From: Rob Herring <robh@kernel.org>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: kexec@lists.infradead.org, mpe@ellerman.id.au,
devicetree@vger.kernel.org,
Eric Biederman <ebiederm@xmission.com>,
Nageswara R Sastry <rnsastry@linux.ibm.com>,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
nayna@linux.ibm.com, nasastry@in.ibm.com,
Frank Rowand <frowand.list@gmail.com>,
Rob Herring <robh+dt@kernel.org>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v7 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Date: Mon, 22 Aug 2022 12:59:24 -0500 [thread overview]
Message-ID: <20220822175924.GA62553-robh@kernel.org> (raw)
In-Reply-To: <20220812164305.2056641-7-stefanb@linux.ibm.com>
On Fri, 12 Aug 2022 12:43:05 -0400, Stefan Berger wrote:
> The memory area of the TPM measurement log is currently not properly
> duplicated for carrying it across kexec when an Open Firmware
> Devicetree is used. Therefore, the contents of the log get corrupted.
> Fix this for the kexec_file_load() syscall by allocating a buffer and
> copying the contents of the existing log into it. The new buffer is
> preserved across the kexec and a pointer to it is available when the new
> kernel is started. To achieve this, store the allocated buffer's address
> in the flattened device tree (fdt) under the name linux,tpm-kexec-buffer
> and search for this entry early in the kernel startup before the TPM
> subsystem starts up. Adjust the pointer in the of-tree stored under
> linux,sml-base to point to this buffer holding the preserved log. The TPM
> driver can then read the base address from this entry when making the log
> available. Invalidate the log by removing 'linux,sml-base' from the
> devicetree if anything goes wrong with updating the buffer.
>
> Use subsys_initcall() to call the function to restore the buffer even if
> the TPM subsystem or driver are not used. This allows the buffer to be
> carried across the next kexec without involvement of the TPM subsystem
> and ensures a valid buffer pointed to by the of-tree.
>
> Use the subsys_initcall(), rather than an ealier initcall, since
> page_is_ram() in get_kexec_buffer() only starts working at this stage.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Frank Rowand <frowand.list@gmail.com>
> Cc: Eric Biederman <ebiederm@xmission.com>
> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
>
> ---
> v6:
> - Define prototype for tpm_add_kexec_buffer under same config options
> as drivers/of/kexec.c is compiled, provide inline function otherwise.
> (kernel test robot)
>
> v4:
> - Added #include <linux/vmalloc.h> due to parisc
> - Use phys_addr_t for physical address rather than void *
> - Remove linux,sml-base if the buffer cannot be updated after a kexec
> - Added __init to functions where possible
> ---
> drivers/of/kexec.c | 216 +++++++++++++++++++++++++++++++++++++++++-
> include/linux/kexec.h | 6 ++
> include/linux/of.h | 9 +-
> kernel/kexec_file.c | 6 ++
> 4 files changed, 234 insertions(+), 3 deletions(-)
>
Reviewed-by: Rob Herring <robh@kernel.org>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Rob Herring <robh@kernel.org>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: kexec@lists.infradead.org, mpe@ellerman.id.au,
devicetree@vger.kernel.org,
Eric Biederman <ebiederm@xmission.com>,
Nageswara R Sastry <rnsastry@linux.ibm.com>,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
nayna@linux.ibm.com, nasastry@in.ibm.com,
Frank Rowand <frowand.list@gmail.com>,
Rob Herring <robh+dt@kernel.org>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v7 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Date: Mon, 22 Aug 2022 12:59:24 -0500 [thread overview]
Message-ID: <20220822175924.GA62553-robh@kernel.org> (raw)
In-Reply-To: <20220812164305.2056641-7-stefanb@linux.ibm.com>
On Fri, 12 Aug 2022 12:43:05 -0400, Stefan Berger wrote:
> The memory area of the TPM measurement log is currently not properly
> duplicated for carrying it across kexec when an Open Firmware
> Devicetree is used. Therefore, the contents of the log get corrupted.
