From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5] helo=mx0a-001b2d01.pphosted.com) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iO3Z9-0003vJ-4e for kexec@lists.infradead.org; Fri, 25 Oct 2019 17:40:00 +0000 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x9PHcgDg008631 for ; Fri, 25 Oct 2019 13:39:54 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2vv4axakxj-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Oct 2019 13:39:53 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 25 Oct 2019 18:39:51 +0100 Subject: Re: [PATCH V4 0/2] Add support for arm64 to carry ima measurement From: Mimi Zohar Date: Fri, 25 Oct 2019 13:39:43 -0400 In-Reply-To: <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> References: <20191011003600.22090-1-prsriva@linux.microsoft.com> <87d92514-e5e4-a79f-467f-f24a4ed279b6@arm.com> <0053eb68-0905-4679-c97a-00c5cb6f1abb@arm.com> <1571190256.5250.200.camel@linux.ibm.com> <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> Mime-Version: 1.0 Message-Id: <1572025183.4532.34.camel@linux.ibm.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: James Morse Cc: mark.rutland@arm.com, jean-philippe@linaro.org, arnd@arndb.de, yamada.masahiro@socionext.com, sboyd@kernel.org, catalin.marinas@arm.com, ard.biesheuvel@linaro.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, prsriva , takahiro.akashi@linaro.org, duwe@lst.de, Thiago Jung Bauermann , allison@lohutok.net, linux-integrity@vger.kernel.org, tglx@linutronix.de, linux-arm-kernel@lists.infradead.org T24gRnJpLCAyMDE5LTEwLTI1IGF0IDE4OjA3ICswMTAwLCBKYW1lcyBNb3JzZSB3cm90ZToKPiBI aSBNaW1pLAo+IAo+IE9uIDE2LzEwLzIwMTkgMDI6NDQsIE1pbWkgWm9oYXIgd3JvdGU6Cj4gPiBP biBUdWUsIDIwMTktMTAtMTUgYXQgMTg6MzkgKzAxMDAsIEphbWVzIE1vcnNlIHdyb3RlOgo+ID4+ IElmIFNlY3VyZUJvb3QgaXNuJ3QgcmVsZXZhbnQsIEknbSBjb25mdXNlZCBhcyB0byB3aHkga2V4 ZWNfZmlsZV9sb2FkKCkgaXMuCj4gPj4KPiA+PiBJIHRob3VnaHQga2V4ZWNfZmlsZV9sb2FkKCkg b25seSBleGlzdGVkIGJlY2F1c2UgU2VjdXJlQm9vdCBzeXN0ZW1zIG5lZWQgdG8gdmFsaWRhdGUg dGhlCj4gPj4gbmV3IE9TIGltYWdlcydzIHNpZ25hdHVyZSBiZWZvcmUgbG9hZGluZyBpdCwgYW5k IHdlIGNhbid0IHRydXN0IHVzZXItc3BhY2UgY2FsbGluZyBLZXhlYwo+ID4+IHRvIGRvIHRoaXMu Cj4gPj4KPiA+PiBJZiB0aGVyZSBpcyBubyBzZWN1cmUgYm9vdCwgd2h5IGRvZXMgdGhpcyB0aGlu ZyBvbmx5IHdvcmsgd2l0aCBrZXhlY19maWxlX2xvYWQoKT8KPiA+PiAoZ29vZCBuZXdzISBXaXRo IHRoZSBVRUZJIG1lbXJlc2V2ZSB0YWJsZSwgaXQgc2hvdWxkIHdvcmsgdHJhbnNwYXJlbnRseSB3 aXRoIHJlZ3VsYXIga2V4ZWMKPiA+PiB0b28pCj4gCj4gPiBJJ20gc28gc29ycnkgZm9yIHRoZSBj b25mdXNpb24uIMKgSU1BIHdhcyBvcmlnaW5hbGx5IGxpbWl0ZWQgdG8KPiA+IGV4dGVuZGluZyB0 cnVzdGVkIGJvb3QgY29uY2VwdHMgdG8gdGhlIE9TLiDCoEFzIG9mIExpbnV4IDMuMTAsIElNQQo+ ID4gYWRkZWQgc3VwcG9ydCBmb3IgZXh0ZW5kaW5nIHNlY3VyZSBib290IGNvbmNlcHRzIGFuZCBh