* [PATCH] ima_kexec.sh: Detect kernel image from BOOT_IMAGE from /proc/cmdline
@ 2025-02-24 17:11 Petr Vorel
2025-03-04 8:45 ` Petr Vorel
0 siblings, 1 reply; 2+ messages in thread
From: Petr Vorel @ 2025-02-24 17:11 UTC (permalink / raw)
To: ltp; +Cc: Petr Vorel, Mimi Zohar, linux-integrity
Default value was suitable only for x86_64. This helps to use other
archs on distros which set $BOOT_IMAGE.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
NOTE: this will not help for non-x86_64 archs on distros which don't
specify BOOT_IMAGE on kernel command line (e.g. aarch64 or ppc64le).
But unless I get report it's needed I'm not going to do detection based
on 'uname -m' or 'ls /boot/*linu*-$(uname -r) | head -1'.
.../security/integrity/ima/tests/ima_kexec.sh | 23 ++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
index 5d178494b7..9093ba2d64 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
@@ -42,11 +42,32 @@ measure()
setup()
{
- tst_res TINFO "using kernel $IMA_KEXEC_IMAGE"
+ local arch
+
+ if [ ! -f "$IMA_KEXEC_IMAGE" ]; then
+ for arg in $(cat /proc/cmdline); do
+ if echo "$arg" |grep -q '^BOOT_IMAGE'; then
+ eval "$arg"
+ fi
+ done
+
+ tst_res TINFO "using as kernel BOOT_IMAGE from /proc/cmdline: '$BOOT_IMAGE'"
+
+ # replace grub partition, e.g. (hd0,gpt2) => /boot
+ if echo "$BOOT_IMAGE" |grep -q '(.d[0-9]'; then
+ echo "$BOOT_IMAGE" | sed 's|(.*,.*)/|/boot/|'
+ fi
+
+ if [ -f "$BOOT_IMAGE" ]; then
+ IMA_KEXEC_IMAGE="$BOOT_IMAGE"
+ fi
+ fi
if [ ! -f "$IMA_KEXEC_IMAGE" ]; then
tst_brk TCONF "kernel image not found, specify path in \$IMA_KEXEC_IMAGE"
fi
+
+ tst_res TINFO "using kernel $IMA_KEXEC_IMAGE"
}
kexec_failure_hint()
--
2.47.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ima_kexec.sh: Detect kernel image from BOOT_IMAGE from /proc/cmdline
2025-02-24 17:11 [PATCH] ima_kexec.sh: Detect kernel image from BOOT_IMAGE from /proc/cmdline Petr Vorel
@ 2025-03-04 8:45 ` Petr Vorel
0 siblings, 0 replies; 2+ messages in thread
From: Petr Vorel @ 2025-03-04 8:45 UTC (permalink / raw)
To: ltp; +Cc: Mimi Zohar, linux-integrity
Hi all,
> Default value was suitable only for x86_64. This helps to use other
> archs on distros which set $BOOT_IMAGE.
FYI merged.
Kind regards,
Petr
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-03-04 8:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-24 17:11 [PATCH] ima_kexec.sh: Detect kernel image from BOOT_IMAGE from /proc/cmdline Petr Vorel
2025-03-04 8:45 ` Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox