From: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
To: Balbir Singh <bsingharora@gmail.com>
Cc: linuxppc-dev@lists.ozlabs.org, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 0/9] kexec_file_load implementation for PowerPC
Date: Wed, 22 Jun 2016 14:02:45 -0300 [thread overview]
Message-ID: <2895031.4C8tZ3BP2G@hactar> (raw)
In-Reply-To: <20160622232946.793d6c04@350D>
Hello Balbir,
Am Mittwoch, 22 Juni 2016, 23:29:46 schrieb Balbir Singh:
> On Tue, 21 Jun 2016 16:48:32 -0300
> Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com> wrote:
> > This patch series implements the kexec_file_load system call on
> > PowerPC.
> >
> > This system call moves the reading of the kernel, initrd and the
> > device tree from the userspace kexec tool to the kernel. This is
> > needed if you want to do one or both of the following:
> >
> > 1. only allow loading of signed kernels.
> > 2. "measure" (i.e., record the hashes of) the kernel, initrd, kernel
> >
> > command line and other boot inputs for the Integrity Measurement
> > Architecture subsystem.
> >
> > The above are the functions kexec already has built into
> > kexec_file_load. Yesterday I posted a set of patches which allows a
> > third feature:
> >
> > 3. have IMA pass-on its event log (where integrity measurements are
> >
> > registered) accross kexec to the second kernel, so that the event
> > history is preserved.
>
> OK.. and this is safe? Do both the kernels need to be signed by the
> same certificate?
They don't. The integrity of the event log (assuming that is what you mean
by "this" in "this is safe") is guaranteed by the TPM device. Each event in
the measurement list extends a PCR and records its PCR value. It is
cryptographically guaranteed that if you replay the PCR extends recorded in
the event log and in the end of the process they match the current PCR
values in the TPM device, then that event log is correct.
The kernel signature serves to ensure that you only run kernels from an
authorized provider. It doesn't play a role in integrity assurance, which
aims to verify that the machine is really running the code it says it is
running. As I understand it, at least. It's a bit subtle and I could be
missing something...
[]'s
Thiago Jung Bauermann
IBM Linux Technology Center
next prev parent reply other threads:[~2016-06-22 17:02 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-21 19:48 [PATCH v3 0/9] kexec_file_load implementation for PowerPC Thiago Jung Bauermann
2016-06-21 19:48 ` [PATCH v3 1/9] kexec_file: Remove unused members from struct kexec_buf Thiago Jung Bauermann
2016-06-21 19:48 ` [PATCH v3 2/9] kexec_file: Generalize kexec_add_buffer Thiago Jung Bauermann
2016-06-22 10:20 ` Dave Young
2016-06-22 23:30 ` Thiago Jung Bauermann
2016-06-23 2:25 ` Dave Young
2016-06-28 22:18 ` Thiago Jung Bauermann
2016-06-29 19:47 ` Dave Young
2016-06-29 21:18 ` Thiago Jung Bauermann
2016-06-30 15:07 ` Dave Young
2016-06-30 15:49 ` Thiago Jung Bauermann
2016-06-30 16:42 ` Thiago Jung Bauermann
2016-06-30 21:43 ` Dave Young
2016-07-01 17:51 ` Thiago Jung Bauermann
2016-07-01 18:36 ` Dave Young
2016-07-01 20:02 ` Thiago Jung Bauermann
2016-07-01 20:31 ` Thiago Jung Bauermann
2016-07-05 0:55 ` Dave Young
2016-06-21 19:48 ` [PATCH v3 3/9] kexec_file: Factor out kexec_locate_mem_hole from kexec_add_buffer Thiago Jung Bauermann
2016-06-22 10:18 ` Dave Young
2016-06-22 23:34 ` Thiago Jung Bauermann
2016-06-23 2:30 ` Dave Young
2016-06-23 5:44 ` Dave Young
2016-06-23 15:37 ` Thiago Jung Bauermann
2016-06-27 16:19 ` Dave Young
2016-06-27 16:37 ` Thiago Jung Bauermann
2016-06-27 16:51 ` Thiago Jung Bauermann
2016-06-27 20:21 ` Dave Young
2016-06-28 19:20 ` Dave Young
2016-06-28 22:18 ` Thiago Jung Bauermann
2016-06-29 19:45 ` Dave Young
2016-06-29 21:09 ` Thiago Jung Bauermann
2016-06-30 15:41 ` Dave Young
2016-06-30 16:08 ` Thiago Jung Bauermann
2016-06-30 21:37 ` Dave Young
2016-06-21 19:48 ` [PATCH v3 4/9] powerpc: Factor out relocation code from module_64.c to elf_util_64.c Thiago Jung Bauermann
2016-06-21 19:48 ` [PATCH v3 5/9] powerpc: Generalize elf64_apply_relocate_add Thiago Jung Bauermann
2016-06-21 19:48 ` [PATCH v3 6/9] powerpc: Add functions to read ELF files of any endianness Thiago Jung Bauermann
2016-06-21 19:48 ` [PATCH v3 7/9] powerpc: Implement kexec_file_load Thiago Jung Bauermann
2016-06-21 19:48 ` [PATCH v3 8/9] powerpc: Add support for loading ELF kernels with kexec_file_load Thiago Jung Bauermann
2016-06-21 19:48 ` [PATCH v3 9/9] powerpc: Add purgatory for kexec_file_load implementation Thiago Jung Bauermann
2016-06-22 13:29 ` [PATCH v3 0/9] kexec_file_load implementation for PowerPC Balbir Singh
2016-06-22 17:02 ` Thiago Jung Bauermann [this message]
2016-06-22 23:57 ` Balbir Singh
2016-06-23 16:44 ` Thiago Jung Bauermann
2016-06-23 22:33 ` Balbir Singh
2016-06-23 23:49 ` Thiago Jung Bauermann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2895031.4C8tZ3BP2G@hactar \
--to=bauerman@linux.vnet.ibm.com \
--cc=bsingharora@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).