dWRpdGluZyBmaWxlCj4gPiBoYXNoZXMgKGNvbW1pdCBlN2M1NjhlMGZkMGNmKS4KPiA+IAo+ID4g VHJ1ZSwga2V4ZWNfZmlsZV9sb2FkIGlzIHJlcXVpcmVkIGZvciB2ZXJpZnlpbmcgdGhlIGtleGVj IGtlcm5lbAo+ID4gaW1hZ2UsIGJ1dCBpdCBpcyBhbHNvIHJlcXVpcmVkIGZvciBtZWFzdXJpbmcg dGhlIGtleGVjIGtlcm5lbCBpbWFnZSBhcwo+ID4gd2VsbC4KPiA+IAo+ID4gQWZ0ZXIgcmVhZGlu ZyB0aGUga2VybmVsIGltYWdlIGludG8gbWVtb3J5IChrZXJuZWxfcmVhZF9maWxlX2Zyb21fZmQp LAo+ID4gdGhlIGhhc2ggaXMgY2FsY3VsYXRlZCBhbmQgdGhlbiBhZGRlZCB0byB0aGUgSU1BIG1l YXN1cmVtZW50IGxpc3QgYW5kCj4gPiB1c2VkIHRvIGV4dGVuZCB0aGUgVFBNLiDCoEFsbCBvZiB0 aGlzIGlzIGJhc2VkIG9uIHRoZSBJTUEgcG9saWN5LAo+ID4gaW5jbHVkaW5nIHRoZSBUUE0gUENS Lgo+IAo+IERvbid0IHdlIGdldCBhIHNldCBvZiBzZWdtZW50cyB3aXRoIHRoZSByZWd1bGFyIGtl eGVjIHN5c2NhbGw/IFRoZXNlIGNvdWxkIGVxdWFsbHkgYmUKPiBoYXNoZWQgYW5kIG1lYXN1cmVk LCBhbmQgbG9nZ2VkIHZpYSBJTUEgYW5kL29yIGV4dGVuZGluZyB0aGUgVFBNcyBtZWFzdXJlbWVu dHMuCgpJTUEgd29ya3MgYXQgdGhlIGZpbGUgbGV2ZWwuIMKgSSdtIG5vdCBzdXJlIHdoYXQgaXQg d291bGQgbWVhbiB0bwptZWFzdXJlICJzZWdtZW50cyIuCgpPcmlnaW5hbGx5LCBrZXhlY19maWxl X2xvYWQgcmVhZCB0aGUgS0VYRUMga2VybmVsIGltYWdlIHR3aWNlLCBvbmNlIHRvCmNhbGN1bGF0 ZSB0aGUgZmlsZSBoYXNoLCBhbmQgYWdhaW4gdG8gdmVyaWZ5IHRoZSBzaWduYXR1cmUuIMKgTm93 CmtleGVjX2ZpbGVfbG9hZCBjYWxscyBrZXJuZWxfcmVhZF9maWxlX2Zyb21fZmQsIHdoaWNoIHJl YWRzIHRoZSBmaWxlCmludG8gbWVtb3J5LCBiZWZvcmUgSU1BIGNhbGN1bGF0ZXMgdGhlIGZpbGUg YnVmZmVyIGhhc2guCgo+IAo+IChvYnZpb3VzbHkgdGhpcyB3b3VsZCBpbmNsdWRlIHRoZSBjb21t YW5kLWxpbmUgYW5kIG1heWJlIHB1cmdhdG9yeSwgd2hpY2ggbWFrZXMgaXQgbGVzcwo+IHByZWRp Y3RhYmxlLCBidXQgdGhlc2UgYXJlIHN0aWxsIHRoZSBiaW5hcnkgYmxvYnMgdGhhdCB3ZXJlIGdp dmVuIHByaXZpbGVnZWQgYWNjZXNzIHRvIHRoZQo+IHN5c3RlbSkuCj4gCj4gCj4gPj4+IEkgYW0g bm90IHN1cmUgaWYgaSBhZGRyZXNzZWQgYWxsIHlvdXIgY29uY2VybnMsIHBsZWFzZSBsZXQgbWUg a25vdwo+ID4+PiBpZiBpIG1pc3NlZCBhbnl0aGluZy4gVG8gbWUgbW9zdCBjb25jZXJucyBsb29r IHRvIGJlIHRvd2FyZHMgdGhlIGtleGVjIGNhc2UgYW5kIGRlcGVuZGVuY3kKPiA+Pj4gb24gaGFy ZHdhcmUoQUNQSS9UUE0pIGR1cmluZyBib290IGFuZCBlYXJseSBib290IHNlcnZpY2VzLCB3aGVy ZSBhcyBjYXJyeWluZyB0aGUgbG9ncyBpcwo+ID4+PiBvbmx5IGR1cmluZyB0aGUga2V4ZWNfZmls ZV9sb2FkIHN5cyBjYWxsIGFuZCBkb2VzIG5vdCBpbnRlcmZlcmUgd2l0aCB0aGF0IGNvZGUgcGF0 aC4KPiA+Pj4gSU1BIGRvY3VtZW50YXRpb246IGh0dHBzOi8vc291cmNlZm9yZ2UubmV0L3AvbGlu dXgtaW1hL3dpa2kvSG9tZS8KPiA+Pgo+ID4+IFN1cHBvcnRpbmcgQUNQSSBpbiB0aGUgc2FtZSB3 YXkgaXMgc29tZXRoaW5nIHdlIG5lZWQgdG8gZG8gZnJvbSBkYXkgb25lLiBrZXhlY19maWxlX2xv YWQoKQo+ID4+IGFscmVhZHkgZG9lcyB0aGlzLiBJJ20gbm90IHN1cmUgIm9ubHkga2V4ZWNfZmls ZV9sb2FkKCkiIGlzIGEganVzdGlmaWFibGUgcmVzdHJpY3Rpb24uLi4KPiAKPiA+IFRoZSBUUE0g UENScyBhcmUgbm90IHJlc2V0IG9uIGEgc29mdCByZWJvb3QuIMKgQXMgYSByZXN1bHQsIGluIG9y ZGVyIHRvCj4gPiB2YWxpZGF0ZSB0aGUgSU1BIG1lYXN1cmVtZW50IGxpc3QgYWdhaW5zdCB0aGUg VFBNIFBDUnMsIHRoZSBJTUEKPiA+IG1lYXN1cmVtZW50IGxpc3QgaXMgc2F2ZWQgb24ga2V4ZWMg