From: Michael Ellerman <mpe@ellerman.id.au>
To: Nayna Jain <nayna@linux.ibm.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Kerr <jk@ozlabs.org>,
Matthew Garret <matthew.garret@nebula.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
George Wilson <gcwilson@linux.ibm.com>,
Elaine Palmer <erpalmer@us.ibm.com>,
Eric Ricther <erichte@linux.ibm.com>,
Oliver O'Halloran <oohall@gmail.com>,
Nayna Jain <nayna@linux.ibm.com>
Subject: Re: [PATCH v7 3/8] powerpc: detect the trusted boot state of the system
Date: Tue, 15 Oct 2019 21:23:19 +1100 [thread overview]
Message-ID: <877e56ux2g.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <1570497267-13672-4-git-send-email-nayna@linux.ibm.com>
Nayna Jain <nayna@linux.ibm.com> writes:
> PowerNV systems enables the IMA measurement rules only if the
> trusted boot is enabled on the system.
That confused me a lot. But the key is the distinction between appraisal
rules vs measurement rules, right?
I think it would be clearer if it was phrased as a positive statement, eg:
On PowerNV systems when trusted boot is enabled, additional IMA rules
are enabled to implement measurement.
Or something like that.
> This patch adds the function to detect if the system has trusted
> boot enabled.
It would probably help people to briefly explain the difference between
secure vs trusted boot.
> diff --git a/arch/powerpc/include/asm/secure_boot.h b/arch/powerpc/include/asm/secure_boot.h
> index 23d2ef2f1f7b..ecd08515e301 100644
> --- a/arch/powerpc/include/asm/secure_boot.h
> +++ b/arch/powerpc/include/asm/secure_boot.h
> @@ -12,6 +12,7 @@
>
> bool is_powerpc_os_secureboot_enabled(void);
> struct device_node *get_powerpc_os_sb_node(void);
> +bool is_powerpc_trustedboot_enabled(void);
>
> #else
>
> @@ -25,5 +26,10 @@ static inline struct device_node *get_powerpc_os_sb_node(void)
> return NULL;
> }
>
> +static inline bool is_powerpc_os_trustedboot_enabled(void)
That has an extra "_os" in it.
> +{
> + return false;
> +}
> +
> #endif
> #endif
> diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c
> index 0488dbcab6b9..9d5ac1b39e46 100644
> --- a/arch/powerpc/kernel/secure_boot.c
> +++ b/arch/powerpc/kernel/secure_boot.c
> @@ -7,6 +7,27 @@
> #include <linux/of.h>
> #include <asm/secure_boot.h>
>
> +static const char * const fwsecureboot_compat[] = {
> + "ibm,secureboot-v1",
> + "ibm,secureboot-v2",
> + NULL,
> +};
> +
> +static struct device_node *get_powerpc_fw_sb_node(void)
> +{
> + struct device_node *node;
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(fwsecureboot_compat); ++i) {
> + node = of_find_compatible_node(NULL, NULL,
> + fwsecureboot_compat[i]);
> + if (node)
> + return node;
> + }
> +
> + return NULL;
> +}
You shouldn't need to do that by hand, instead use
of_find_matching_node(), eg:
static struct device_node *get_powerpc_fw_sb_node(void)
{
static const struct of_device_id ids[] = {
{ .compatible = "ibm,secureboot-v1", },
{ .compatible = "ibm,secureboot-v2", },
{},
};
return of_find_matching_node(NULL, ids);
}
> @@ -40,3 +61,17 @@ bool is_powerpc_os_secureboot_enabled(void)
> pr_info("secureboot mode disabled\n");
> return false;
> }
> +
> +bool is_powerpc_trustedboot_enabled(void)
> +{
> + struct device_node *node;
> +
> + node = get_powerpc_fw_sb_node();
> + if (node && (of_find_property(node, "trusted-enabled", NULL))) {
Again this can use of_property_read_bool(), which copes with a NULL node
also, so just:
+ if (of_property_read_bool(node, "trusted-enabled"))) {
> + pr_info("trustedboot mode enabled\n");
> + return true;
> + }
> +
> + pr_info("trustedboot mode disabled\n");
> + return false;
> +}
> --
> 2.20.1
cheers
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: Nayna Jain <nayna@linux.ibm.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Eric Ricther <erichte@linux.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>,
linux-kernel@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
Matthew Garret <matthew.garret@nebula.com>,
Paul Mackerras <paulus@samba.org>, Jeremy Kerr <jk@ozlabs.org>,
Elaine Palmer <erpalmer@us.ibm.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Oliver O'Halloran <oohall@gmail.com>,
George Wilson <gcwilson@linux.ibm.com>
Subject: Re: [PATCH v7 3/8] powerpc: detect the trusted boot state of the system
Date: Tue, 15 Oct 2019 21:23:19 +1100 [thread overview]
Message-ID: <877e56ux2g.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <1570497267-13672-4-git-send-email-nayna@linux.ibm.com>
Nayna Jain <nayna@linux.ibm.com> writes:
> PowerNV systems enables the IMA measurement rules only if the
> trusted boot is enabled on the system.
That confused me a lot. But the key is the distinction between appraisal
rules vs measurement rules, right?
I think it would be clearer if it was phrased as a positive statement, eg:
On PowerNV systems when trusted boot is enabled, additional IMA rules
are enabled to implement measurement.
Or something like that.
> This patch adds the function to detect if the system has trusted
> boot enabled.
It would probably help people to briefly explain the difference between
secure vs trusted boot.
