From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gzNG9-0002PZ-I5 for kexec@lists.infradead.org; Thu, 28 Feb 2019 15:06:11 +0000 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1SExeRt140497 for ; Thu, 28 Feb 2019 10:06:02 -0500 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2qxfs4xyx7-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 Feb 2019 10:06:01 -0500 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 28 Feb 2019 15:05:59 -0000 Subject: Re: [PATCH 2/3] scripts/ima: define a set of common functions From: Mimi Zohar Date: Thu, 28 Feb 2019 10:05:43 -0500 In-Reply-To: <20190228134146.GA7528@dhcp-128-65.nay.redhat.com> References: <1548960936-7800-1-git-send-email-zohar@linux.ibm.com> <1548960936-7800-3-git-send-email-zohar@linux.ibm.com> <20190228134146.GA7528@dhcp-128-65.nay.redhat.com> Mime-Version: 1.0 Message-Id: <1551366343.10911.173.camel@linux.ibm.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Dave Young Cc: kexec@lists.infradead.org, linux-kernel@vger.kernel.org, David Howells , linux-security-module@vger.kernel.org, Eric Biederman , linux-integrity@vger.kernel.org SGkgRGF2ZSwKCk9uIFRodSwgMjAxOS0wMi0yOCBhdCAyMTo0MSArMDgwMCwgRGF2ZSBZb3VuZyB3 cm90ZToKPiBIaSBNaW1pLAo+ICAKPiBTb3JyeSBmb3IganVtcGluZyBpbiBsYXRlLCBqdXN0IG5v dGljZWQgdGhpcyBrZXhlYyBzZWxmdGVzdHMsIEkgdGhpbmsgd2UKPiBhbHNvIG5lZWQgYSBrZXhl YyBsb2FkIHRlc3Qgbm90IG9ubHkgZm9yIGltYSwgYnV0IGZvciBnZW5lcmFsIGtleGVjCgpUaGUg SU1BIGtzZWxmdGVzdCB0ZXN0cyBhcmUgZm9yIHRoZSBjb29yZGluYXRpb24gYmV0d2VlbiB0aGUg ZGlmZmVyZW50Cm1ldGhvZHMgb2YgdmVyaWZ5aW5nIGZpbGUgc2lnbmF0dXJlcy4gwqBJbiBwYXJ0 aWN1bGFyLCBmb3IgdGhlIGtleGVjCmtlcm5lbCBpbWFnZSBhbmQga2VybmVsIG1vZHVsZSBzaWdu YXR1cmVzLgoKVGhlIGluaXRpYWwgSU1BIGtzZWxmdGVzdCBqdXN0IHZlcmlmaWVzIHRoYXQgaW4g YW4gZW52aXJvbm1lbnQKcmVxdWlyaW5nIHNpZ25lZCBrZXhlYyBrZXJuZWwgaW1hZ2VzLCB0aGUg a2V4ZWNfbG9hZCBzeXNjYWxsIGZhaWxzLsKgCgpUaGlzIHdlZWsgSSBwb3N0ZWQgYWRkaXRpb25h bCBJTUEga3NlbGZ0ZXN0c1sxXVsyXSwgaW5jbHVkaW5nIG9uZSBmb3IKdGhlIGtleGVjX2ZpbGVf bG9hZCBzeXNjYWxsLiDCoEkgd291bGQgcmVhbGx5IGFwcHJlY2lhdGUgdGhlc2UKa3NlbGZ0ZXN0 cyBiZWluZyByZXZpZXdlZC9hY2tlZC4KCk1pbWkKClsxXSBTdWJqZWN0OiBbUEFUQ0ggdjIgMC81 XSBzZWxmdGVzdHMvaW1hOiBhZGQga2V4ZWMgYW5kIGtlcm5lbCBtb2R1bGUgdGVzdHMKWzJdIFBh dGNoZXMgYXZhaWxhYmxlIGZyb20gdGhlICJuZXh0LXF1ZXVlZC10ZXN0aW5nIiBicmFuY2gKaHR0 cHM6Ly9naXQua2VybmVsLm9yZy9wdWIvc2NtL2xpbnV4L2tlcm5lbC9naXQvem9oYXIvbGludXgt aW50ZWdyaXR5LmdpdC8KCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXwprZXhlYyBtYWlsaW5nIGxpc3QKa2V4ZWNAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRw Oi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2tleGVjCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BCBFC43381 for ; Thu, 28 Feb 2019 15:06:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 40D1C2184A for ; Thu, 28 Feb 2019 15:06:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732752AbfB1PGG (ORCPT ); Thu, 28 Feb 2019 10:06:06 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:50090 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1731509AbfB1PGD (ORCPT ); Thu, 28 Feb 2019 10:06:03 -0500 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1SExU2H123136 for ; Thu, 28 Feb 2019 10:06:01 -0500 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2qxgth41ym-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 Feb 2019 10:06:01 -0500 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 28 Feb 2019 15:05:59 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 28 Feb 2019 15:05:56 -0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x1SF5tp550331836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 28 Feb 2019 15:05:55 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A38F11C052; Thu, 28 Feb 2019 15:05:55 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3ABED11C04A; Thu, 28 Feb 2019 15:05:54 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.106.105]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 28 Feb 2019 15:05:54 +0000 (GMT) Subject: Re: [PATCH 2/3] scripts/ima: define a set of common functions From: Mimi Zohar To: Dave Young Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, David Howells , Eric Biederman Date: Thu, 28 Feb 2019 10:05:43 -0500 In-Reply-To: <20190228134146.GA7528@dhcp-128-65.nay.redhat.com> References: <1548960936-7800-1-git-send-email-zohar@linux.ibm.com> <1548960936-7800-3-git-send-email-zohar@linux.ibm.com> <20190228134146.GA7528@dhcp-128-65.nay.redhat.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19022815-0028-0000-0000-0000034E3180 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19022815-0029-0000-0000-0000240C8D64 Message-Id: <1551366343.10911.173.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-02-28_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1902280102 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Hi Dave, On Thu, 2019-02-28 at 21:41 +0800, Dave Young wrote: > Hi Mimi, > > Sorry for jumping in late, just noticed this kexec selftests, I think we > also need a kexec load test not only for ima, but for general kexec The IMA kselftest tests are for the coordination between the different methods of verifying file signatures.  In particular, for the kexec kernel image and kernel module signatures. The initial IMA kselftest just verifies that in an environment requiring signed kexec kernel images, the kexec_load syscall fails.  This week I posted additional IMA kselftests[1][2], including one for the kexec_file_load syscall.  I would really appreciate these kselftests being reviewed/acked. Mimi [1] Subject: [PATCH v2 0/5] selftests/ima: add kexec and kernel module tests [2] Patches available from the "next-queued-testing" branch https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/