bG9hZCwgcmVzdG9yZWQgb24gYm9vdCwgYW5kIHRoZW4KPiA+IHRoZSBtZW1vcnkgYWxsb2NhdGVk IGZvciBjYXJyeWluZyB0aGUgbWVhc3VyZW1lbnQgbGlzdCBhY3Jvc3Mga2V4ZWMgaXMKPiA+IGZy ZWVkLgo+IAo+IEhtbSwgdGhpcyBpcyB3aHkgdGhlIHJlc2VydmVkIG1lbW9yeSBnZXRzIGZyZWVk LgoKWWVzCj4gCj4gV2hhdCBoYXBwZW5zIHRvIHN0dWZmIHRoYXQgaGFwcGVucyBiZXR3ZWVuIGtl eGVjLWxvYWQgYW5kIGJvb3Q/Cj4gVGhlcmUgaXMgYSBjb21tZW50Ogo+IHwgLyogc2VnbWVudCBz aXplIGNhbid0IGNoYW5nZSBiZXR3ZWVuIGtleGVjIGxvYWQgYW5kIGV4ZWN1dGUgKi8KClJpZ2h0 LCB0aGUgb3JpZ2luYWwgdmVyc2lvbiBhZGRyZXNzZWQgdGhpcywgYnV0IHdhcyBuaXhlZCBieSBF cmljLApzYXlpbmcgaXQgd2FzIHVubmVjZXNzYXJ5LiDCoFRoZSBjdXJyZW50IHZlcnNpb24gYWxs b2NhdGVzIG1vcmUgbWVtb3J5CnRoYW4gbmVlZGVkIHRvIGhvcGVmdWxseSBjb21wZW5zYXRlLsKg Cgo+IAo+IEJ1dCBJIGNhbid0IHNlZSBhbnl3aGVyZSB0aGF0IGVuZm9yY2VzIHRoYXQuIEkgZ3Vl c3MgdGhvc2UgbWVhc3VyZW1lbnRzIHdpbGwgZ28gbWlzc2luZywKPiBhbmQgdGhlIFRQTSB2YWx1 ZSB3aWxsIG5vdCBtYXRjaCBhZnRlciBrZXhlYy4KCk5vLCB0aGUga2V4ZWMgbG9hZCB3aWxsIHN1 Y2NlZWQsIGJ1dCBpZiB0aGVyZSBpc24ndCBlbm91Z2ggbWVtb3J5IHRvCnN0b3JlIHRoZSBtZWFz dXJlbWVudCBsaXN0LCB0aGUgZXhlYyBzaG91bGQgZmFpbC4KCk1pbWkKCgpfX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwprZXhlYyBtYWlsaW5nIGxpc3QKa2V4 ZWNAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFu L2xpc3RpbmZvL2tleGVjCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 001EFCA9EA0 for ; Fri, 25 Oct 2019 17:39:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C43912070B for ; Fri, 25 Oct 2019 17:39:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2502902AbfJYRjz (ORCPT ); Fri, 25 Oct 2019 13:39:55 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:14542 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2505866AbfJYRjz (ORCPT ); Fri, 25 Oct 2019 13:39:55 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x9PHapsi051284 for ; Fri, 25 Oct 2019 13:39:54 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0b-001b2d01.pphosted.com with ESMTP id 2vv3ck525w-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Oct 2019 13:39:53 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 25 Oct 2019 18:39:51 +0100 Received: from b06avi18878370.portsmouth.uk.ibm.com (9.149.26.194) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 25 Oct 2019 18:39:46 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x9PHdj5W21102994 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 25 Oct 2019 17:39:45 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9B407AE045; Fri, 25 Oct 2019 17:39:45 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D8A1AAE053; Fri, 25 Oct 2019 17:39:43 +0000 (GMT) Received: from dhcp-9-31-103-196.watson.ibm.com (unknown [9.31.103.196]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 