> diff --git a/arch/powerpc/include/asm/secure_boot.h b/arch/powerpc/include/asm/secure_boot.h
> index 23d2ef2f1f7b..ecd08515e301 100644
> --- a/arch/powerpc/include/asm/secure_boot.h
> +++ b/arch/powerpc/include/asm/secure_boot.h
> @@ -12,6 +12,7 @@
>
> bool is_powerpc_os_secureboot_enabled(void);
> struct device_node *get_powerpc_os_sb_node(void);
> +bool is_powerpc_trustedboot_enabled(void);
>
> #else
>
> @@ -25,5 +26,10 @@ static inline struct device_node *get_powerpc_os_sb_node(void)
> return NULL;
> }
>
> +static inline bool is_powerpc_os_trustedboot_enabled(void)
That has an extra "_os" in it.
> +{
> + return false;
> +}
> +
> #endif
> #endif
> diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c
> index 0488dbcab6b9..9d5ac1b39e46 100644
> --- a/arch/powerpc/kernel/secure_boot.c
> +++ b/arch/powerpc/kernel/secure_boot.c
> @@ -7,6 +7,27 @@
> #include <linux/of.h>
> #include <asm/secure_boot.h>
>
> +static const char * const fwsecureboot_compat[] = {
> + "ibm,secureboot-v1",
> + "ibm,secureboot-v2",
> + NULL,
> +};
> +
> +static struct device_node *get_powerpc_fw_sb_node(void)
> +{
> + struct device_node *node;
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(fwsecureboot_compat); ++i) {
> + node = of_find_compatible_node(NULL, NULL,
> + fwsecureboot_compat[i]);
> + if (node)
> + return node;
> + }
> +
> + return NULL;
> +}
You shouldn't need to do that by hand, instead use
of_find_matching_node(), eg:
static struct device_node *get_powerpc_fw_sb_node(void)
{
static const struct of_device_id ids[] = {
{ .compatible = "ibm,secureboot-v1", },
{ .compatible = "ibm,secureboot-v2", },
{},
};
return of_find_matching_node(NULL, ids);
}
> @@ -40,3 +61,17 @@ bool is_powerpc_os_secureboot_enabled(void)
> pr_info("secureboot mode disabled\n");
> return false;
> }
> +
> +bool is_powerpc_trustedboot_enabled(void)
> +{
> + struct device_node *node;
> +
> + node = get_powerpc_fw_sb_node();
> + if (node && (of_find_property(node, "trusted-enabled", NULL))) {
Again this can use of_property_read_bool(), which copes with a NULL node
also, so just:
+ if (of_property_read_bool(node, "trusted-enabled"))) {
> + pr_info("trustedboot mode enabled\n");
> + return true;
> + }
> +
> + pr_info("trustedboot mode disabled\n");
> + return false;
> +}
> --
> 2.20.1
cheers
next prev parent reply other threads:[~2019-10-15 10:23 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-08 1:14 [PATCH v7 0/8] powerpc: Enabling IMA arch specific secure boot policies Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-08 1:14 ` [PATCH v7 1/8] powerpc: detect the secure boot mode of the system Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-15 11:30 ` Michael Ellerman
2019-10-15 11:30 ` Michael Ellerman
2019-10-08 1:14 ` [PATCH v7 2/8] powerpc: add support to initialize ima policy rules Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-11 13:12 ` Mimi Zohar
2019-10-11 13:12 ` Mimi Zohar
2019-10-15 9:59 ` Michael Ellerman
2019-10-15 9:59 ` Michael Ellerman
2019-10-15 11:29 ` Michael Ellerman
2019-10-15 11:29 ` Michael Ellerman
2019-10-17 12:58 ` Nayna
2019-10-17 12:58 ` Nayna
2019-10-08 1:14 ` [PATCH v7 3/8] powerpc: detect the trusted boot state of the system Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-15 10:23 ` Michael Ellerman [this message]
2019-10-15 10:23 ` Michael Ellerman
2019-10-08 1:14 ` [PATCH v7 4/8] powerpc/ima: add measurement rules to ima arch specific policy Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-15 11:29 ` Michael Ellerman
2019-10-15 11:29 ` Michael Ellerman
2019-10-19 18:27 ` Nayna
2019-10-19 18:27 ` Nayna
2019-10-08 1:14 ` [PATCH v7 5/8] ima: make process_buffer_measurement() generic Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-11 13:14 ` Mimi Zohar
2019-10-11 13:14 ` Mimi Zohar
2019-10-08 1:14 ` [PATCH v7 6/8] certs: add wrapper function to check blacklisted binary hash Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-11 13:18 ` Mimi Zohar
2019-10-11 13:18 ` Mimi Zohar
2019-10-08 1:14 ` [PATCH v7 7/8] ima: check against blacklisted hashes for files with modsig Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-11 13:19 ` Mimi Zohar
2019-10-11 13:19 ` Mimi Zohar
2019-10-19 18:30 ` Nayna
2019-10-19 18:30 ` Nayna
2019-10-08 1:14 ` [PATCH v7 8/8] powerpc/ima: update ima arch policy to check for blacklist Nayna Jain
2019-10-08 1:14 ` Nayna Jain
2019-10-11 13:19 ` Mimi Zohar
2019-10-11 13:19 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877e56ux2g.fsf@mpe.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=cclaudio@linux.ibm.com \
--cc=erichte@linux.ibm.com \
--cc=erpalmer@us.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jk@ozlabs.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=matthew.garret@nebula.com \
--cc=nayna@linux.ibm.com \
--cc=oohall@gmail.com \
--cc=paulus@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.