linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Rob Herring <robh@kernel.org>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: mark.rutland@arm.com, benh@kernel.crashing.org,
	bhsharma@redhat.com, tao.li@vivo.com, zohar@linux.ibm.com,
	paulus@samba.org, vincenzo.frascino@arm.com,
	frowand.list@gmail.com, sashal@kernel.org, mpe@ellerman.id.au,
	masahiroy@kernel.org, jmorris@namei.org,
	takahiro.akashi@linaro.org, linux-arm-kernel@lists.infradead.org,
	catalin.marinas@arm.com, serge@hallyn.com,
	devicetree@vger.kernel.org, pasha.tatashin@soleen.com,
	will@kernel.org, linuxppc-dev@vger.kernel.org,
	prsriva@linux.microsoft.com, hsinyi@chromium.org,
	allison@lohutok.net, christophe.leroy@c-s.fr, mbrugger@suse.com,
	balajib@linux.microsoft.com, dmitry.kasatkin@gmail.com,
	linux-kernel@vger.kernel.org, james.morse@arm.com,
	gregkh@linuxfoundation.org, linux-integrity@vger.kernel.org,
	bauerman@linux.ibm.com
Subject: Re: [PATCH v14 0/6] Carry forward IMA measurement log on kexec on ARM64
Date: Tue, 12 Jan 2021 08:42:48 -0600	[thread overview]
Message-ID: <20210112144248.GA256955@robh.at.kernel.org> (raw)
In-Reply-To: <20210104192602.10131-1-nramas@linux.microsoft.com>

On Mon, Jan 04, 2021 at 11:25:56AM -0800, Lakshmi Ramasubramanian wrote:
> On kexec file load Integrity Measurement Architecture (IMA) subsystem
> may verify the IMA signature of the kernel and initramfs, and measure
> it. The command line parameters passed to the kernel in the kexec call
> may also be measured by IMA. A remote attestation service can verify
> a TPM quote based on the TPM event log, the IMA measurement list, and
> the TPM PCR data. This can be achieved only if the IMA measurement log
> is carried over from the current kernel to the next kernel across
> the kexec call.
> 
> powerpc already supports carrying forward the IMA measurement log on
> kexec. This patch set adds support for carrying forward the IMA
> measurement log on kexec on ARM64. 
> 
> This patch set moves the platform independent code defined for powerpc
> such that it can be reused for other platforms as well. A chosen node
> "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold
> the address and the size of the memory reserved to carry
> the IMA measurement log.
> 
> This patch set has been tested for ARM64 platform using QEMU.
> I would like help from the community for testing this change on powerpc.
> Thanks.
> 
> This patch set is based on
> commit a29a64445089 ("powerpc: Use common of_kexec_setup_new_fdt()")
> in https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git
> "dt/kexec" branch.

This all looks good to me. I'd suggest you send the above patches out as 
part of this series because I don't plan to do so.

I would like to also resolve the vmalloc vs. kmalloc difference for 
allocating the FDT. Then we can further consolidate the DT kexec code. 

It all needs some acks from arm64 and powerpc maintainers. As far as 
merging, I think via the integrity tree makes the most sense.

Rob

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  parent reply	other threads:[~2021-01-12 14:44 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-04 19:25 [PATCH v14 0/6] Carry forward IMA measurement log on kexec on ARM64 Lakshmi Ramasubramanian
2021-01-04 19:25 ` [PATCH v14 1/6] ima: Move arch_ima_add_kexec_buffer() to ima Lakshmi Ramasubramanian
2021-01-04 19:25 ` [PATCH v14 2/6] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c Lakshmi Ramasubramanian
2021-01-13  2:14   ` Thiago Jung Bauermann
2021-01-04 19:25 ` [PATCH v14 3/6] kexec: Use fdt_appendprop_addrrange() to add ima buffer to FDT Lakshmi Ramasubramanian
2021-01-04 19:26 ` [PATCH v14 4/6] powerpc: Delete unused functions Lakshmi Ramasubramanian
2021-01-12 23:30   ` Mimi Zohar
2021-01-12 23:57     ` Lakshmi Ramasubramanian
2021-01-13  2:15   ` Thiago Jung Bauermann
2021-01-04 19:26 ` [PATCH v14 5/6] arm64: Free DTB buffer if fdt_open_into() fails Lakshmi Ramasubramanian
2021-01-04 19:26 ` [PATCH v14 6/6] arm64: Add IMA log information in kimage used for kexec Lakshmi Ramasubramanian
2021-01-12 23:28   ` Mimi Zohar
2021-01-12 23:54     ` Lakshmi Ramasubramanian
2021-01-13  2:16   ` Thiago Jung Bauermann
2021-01-12 14:42 ` Rob Herring [this message]
2021-01-12 18:05   ` [PATCH v14 0/6] Carry forward IMA measurement log on kexec on ARM64 Mimi Zohar
2021-01-12 18:24     ` Lakshmi Ramasubramanian
2021-01-12 18:45     ` Thiago Jung Bauermann
2021-01-12 18:23   ` Lakshmi Ramasubramanian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210112144248.GA256955@robh.at.kernel.org \
    --to=robh@kernel.org \
    --cc=allison@lohutok.net \
    --cc=balajib@linux.microsoft.com \
    --cc=bauerman@linux.ibm.com \
    --cc=benh@kernel.crashing.org \
    --cc=bhsharma@redhat.com \
    --cc=catalin.marinas@arm.com \
    --cc=christophe.leroy@c-s.fr \
    --cc=devicetree@vger.kernel.org \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=frowand.list@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hsinyi@chromium.org \
    --cc=james.morse@arm.com \
    --cc=jmorris@namei.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=masahiroy@kernel.org \
    --cc=mbrugger@suse.com \
    --cc=mpe@ellerman.id.au \
    --cc=nramas@linux.microsoft.com \
    --cc=pasha.tatashin@soleen.com \
    --cc=paulus@samba.org \
    --cc=prsriva@linux.microsoft.com \
    --cc=sashal@kernel.org \
    --cc=serge@hallyn.com \
    --cc=takahiro.akashi@linaro.org \
    --cc=tao.li@vivo.com \
    --cc=vincenzo.frascino@arm.com \
    --cc=will@kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).