25 Oct 2019 17:39:43 +0000 (GMT) Subject: Re: [PATCH V4 0/2] Add support for arm64 to carry ima measurement From: Mimi Zohar To: James Morse Cc: prsriva , Thiago Jung Bauermann , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, mark.rutland@arm.com, jean-philippe@linaro.org, arnd@arndb.de, takahiro.akashi@linaro.org, sboyd@kernel.org, catalin.marinas@arm.com, yamada.masahiro@socionext.com, duwe@lst.de, tglx@linutronix.de, allison@lohutok.net, ard.biesheuvel@linaro.org Date: Fri, 25 Oct 2019 13:39:43 -0400 In-Reply-To: <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> References: <20191011003600.22090-1-prsriva@linux.microsoft.com> <87d92514-e5e4-a79f-467f-f24a4ed279b6@arm.com> <0053eb68-0905-4679-c97a-00c5cb6f1abb@arm.com> <1571190256.5250.200.camel@linux.ibm.com> <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19102517-0020-0000-0000-0000037EA105 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19102517-0021-0000-0000-000021D4EF22 Message-Id: <1572025183.4532.34.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-10-25_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910250161 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Fri, 2019-10-25 at 18:07 +0100, James Morse wrote: > Hi Mimi, > > On 16/10/2019 02:44, Mimi Zohar wrote: > > On Tue, 2019-10-15 at 18:39 +0100, James Morse wrote: > >> If SecureBoot isn't relevant, I'm confused as to why kexec_file_load() is. > >> > >> I thought kexec_file_load() only existed because SecureBoot systems need to validate the > >> new OS images's signature before loading it, and we can't trust user-space calling Kexec > >> to do this. > >> > >> If there is no secure boot, why does this thing only work with kexec_file_load()? > >> (good news! With the UEFI memreseve table, it should work transparently with regular kexec > >> too) > > > I'm so sorry for the confusion.  IMA was originally limited to > > extending trusted boot concepts to the OS.  As of Linux 3.10, IMA > > added support for extending secure boot concepts and auditing file > > hashes (commit e7c568e0fd0cf). > > > > True, kexec_file_load is required for verifying the kexec kernel > > image, but it is also required for measuring the kexec kernel image as > > well. > > > > After reading the kernel image into memory (kernel_read_file_from_fd), > > the hash is calculated and then added to the IMA measurement list and > > used to extend the TPM.  All of this is based on the IMA policy, > > including the TPM PCR. > > Don't we get a set of segments with the regular kexec syscall? These could equally be > hashed and measured, and logged via IMA and/or extending the TPMs measurements. IMA works at the file level.  