All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
	zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com,
	dmitry.kasatkin@gmail.com, catalin.marinas@arm.com,
	will@kernel.org, clin@suse.com, x86@kernel.org, jlee@suse.com,
	linux-integrity@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 0/3] wire up IMA secure boot for arm64
Date: Mon,  2 Nov 2020 23:37:57 +0100	[thread overview]
Message-ID: <20201102223800.12181-1-ardb@kernel.org> (raw)

This is a follow-up to Chester's series [0] to enable IMA to the secure
boot state of arm64 platforms, which is EFI based.

This v4 implements the changes I suggested to Chester, in particular:
- disregard MokSbState when factoring out secure boot mode discovery
- turn the x86 IMA arch code into shared code for all architectures.

This reduces the final patch to a one liner enabling a Kconfig option
for arm64 when EFI is enabled.

Build tested only.

[0] https://lore.kernel.org/linux-arm-kernel/20201030060840.1810-1-clin@suse.com/

Cc: zohar@linux.ibm.com
Cc: jmorris@namei.org
Cc: serge@hallyn.com
Cc: dmitry.kasatkin@gmail.com
Cc: catalin.marinas@arm.com
Cc: will@kernel.org
Cc: clin@suse.com
Cc: x86@kernel.org
Cc: jlee@suse.com
Cc: linux-integrity@vger.kernel.org,
Cc: linux-arm-kernel@lists.infradead.org
  
Chester Lin (3):
  efi: generalize efi_get_secureboot
  ima: generalize x86/EFI arch glue for other EFI architectures
  arm64/ima: add ima_arch support

 arch/arm64/Kconfig                            |  1 +
 arch/x86/boot/compressed/Makefile             |  2 +-
 arch/x86/include/asm/efi.h                    |  3 ++
 arch/x86/kernel/Makefile                      |  2 -
 drivers/firmware/efi/libstub/efistub.h        |  2 +
 drivers/firmware/efi/libstub/secureboot.c     | 41 +++++++----------
 include/linux/efi.h                           | 23 +++++++++-
 security/integrity/ima/Makefile               |  4 ++
 .../integrity/ima/ima_efi.c                   | 45 +++++--------------
 9 files changed, 60 insertions(+), 63 deletions(-)
 rename arch/x86/kernel/ima_arch.c => security/integrity/ima/ima_efi.c (60%)

-- 
2.17.1


WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: jlee@suse.com, dmitry.kasatkin@gmail.com, x86@kernel.org,
	jmorris@namei.org, zohar@linux.ibm.com, clin@suse.com,
	catalin.marinas@arm.com, linux-integrity@vger.kernel.org,
	will@kernel.org, Ard Biesheuvel <ardb@kernel.org>,
	linux-arm-kernel@lists.infradead.org, serge@hallyn.com
Subject: [PATCH v4 0/3] wire up IMA secure boot for arm64
Date: Mon,  2 Nov 2020 23:37:57 +0100	[thread overview]
Message-ID: <20201102223800.12181-1-ardb@kernel.org> (raw)

This is a follow-up to Chester's series [0] to enable IMA to the secure
boot state of arm64 platforms, which is EFI based.

This v4 implements the changes I suggested to Chester, in particular:
- disregard MokSbState when factoring out secure boot mode discovery
- turn the x86 IMA arch code into shared code for all architectures.

This reduces the final patch to a one liner enabling a Kconfig option
for arm64 when EFI is enabled.

Build tested only.

[0] https://lore.kernel.org/linux-arm-kernel/20201030060840.1810-1-clin@suse.com/

Cc: zohar@linux.ibm.com
Cc: jmorris@namei.org
Cc: serge@hallyn.com
Cc: dmitry.kasatkin@gmail.com
Cc: catalin.marinas@arm.com
Cc: will@kernel.org
Cc: clin@suse.com
Cc: x86@kernel.org
Cc: jlee@suse.com
Cc: linux-integrity@vger.kernel.org,
Cc: linux-arm-kernel@lists.infradead.org
  
Chester Lin (3):
  efi: generalize efi_get_secureboot
  ima: generalize x86/EFI arch glue for other EFI architectures
  arm64/ima: add ima_arch support

 arch/arm64/Kconfig                            |  1 +
 arch/x86/boot/compressed/Makefile             |  2 +-
 arch/x86/include/asm/efi.h                    |  3 ++
 arch/x86/kernel/Makefile                      |  2 -
 drivers/firmware/efi/libstub/efistub.h        |  2 +
 drivers/firmware/efi/libstub/secureboot.c     | 41 +++++++----------
 include/linux/efi.h                           | 23 +++++++++-
 security/integrity/ima/Makefile               |  4 ++
 .../integrity/ima/ima_efi.c                   | 45 +++++--------------
 9 files changed, 60 insertions(+), 63 deletions(-)
 rename arch/x86/kernel/ima_arch.c => security/integrity/ima/ima_efi.c (60%)

-- 
2.17.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

             reply	other threads:[~2020-11-02 22:38 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-02 22:37 Ard Biesheuvel [this message]
2020-11-02 22:37 ` [PATCH v4 0/3] wire up IMA secure boot for arm64 Ard Biesheuvel
2020-11-02 22:37 ` [PATCH v4 1/3] efi: generalize efi_get_secureboot Ard Biesheuvel
2020-11-02 22:37   ` Ard Biesheuvel
2020-11-03 18:48   ` Mimi Zohar
2020-11-03 18:48     ` Mimi Zohar
2020-11-03 19:01     ` Ard Biesheuvel
2020-11-03 19:01       ` Ard Biesheuvel
2020-11-03 20:03       ` Mimi Zohar
2020-11-03 20:03         ` Mimi Zohar
2020-11-02 22:37 ` [PATCH v4 2/3] ima: generalize x86/EFI arch glue for other EFI architectures Ard Biesheuvel
2020-11-02 22:37   ` Ard Biesheuvel
2020-11-06  3:41   ` Chester Lin
2020-11-06  3:41     ` Chester Lin
2020-11-06  6:39     ` Ard Biesheuvel
2020-11-06  6:39       ` Ard Biesheuvel
2020-11-02 22:38 ` [PATCH v4 3/3] arm64/ima: add ima_arch support Ard Biesheuvel
2020-11-02 22:38   ` Ard Biesheuvel
2020-11-14 12:18   ` Catalin Marinas
2020-11-14 12:18     ` Catalin Marinas
2020-11-04 18:20 ` [PATCH v4 0/3] wire up IMA secure boot for arm64 Mimi Zohar
2020-11-04 18:20   ` Mimi Zohar
2020-11-04 18:50   ` Ard Biesheuvel
2020-11-04 18:50     ` Ard Biesheuvel
2020-11-04 19:03     ` Mimi Zohar
2020-11-04 19:03       ` Mimi Zohar
2020-11-04 19:12       ` Ard Biesheuvel
2020-11-04 19:12         ` Ard Biesheuvel
2020-11-04 19:55         ` Mimi Zohar
2020-11-04 19:55           ` Mimi Zohar
2020-11-05  7:55           ` Ard Biesheuvel
2020-11-05  7:55             ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201102223800.12181-1-ardb@kernel.org \
    --to=ardb@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=clin@suse.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=jlee@suse.com \
    --cc=jmorris@namei.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=will@kernel.org \
    --cc=x86@kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.