> Fix this for the kexec_file_load() syscall by allocating a buffer and
> copying the contents of the existing log into it. The new buffer is
> preserved across the kexec and a pointer to it is available when the new
> kernel is started. To achieve this, store the allocated buffer's address
> in the flattened device tree (fdt) under the name linux,tpm-kexec-buffer
> and search for this entry early in the kernel startup before the TPM
> subsystem starts up. Adjust the pointer in the of-tree stored under
> linux,sml-base to point to this buffer holding the preserved log. The TPM
> driver can then read the base address from this entry when making the log
> available. Invalidate the log by removing 'linux,sml-base' from the
> devicetree if anything goes wrong with updating the buffer.
>
> Use subsys_initcall() to call the function to restore the buffer even if
> the TPM subsystem or driver are not used. This allows the buffer to be
> carried across the next kexec without involvement of the TPM subsystem
> and ensures a valid buffer pointed to by the of-tree.
>
> Use the subsys_initcall(), rather than an ealier initcall, since
> page_is_ram() in get_kexec_buffer() only starts working at this stage.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Frank Rowand <frowand.list@gmail.com>
> Cc: Eric Biederman <ebiederm@xmission.com>
> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
>
> ---
> v6:
> - Define prototype for tpm_add_kexec_buffer under same config options
> as drivers/of/kexec.c is compiled, provide inline function otherwise.
> (kernel test robot)
>
> v4:
> - Added #include <linux/vmalloc.h> due to parisc
> - Use phys_addr_t for physical address rather than void *
> - Remove linux,sml-base if the buffer cannot be updated after a kexec
> - Added __init to functions where possible
> ---
> drivers/of/kexec.c | 216 +++++++++++++++++++++++++++++++++++++++++-
> include/linux/kexec.h | 6 ++
> include/linux/of.h | 9 +-
> kernel/kexec_file.c | 6 ++
> 4 files changed, 234 insertions(+), 3 deletions(-)
>
Reviewed-by: Rob Herring <robh@kernel.org>
WARNING: multiple messages have this Message-ID (diff)
From: Rob Herring <robh@kernel.org>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: devicetree@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
Nageswara R Sastry <rnsastry@linux.ibm.com>,
nayna@linux.ibm.com, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org, Rob Herring <robh+dt@kernel.org>,
nasastry@in.ibm.com, Eric Biederman <ebiederm@xmission.com>,
linux-integrity@vger.kernel.org,
Frank Rowand <frowand.list@gmail.com>
Subject: Re: [PATCH v7 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Date: Mon, 22 Aug 2022 12:59:24 -0500 [thread overview]
Message-ID: <20220822175924.GA62553-robh@kernel.org> (raw)
In-Reply-To: <20220812164305.2056641-7-stefanb@linux.ibm.com>
On Fri, 12 Aug 2022 12:43:05 -0400, Stefan Berger wrote:
> The memory area of the TPM measurement log is currently not properly
> duplicated for carrying it across kexec when an Open Firmware
> Devicetree is used. Therefore, the contents of the log get corrupted.
> Fix this for the kexec_file_load() syscall by allocating a buffer and
> copying the contents of the existing log into it. The new buffer is
> preserved across the kexec and a pointer to it is available when the new
> kernel is started. To achieve this, store the allocated buffer's address
> in the flattened device tree (fdt) under the name linux,tpm-kexec-buffer
> and search for this entry early in the kernel startup before the TPM
> subsystem starts up. Adjust the pointer in the of-tree stored under
> linux,sml-base to point to this buffer holding the preserved log. The TPM
> driver can then read the base address from this entry when making the log
> available. Invalidate the log by removing 'linux,sml-base' from the
> devicetree if anything goes wrong with updating the buffer.
>
> Use subsys_initcall() to call the function to restore the buffer even if
> the TPM subsystem or driver are not used. This allows the buffer to be
> carried across the next kexec without involvement of the TPM subsystem
> and ensures a valid buffer pointed to by the of-tree.