I'm not sure what it would mean to measure "segments". Originally, kexec_file_load read the KEXEC kernel image twice, once to calculate the file hash, and again to verify the signature.  Now kexec_file_load calls kernel_read_file_from_fd, which reads the file into memory, before IMA calculates the file buffer hash. > > (obviously this would include the command-line and maybe purgatory, which makes it less > predictable, but these are still the binary blobs that were given privileged access to the > system). > > > >>> I am not sure if i addressed all your concerns, please let me know > >>> if i missed anything. To me most concerns look to be towards the kexec case and dependency > >>> on hardware(ACPI/TPM) during boot and early boot services, where as carrying the logs is > >>> only during the kexec_file_load sys call and does not interfere with that code path. > >>> IMA documentation: https://sourceforge.net/p/linux-ima/wiki/Home/ > >> > >> Supporting ACPI in the same way is something we need to do from day one. kexec_file_load() > >> already does this. I'm not sure "only kexec_file_load()" is a justifiable restriction... > > > The TPM PCRs are not reset on a soft reboot.  As a result, in order to > > validate the IMA measurement list against the TPM PCRs, the IMA > > measurement list is saved on kexec load, restored on boot, and then > > the memory allocated for carrying the measurement list across kexec is > > freed. > > Hmm, this is why the reserved memory gets freed. Yes > > What happens to stuff that happens between kexec-load and boot? > There is a comment: > | /* segment size can't change between kexec load and execute */ Right, the original version addressed this, but was nixed by Eric, saying it was unnecessary.  The current version allocates more memory than needed to hopefully compensate.  > > But I can't see anywhere that enforces that. I guess those measurements will go missing, > and the TPM value will not match after kexec. No, the kexec load will succeed, but if there isn't enough memory to store the measurement list, the exec should fail. Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CD18CA9EA0 for ; Fri, 25 Oct 2019 17:40:04 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0840A2070B for ; Fri, 25 Oct 2019 17:40:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="YOW9qQM/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0840A2070B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Message-Id:Mime-Version:References: In-Reply-To:Date:To:From:Subject:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6UuGtTaVC1PYzutwAHyhR2Xf9h5t0RmAtsQSBgD3KcU=; b=YOW9qQM/XCN44n