel <ard.biesheuvel@linaro.org> - Greg Kroah-Hartman <gregkh@linuxfoundation.org> - kexec@lists.infradead.org - linux-kernel@vger.kernel.org - David Howells <dhowells@redhat.com> - linux-security-module@vger.kernel.org - Eric Biederman <ebiederm@xmission.com> - " Luis R . Rodriguez <mcgrof@kernel.org>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2018-07-02 at 11:31 -0700, J Freyensee wrote:\n" @@ -32,24 +21,23 @@ "kexec is used to collect the memory used to analyze the crash dump.\n" "\n" "> If this is true, how would this work if kexec_load() is \n" - "> being denied?\302\240 I don't think I'd want to be hindered in cases where I'm \n" + "> being denied?? I don't think I'd want to be hindered in cases where I'm \n" "> trying to diagnose a crash.\n" "\n" "For trusted & secure boot, we need a full measurement list and\n" - "signature chain of trust rooted in HW. \302\240Permitting kexec_load would\n" + "signature chain of trust rooted in HW. ?Permitting kexec_load would\n" "break these chains of trust.\n" "\n" - "Permitting/denying kexec_load is based on a runtime IMA policy. \302\240Patch\n" + "Permitting/denying kexec_load is based on a runtime IMA policy. ?Patch\n" "6/8 \"ima: add build time policy\", in this patch set, introduces the\n" - "concept of a build time policy. \302\240With these patches, you could\n" + "concept of a build time policy. ?With these patches, you could\n" "configure your kernel and/or load an IMA policy permitting kexec_load.\n" "\n" "Mimi\n" "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -ecaf9ac7f99cccc2cd9b501baea229bad475758e3e8b100e8908397ece126dd5 +ee8bf3e33ad3a6546d4aaf50f05f281fd5b64db5beb381135b2ae022b09a16c4
diff --git a/a/1.txt b/N3/1.txt index 054c859..7e3308c 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -25,9 +25,3 @@ concept of a build time policy. With these patches, you could configure your kernel and/or load an IMA policy permitting kexec_load. Mimi - - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec diff --git a/a/content_digest b/N3/content_digest index 0404832..558eeac 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -6,16 +6,16 @@ "Date\0Tue, 03 Jul 2018 09:07:39 -0400\0" "To\0J Freyensee <why2jjj.linux@gmail.com>" " linux-integrity@vger.kernel.org\0" - "Cc\0Andres Rodriguez <andresx7@gmail.com>" - Kees Cook <keescook@chromium.org> - Ard Biesheuvel <ard.biesheuvel@linaro.org> - Greg Kroah-Hartman <gregkh@linuxfoundation.org> - kexec@lists.infradead.org + "Cc\0linux-security-module@vger.kernel.org" linux-kernel@vger.kernel.org David Howells <dhowells@redhat.com> - linux-security-module@vger.kernel.org + Luis R . Rodriguez <mcgrof@kernel.org> Eric Biederman <ebiederm@xmission.com> - " Luis R . Rodriguez <mcgrof@kernel.org>\0" + kexec@lists.infradead.org + Andres Rodriguez <andresx7@gmail.com> + Greg Kroah-Hartman <gregkh@linuxfoundation.org> + Ard Biesheuvel <ard.biesheuvel@linaro.org> + " Kees Cook <keescook@chromium.org>\0" "\00:1\0" "b\0" "On Mon, 2018-07-02 at 11:31 -0700, J Freyensee wrote:\n" @@ -44,12 +44,6 @@ "concept of a build time policy. \302\240With these patches, you could\n" "configure your kernel and/or load an IMA policy permitting kexec_load.\n" "\n" - "Mimi\n" - "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + Mimi -ecaf9ac7f99cccc2cd9b501baea229bad475758e3e8b100e8908397ece126dd5 +85e3f930c8dec91750ea1f83c0f22a78ac2e047fafa34737e52c213b978e080e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.