From: Mimi Zohar <zohar@linux.ibm.com>
To: Rob Herring <robh@kernel.org>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
tao.li@vivo.com, Paul Mackerras <paulus@samba.org>,
vincenzo.frascino@arm.com, Frank Rowand <frowand.list@gmail.com>,
Sasha Levin <sashal@kernel.org>,
Masahiro Yamada <masahiroy@kernel.org>,
James Morris <jmorris@namei.org>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
devicetree@vger.kernel.org,
Pavel Tatashin <pasha.tatashin@soleen.com>,
Will Deacon <will@kernel.org>,
Prakhar Srivastava <prsriva@linux.microsoft.com>,
Hsin-Yi Wang <hsinyi@chromium.org>,
Allison Randal <allison@lohutok.net>,
Christophe Leroy <christophe.leroy@c-s.fr>,
Matthias Brugger <mbrugger@suse.com>,
balajib@linux.microsoft.com, dmitry.kasatkin@gmail.com,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
James Morse <james.morse@arm.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Joe Perches <joe@perches.com>,
linux-integrity@vger.kernel.org,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>
Subject: Re: [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64
Date: Wed, 10 Feb 2021 15:55:52 -0500 [thread overview]
Message-ID: <cf7930239b93044a1be353556b7dc730e024f658.camel@linux.ibm.com> (raw)
In-Reply-To: <CAL_JsqLmdqfFF8u=dE+dQz+6ngv=moWkQF8tpZjUCX-vHuvU_w@mail.gmail.com>
On Wed, 2021-02-10 at 14:42 -0600, Rob Herring wrote:
> On Wed, Feb 10, 2021 at 11:33 AM Lakshmi Ramasubramanian
> <nramas@linux.microsoft.com> wrote:
> >
> > On 2/10/21 9:15 AM, Rob Herring wrote:
> > > On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
> > >> On kexec file load Integrity Measurement Architecture (IMA) subsystem
> > >> may verify the IMA signature of the kernel and initramfs, and measure
> > >> it. The command line parameters passed to the kernel in the kexec call
> > >> may also be measured by IMA. A remote attestation service can verify
> > >> a TPM quote based on the TPM event log, the IMA measurement list, and
> > >> the TPM PCR data. This can be achieved only if the IMA measurement log
> > >> is carried over from the current kernel to the next kernel across
> > >> the kexec call.
> > >>
> > >> powerpc already supports carrying forward the IMA measurement log on
> > >> kexec. This patch set adds support for carrying forward the IMA
> > >> measurement log on kexec on ARM64.
> > >>
> > >> This patch set moves the platform independent code defined for powerpc
> > >> such that it can be reused for other platforms as well. A chosen node
> > >> "linux,ima-kexec-buffer" is added to the DTB for ARM64 to hold
> > >> the address and the size of the memory reserved to carry
> > >> the IMA measurement log.
> > >>
> > >> This patch set has been tested for ARM64 platform using QEMU.
> > >> I would like help from the community for testing this change on powerpc.
> > >> Thanks.
> > >>
> > >> This patch set is based on
> > >> commit 96acc833dec8 ("ima: Free IMA measurement buffer after kexec syscall")
> > >> in https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> > >> "next-integrity" branch.
> > >
> > > Is that a hard dependency still? Given this is now almost entirely
> > > deleting arch code and adding drivers/of/ code, I was going to apply it.
> > >
> >
> > I tried applying the patches in Linus' mainline branch -
> > PATCH #5 0005-powerpc-Move-ima-buffer-fields-to-struct-kimage.patch
> > doesn't apply.
> >
> > But if I apply the dependent patch set (link given below), all the
> > patches in this patch set apply fine.
> >
> > https://patchwork.kernel.org/project/linux-integrity/patch/20210204174951.25771-2-nramas@linux.microsoft.com/
>
> Ideally, we don't apply the same patch in 2 branches. It looks like
> there's a conflict but no real dependence on the above patch (the
> ima_buffer part). The conflict seems trivial enough that Linus can
> resolve it in the merge window.
>
> Or Mimi can take the whole thing if preferred?
How about I create a topic branch with just the two patches, allowing
both of us to merge it? There shouldn't be a problem with re-writing
next-integrity history.
Mimi
next prev parent reply other threads:[~2021-02-10 20:58 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 18:21 [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 01/10] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 02/10] of: Add a common kexec FDT setup function Lakshmi Ramasubramanian
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 14:38 ` Rob Herring
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 03/10] arm64: Use common of_kexec_alloc_and_setup_fdt() Lakshmi Ramasubramanian
2021-02-10 17:26 ` Will Deacon
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 04/10] powerpc: " Lakshmi Ramasubramanian
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 05/10] powerpc: Move ima buffer fields to struct kimage Lakshmi Ramasubramanian
2021-02-10 17:20 ` Rob Herring
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 06/10] powerpc: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 07/10] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c Lakshmi Ramasubramanian
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 08/10] kexec: Use fdt_appendprop_addrrange() to add ima buffer to FDT Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 09/10] powerpc: Delete unused function delete_fdt_mem_rsv() Lakshmi Ramasubramanian
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-09 18:22 ` [PATCH v17 10/10] arm64: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-10 17:15 ` [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Rob Herring
2021-02-10 17:33 ` Lakshmi Ramasubramanian
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:55 ` Mimi Zohar [this message]
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 22:34 ` Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf7930239b93044a1be353556b7dc730e024f658.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=allison@lohutok.net \
--cc=balajib@linux.microsoft.com \
--cc=bauerman@linux.ibm.com \
--cc=catalin.marinas@arm.com \
--cc=christophe.leroy@c-s.fr \
--cc=devicetree@vger.kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=frowand.list@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hsinyi@chromium.org \
--cc=james.morse@arm.com \
--cc=jmorris@namei.org \
--cc=joe@perches.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=mbrugger@suse.com \
--cc=nramas@linux.microsoft.com \
--cc=pasha.tatashin@soleen.com \
--cc=paulus@samba.org \
--cc=prsriva@linux.microsoft.com \
--cc=robh@kernel.org \
--cc=sashal@kernel.org \
--cc=serge@hallyn.com \
--cc=takahiro.akashi@linaro.org \
--cc=tao.li@vivo.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).