oxDweG4i4sYQ19/37eh7AdfGfk601kdBoPH67UUz7asauJAKz2GArIMNViXwiOFi4nP3ylEBCNLUy BfbXzZVS4GvHOephqJ6NqEyvFSw0xIlArDoKDzcA7pcj4yxGmelvQmeqv3VvwTenYUIkz6c10yBxK LwNjsbla2MzCbT50SE18GrrYRRGGZoVgc2ht7FEJti72TsV0nm5xk/zUuMrtFLosL091x6QFbZce2 Rel30wR6GA7xM8xTj24dbz1LM9zjlxE5ZrT0z0d3ZMCUCb0n0PLJQsdb2TLmOSpNQ65RRV5twEs5F fj5RUqDWCepG6DtY+xBQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iO3ZD-0003xM-B0; Fri, 25 Oct 2019 17:40:03 +0000 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iO3Z8-0003vM-KK for linux-arm-kernel@lists.infradead.org; Fri, 25 Oct 2019 17:40:00 +0000 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x9PHao05115458 for ; Fri, 25 Oct 2019 13:39:54 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2vv42u37b6-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Oct 2019 13:39:54 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 25 Oct 2019 18:39:51 +0100 Received: from b06avi18878370.portsmouth.uk.ibm.com (9.149.26.194) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 25 Oct 2019 18:39:46 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x9PHdj5W21102994 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 25 Oct 2019 17:39:45 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9B407AE045; Fri, 25 Oct 2019 17:39:45 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D8A1AAE053; Fri, 25 Oct 2019 17:39:43 +0000 (GMT) Received: from dhcp-9-31-103-196.watson.ibm.com (unknown [9.31.103.196]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 25 Oct 2019 17:39:43 +0000 (GMT) Subject: Re: [PATCH V4 0/2] Add support for arm64 to carry ima measurement From: Mimi Zohar To: James Morse Date: Fri, 25 Oct 2019 13:39:43 -0400 In-Reply-To: <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> References: <20191011003600.22090-1-prsriva@linux.microsoft.com> <87d92514-e5e4-a79f-467f-f24a4ed279b6@arm.com> <0053eb68-0905-4679-c97a-00c5cb6f1abb@arm.com> <1571190256.5250.200.camel@linux.ibm.com> <3879883b-8c27-df25-ce20-97ed7274dc80@arm.com> X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19102517-0020-0000-0000-0000037EA105 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19102517-0021-0000-0000-000021D4EF22 Message-Id: <1572025183.4532.34.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-25_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910250161 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191025_103958_672573_BC2CCCD2 X-CRM114-Status: GOOD ( 33.36 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, jean-philippe@linaro.org, arnd@arndb.de, yamada.masahiro@socionext.com, sboyd@kernel.org, catalin.marinas@arm.com, ard.biesheuvel@linaro.