From: Mimi Zohar <zohar@linux.ibm.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Kerr <jk@ozlabs.org>, Eric Ricther <erichte@linux.ibm.com>,
"Oliver O'Halloran" <oohall@gmail.com>,
Nayna Jain <nayna@linux.ibm.com>
Subject: Re: [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies
Date: Mon, 09 Dec 2019 16:36:56 -0500 [thread overview]
Message-ID: <1575927416.4557.25.camel@linux.ibm.com> (raw)
In-Reply-To: <5254346f-4ba7-c820-e127-d46b84f2e6e6@linux.microsoft.com>
On Mon, 2019-12-09 at 12:27 -0800, Lakshmi Ramasubramanian wrote:
> Hi Mimi,
>
> On 10/30/2019 8:31 PM, Mimi Zohar wrote:
>
> > This patchset extends the previous version[1] by adding support for
> > checking against a blacklist of binary hashes.
> >
> > The IMA subsystem supports custom, built-in, arch-specific policies to
> > define the files to be measured and appraised. These policies are honored
> > based on priority, where arch-specific policy is the highest and custom
> > is the lowest.
>
> Has this change been signed off and merged for the next update of the
> kernel (v5.5)?
Yes, refer to the linuxppc mailing list archives.
Mimi
[1] https://lists.ozlabs.org/pipermail/linuxppc-dev/
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Eric Ricther <erichte@linux.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>,
linux-kernel@vger.kernel.org, Paul Mackerras <paulus@samba.org>,
Jeremy Kerr <jk@ozlabs.org>, Oliver O'Halloran <oohall@gmail.com>
Subject: Re: [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies
Date: Mon, 09 Dec 2019 16:36:56 -0500 [thread overview]
Message-ID: <1575927416.4557.25.camel@linux.ibm.com> (raw)
In-Reply-To: <5254346f-4ba7-c820-e127-d46b84f2e6e6@linux.microsoft.com>
On Mon, 2019-12-09 at 12:27 -0800, Lakshmi Ramasubramanian wrote:
> Hi Mimi,
>
> On 10/30/2019 8:31 PM, Mimi Zohar wrote:
>
> > This patchset extends the previous version[1] by adding support for
> > checking against a blacklist of binary hashes.
> >
> > The IMA subsystem supports custom, built-in, arch-specific policies to
> > define the files to be measured and appraised. These policies are honored
> > based on priority, where arch-specific policy is the highest and custom
> > is the lowest.
>
> Has this change been signed off and merged for the next update of the
> kernel (v5.5)?
Yes, refer to the linuxppc mailing list archives.
Mimi
[1] https://lists.ozlabs.org/pipermail/linuxppc-dev/
next prev parent reply other threads:[~2019-12-09 21:37 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-31 3:31 [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-10-31 3:31 ` [PATCH v10 1/9] powerpc: detect the secure boot mode of the system Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-05 5:14 ` Eric Richter
2019-11-05 5:14 ` Eric Richter
2019-11-05 23:00 ` [PATCH v10a " Eric Richter
2019-11-05 23:00 ` Eric Richter
2019-11-14 9:08 ` Michael Ellerman
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [PATCH v10 2/9] powerpc/ima: add support to initialize ima policy rules Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [PATCH v10 3/9] powerpc: detect the trusted boot state of the system Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-05 23:02 ` [PATCH v10a " Eric Richter
2019-11-05 23:02 ` Eric Richter
2019-11-14 9:08 ` Michael Ellerman
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [PATCH v10 4/9] powerpc/ima: define trusted boot policy Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [PATCH v10 5/9] ima: make process_buffer_measurement() generic Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-10-31 17:02 ` Lakshmi Ramasubramanian
2019-10-31 17:02 ` Lakshmi Ramasubramanian
2019-10-31 17:22 ` Lakshmi Ramasubramanian
2019-10-31 17:22 ` Lakshmi Ramasubramanian
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [PATCH v10 6/9] certs: add wrapper function to check blacklisted binary hash Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [PATCH v10 7/9] ima: check against blacklisted hashes for files with modsig Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-14 9:08 ` Michael Ellerman
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [PATCH v10 8/9] powerpc/ima: update ima arch policy to check for blacklist Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-14 9:08 ` Michael Ellerman
2019-11-14 9:08 ` Michael Ellerman
2019-10-31 3:31 ` [RFC PATCH v10 9/9] powerpc/ima: indicate kernel modules appended signatures are enforced Mimi Zohar
2019-10-31 3:31 ` Mimi Zohar
2019-11-14 9:08 ` Michael Ellerman
2019-11-14 9:08 ` Michael Ellerman
2019-12-09 20:27 ` [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies Lakshmi Ramasubramanian
2019-12-09 20:27 ` Lakshmi Ramasubramanian
2019-12-09 21:36 ` Mimi Zohar [this message]
2019-12-09 21:36 ` Mimi Zohar
[not found] ` <3322befc-d1b9-41cf-aabf-0259fe3adb2b@linux.microsoft.com>
2019-12-09 23:33 ` Verified the key measurement patches in v5.5-rc1 Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1575927416.4557.25.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=erichte@linux.ibm.com \
--cc=jk@ozlabs.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=nramas@linux.microsoft.com \
--cc=oohall@gmail.com \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.