>
> Use the subsys_initcall(), rather than an ealier initcall, since
> page_is_ram() in get_kexec_buffer() only starts working at this stage.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Frank Rowand <frowand.list@gmail.com>
> Cc: Eric Biederman <ebiederm@xmission.com>
> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
>
> ---
> v6:
> - Define prototype for tpm_add_kexec_buffer under same config options
> as drivers/of/kexec.c is compiled, provide inline function otherwise.
> (kernel test robot)
>
> v4:
> - Added #include <linux/vmalloc.h> due to parisc
> - Use phys_addr_t for physical address rather than void *
> - Remove linux,sml-base if the buffer cannot be updated after a kexec
> - Added __init to functions where possible
> ---
> drivers/of/kexec.c | 216 +++++++++++++++++++++++++++++++++++++++++-
> include/linux/kexec.h | 6 ++
> include/linux/of.h | 9 +-
> kernel/kexec_file.c | 6 ++
> 4 files changed, 234 insertions(+), 3 deletions(-)
>
Reviewed-by: Rob Herring <robh@kernel.org>
next prev parent reply other threads:[~2022-08-22 17:59 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-12 16:42 [PATCH v7 0/6] tpm: Preserve TPM measurement log across kexec (ppc64) Stefan Berger
2022-08-12 16:42 ` Stefan Berger
2022-08-12 16:42 ` Stefan Berger
2022-08-12 16:43 ` [PATCH v7 1/6] of: check previous kernel's ima-kexec-buffer against memory bounds Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` [PATCH v7 2/6] drivers: of: kexec ima: Support 32-bit platforms Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` [PATCH v7 3/6] x86/kexec: Carry forward IMA measurement log on kexec Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 17:10 ` Borislav Petkov
2022-08-12 17:10 ` Borislav Petkov
2022-08-12 17:10 ` Borislav Petkov
2022-08-12 17:14 ` Stefan Berger
2022-08-12 17:14 ` Stefan Berger
2022-08-12 17:14 ` Stefan Berger
2022-08-12 18:28 ` Borislav Petkov
2022-08-12 18:28 ` Borislav Petkov
2022-08-12 18:28 ` Borislav Petkov
2022-08-12 16:43 ` [PATCH v7 4/6] tpm: of: Make of-tree specific function commonly available Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-14 19:16 ` Jarkko Sakkinen
2022-08-14 19:16 ` Jarkko Sakkinen
2022-08-14 19:16 ` Jarkko Sakkinen
2022-08-14 19:16 ` Jarkko Sakkinen
2022-08-14 19:16 ` Jarkko Sakkinen
2022-08-14 19:16 ` Jarkko Sakkinen
2022-08-12 16:43 ` [PATCH v7 5/6] of: kexec: Refactor IMA buffer related functions to make them reusable Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` [PATCH v7 6/6] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-12 16:43 ` Stefan Berger
2022-08-22 17:59 ` Rob Herring [this message]
2022-08-22 17:59 ` Rob Herring
2022-08-22 17:59 ` Rob Herring
2022-08-15 6:48 ` [PATCH v7 0/6] tpm: Preserve TPM measurement log across kexec (ppc64) Coiby Xu
2022-08-15 6:48 ` Coiby Xu
2022-08-15 6:48 ` Coiby Xu
2022-08-15 6:53 ` Coiby Xu
2022-08-15 6:53 ` Coiby Xu
2022-08-15 6:53 ` Coiby Xu
2022-08-15 13:32 ` Stefan Berger
2022-08-15 13:32 ` Stefan Berger
2022-08-15 13:32 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220822175924.GA62553-robh@kernel.org \
--to=robh@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=ebiederm@xmission.com \
--cc=frowand.list@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=nasastry@in.ibm.com \
--cc=nayna@linux.ibm.com \
--cc=rnsastry@linux.ibm.com \
--cc=robh+dt@kernel.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.