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, prsriva , takahiro.akashi@linaro.org, duwe@lst.de, Thiago Jung Bauermann , allison@lohutok.net, linux-integrity@vger.kernel.org, tglx@linutronix.de, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gRnJpLCAyMDE5LTEwLTI1IGF0IDE4OjA3ICswMTAwLCBKYW1lcyBNb3JzZSB3cm90ZToKPiBI aSBNaW1pLAo+IAo+IE9uIDE2LzEwLzIwMTkgMDI6NDQsIE1pbWkgWm9oYXIgd3JvdGU6Cj4gPiBP biBUdWUsIDIwMTktMTAtMTUgYXQgMTg6MzkgKzAxMDAsIEphbWVzIE1vcnNlIHdyb3RlOgo+ID4+ IElmIFNlY3VyZUJvb3QgaXNuJ3QgcmVsZXZhbnQsIEknbSBjb25mdXNlZCBhcyB0byB3aHkga2V4 ZWNfZmlsZV9sb2FkKCkgaXMuCj4gPj4KPiA+PiBJIHRob3VnaHQga2V4ZWNfZmlsZV9sb2FkKCkg b25seSBleGlzdGVkIGJlY2F1c2UgU2VjdXJlQm9vdCBzeXN0ZW1zIG5lZWQgdG8gdmFsaWRhdGUg dGhlCj4gPj4gbmV3IE9TIGltYWdlcydzIHNpZ25hdHVyZSBiZWZvcmUgbG9hZGluZyBpdCwgYW5k IHdlIGNhbid0IHRydXN0IHVzZXItc3BhY2UgY2FsbGluZyBLZXhlYwo+ID4+IHRvIGRvIHRoaXMu Cj4gPj4KPiA+PiBJZiB0aGVyZSBpcyBubyBzZWN1cmUgYm9vdCwgd2h5IGRvZXMgdGhpcyB0aGlu ZyBvbmx5IHdvcmsgd2l0aCBrZXhlY19maWxlX2xvYWQoKT8KPiA+PiAoZ29vZCBuZXdzISBXaXRo IHRoZSBVRUZJIG1lbXJlc2V2ZSB0YWJsZSwgaXQgc2hvdWxkIHdvcmsgdHJhbnNwYXJlbnRseSB3 aXRoIHJlZ3VsYXIga2V4ZWMKPiA+PiB0b28pCj4gCj4gPiBJJ20gc28gc29ycnkgZm9yIHRoZSBj b25mdXNpb24uIMKgSU1BIHdhcyBvcmlnaW5hbGx5IGxpbWl0ZWQgdG8KPiA+IGV4dGVuZGluZyB0 cnVzdGVkIGJvb3QgY29uY2VwdHMgdG8gdGhlIE9TLiDCoEFzIG9mIExpbnV4IDMuMTAsIElNQQo+ ID4gYWRkZWQgc3VwcG9ydCBmb3IgZXh0ZW5kaW5nIHNlY3VyZSBib290IGNvbmNlcHRzIGFuZCBh dWRpdGluZyBmaWxlCj4gPiBoYXNoZXMgKGNvbW1pdCBlN2M1NjhlMGZkMGNmKS4KPiA+IAo+ID4g VHJ1ZSwga2V4ZWNfZmlsZV9sb2FkIGlzIHJlcXVpcmVkIGZvciB2ZXJpZnlpbmcgdGhlIGtleGVj IGtlcm5lbAo+ID4gaW1hZ2UsIGJ1dCBpdCBpcyBhbHNvIHJlcXVpcmVkIGZvciBtZWFzdXJpbmcg dGhlIGtleGVjIGtlcm5lbCBpbWFnZSBhcwo+ID4gd2VsbC4KPiA+IAo+ID4gQWZ0ZXIgcmVhZGlu ZyB0aGUga2VybmVsIGltYWdlIGludG8gbWVtb3J5IChrZXJuZWxfcmVhZF9maWxlX2Zyb21fZmQp LAo+ID4gdGhlIGhhc2ggaXMgY2FsY3VsYXRlZCBhbmQgdGhlbiBhZGRlZCB0byB0aGUgSU1BIG1l YXN1cmVtZW50IGxpc3QgYW5kCj4gPiB1c2VkIHRvIGV4dGVuZCB0aGUgVFBNLiDCoEFsbCBvZiB0 aGlzIGlzIGJhc2VkIG9uIHRoZSBJTUEgcG9saWN5LAo+ID4gaW5jbHVkaW5nIHRoZSBUUE0gUENS Lgo+IAo+IERvbid0IHdlIGdldCBhIHNldCBvZiBzZWdtZW50cyB3aXRoIHRoZSByZWd1bGFyIGtl eGVjIHN5c2NhbGw/IFRoZXNlIGNvdWxkIGVxdWFsbHkgYmUKPiBoYXNoZWQgYW5kIG1lYXN1cmVk LCBhbmQgbG9nZ2VkIHZpYSBJTUEgYW5kL29yIGV4dGVuZGluZyB0aGUgVFBNcyBtZWFzdXJlbWVu dHMuCgpJTUEgd29ya3MgYXQgdGhlIGZpbGUgbGV2ZWwuIMKgSSdtIG5vdCBzdXJlIHdoYXQgaXQg d291bGQgbWVhbiB0bwptZWFzdXJlICJzZWdtZW50cyIuCgpPcmlnaW5hbGx5LCBrZXhlY19maWxl X2xvYWQgcmVhZCB0aGUgS0VYRUMga2VybmVsIGltYWdlIHR3aWNlLCBvbmNlIHRvCmNhbGN1bGF0 ZSB0aGUgZmlsZSBoYXNoLCBhbmQgYWdhaW4gdG8gdmVyaWZ5IHRoZSBzaWduYXR1cmUuIMKgTm93 CmtleGVjX2ZpbGVfbG9hZCBjYWxscyBrZXJuZWxfcmVhZF9maWxlX2Zyb21fZmQsIHdoaWNoIHJl YWRzIHRoZSBmaWxlCmludG8gbWVtb3J5LCBiZWZvcmUgSU1BIGNhbGN1bGF0ZXMgdGhlIGZpbGUg YnVmZmVyIGhhc2guCgo+IAo+IChvYnZpb3VzbHkgdGhpcyB3b3VsZCBpbmNsdWRlIHRoZSBjb21t YW5kLWxpbmUgYW5kIG1heWJlIHB1cmdhdG9yeSwgd2hpY2ggbWFrZXMgaXQgbGVzcwo+IHByZWRp Y3RhYmxlLCBidXQgdGhlc2UgYXJlIHN0aWxsIHRoZSBiaW5hcnkgYmxvYnMgdGhhdCB3ZXJlIGdp dmVuIHByaXZpbGVnZWQgYWNjZXNzIHRvIHRoZQo+IHN5c3RlbSkuCj4gCj4gCj4gPj4+IEkgYW0g bm90IHN1cmUgaWYgaSBhZGRyZXNzZWQgYWxsIHlvdXIgY29uY2VybnMsIHBsZWFzZSBsZXQgbWUg a25vdwo+ID4+PiBpZiBpIG1pc3NlZCBhbnl0aGluZy4gVG8gbWUgbW9zdCBjb25jZXJucyBsb29r IHRvIGJlIHRvd2FyZHMgdGhlIGtleGVjIGNhc2UgYW5kIGRlcGVuZGVuY3kKPiA+Pj4gb24gaGFy ZHdhcmUoQUNQSS9UUE0pIGR1cmluZyBib290IGFuZCBlYXJseSBib290IHNlcnZpY2VzLCB3aGVy ZSBhcyBjYXJyeWluZyB0aGUgbG9ncyBpcwo+ID4+PiBvbmx5IGR1cmluZyB0aGUga2V4ZWNfZmls ZV9sb2FkIHN5cyBjYWxsIGFuZCBkb2VzIG5vdCBpbnRlcmZlcmUgd2l0aCB0aGF0IGNvZGUgcGF0 aC4KPiA+Pj4gSU1BIGRvY3VtZW50YXRpb246IGh0dHBzOi8vc291cmNlZm9yZ2UubmV0L3AvbGlu dXgtaW1hL3dpa2kvSG9tZS8KPiA+Pgo+ID4+IFN1cHBvcnRpbmcgQUNQSSBpbiB0aGUgc2FtZSB3 YXkgaXMgc29tZXRoaW5nIHdlIG5lZWQgdG8gZG8gZnJvbSBkYXkgb25lLiBrZXhlY19maWxlX2xv YWQoKQo+ID4+IGFscmVhZHkgZG9lcyB0aGlzLiBJJ20gbm90IHN1cmUgIm9ubHkga2V4ZWNfZmls ZV9sb2FkKCkiIGlzIGEganVzdGlmaWFibGUgcmVzdHJpY3Rpb24uLi4KPiAKPiA+IFRoZSBUUE0g UENScyBhcmUgbm90IHJlc2V0IG9uIGEgc29mdCByZWJvb3QuIMKgQXMgYSByZXN1bHQsIGluIG9y ZGVyIHRvCj4gPiB2YWxpZGF0ZSB0aGUgSU1BIG1lYXN1cmVtZW50IGxpc3QgYWdhaW5zdCB0aGUg VFBNIFBDUnMsIHRoZSBJTUEKPiA+IG1lYXN1cmVtZW50IGxpc3QgaXMgc2F2ZWQgb24ga2V4ZWMg bG9hZCwgcmVzdG9yZWQgb24gYm9vdCwgYW5kIHRoZW4KPiA+IHRoZSBtZW1vcnkgYWxsb2NhdGVk IGZvciBjYXJyeWluZyB0aGUgbWVhc3VyZW1lbnQgbGlzdCBhY3Jvc3Mga2V4ZWMgaXMKPiA+IGZy ZWVkLgo+IAo+IEhtbSwgdGhpcyBpcyB3aHkgdGhlIHJlc2VydmVkIG1lbW9yeSBnZXRzIGZyZWVk LgoKWWVzCj4gCj4gV2hhdCBoYXBwZW5zIHRvIHN0dWZmIHRoYXQgaGFwcGVucyBiZXR3ZWVuIGtl eGVjLWxvYWQgYW5kIGJvb3Q/Cj4gVGhlcmUgaXMgYSBjb21tZW50Ogo+IHwgLyogc2VnbWVudCBz aXplIGNhbid0IGNoYW5nZSBiZXR3ZWVuIGtleGVjIGxvYWQgYW5kIGV4ZWN1dGUgKi8KClJpZ2h0 LCB0aGUgb3JpZ2luYWwgdmVyc2lvbiBhZGRyZXNzZWQgdGhpcywgYnV0IHdhcyBuaXhlZCBieSBF cmljLApzYXlpbmcgaXQgd2FzIHVubmVjZXNzYXJ5LiDCoFRoZSBjdXJyZW50IHZlcnNpb24gYWxs b2NhdGVzIG1vcmUgbWVtb3J5CnRoYW4gbmVlZGVkIHRvIGhvcGVmdWxseSBjb21wZW5zYXRlLsKg Cgo+IAo+IEJ1dCBJIGNhbid0IHNlZSBhbnl3aGVyZSB0aGF0IGVuZm9yY2VzIHRoYXQuIEkgZ3Vl c3MgdGhvc2UgbWVhc3VyZW1lbnRzIHdpbGwgZ28gbWlzc2luZywKPiBhbmQgdGhlIFRQTSB2YWx1 ZSB3aWxsIG5vdCBtYXRjaCBhZnRlciBrZXhlYy4KCk5vLCB0aGUga2V4ZWMgbG9hZCB3aWxsIHN1 Y2NlZWQsIGJ1dCBpZiB0aGVyZSBpc24ndCBlbm91Z2ggbWVtb3J5IHRvCnN0b3JlIHRoZSBtZWFz dXJlbWVudCBsaXN0LCB0aGUgZXhlYyBzaG91bGQgZmFpbC4KCk1pbWkKCgpfX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpsaW51eC1hcm0ta2VybmVsIG1haWxp bmcgbGlzdApsaW51eC1hcm0ta2VybmVsQGxpc3RzLmluZnJhZGVhZC5vcmcKaHR0cDovL2xpc3Rz LmluZnJhZGVhZC5vcmcvbWFpbG1hbi9saXN0aW5mby9saW51eC1hcm0ta2VybmVsCg==