From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932279AbcHJSCZ (ORCPT ); Wed, 10 Aug 2016 14:02:25 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:44143 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932254AbcHJSCV (ORCPT ); Wed, 10 Aug 2016 14:02:21 -0400 X-IBM-Helo: d24dlp01.br.ibm.com X-IBM-MailFrom: bauerman@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org From: Thiago Jung Bauermann To: Michael Ellerman Cc: Mimi Zohar , linux-security-module@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, Dave Young Subject: Re: [PATCH 1/7] ima: on soft reboot, restore the measurement list Date: Wed, 10 Aug 2016 02:05:53 -0300 User-Agent: KMail/4.14.3 (Linux/3.13.0-92-generic; KDE/4.14.13; x86_64; ; ) In-Reply-To: <87r39xthnv.fsf@concordia.ellerman.id.au> References: <1470313475-20090-1-git-send-email-zohar@linux.vnet.ibm.com> <3544655.o5QPxko4Ba@hactar> <87r39xthnv.fsf@concordia.ellerman.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16081005-1523-0000-0000-00000211E1E0 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16081005-1524-0000-0000-000027BF998A Message-Id: <18857164.IzlezsQllh@hactar> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-08-10_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608100056 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Mittwoch, 10 August 2016, 13:41:08 schrieb Michael Ellerman: > Thiago Jung Bauermann writes: > > Am Dienstag, 09 August 2016, 09:01:13 schrieb Mimi Zohar: > >> On Tue, 2016-08-09 at 20:59 +1000, Michael Ellerman wrote: > >> > Mimi Zohar writes: > >> > > +/* Some details preceding the binary serialized measurement list > >> > > */ > >> > > +struct ima_kexec_hdr { > >> > > + unsigned short version; > >> > > + unsigned long buffer_size; > >> > > + unsigned long count; > >> > > +} __packed; > >> > > + > >> > > >> > Am I understanding it correctly that this structure is passed between > >> > kernels? > >> > >> Yes, the header prefixes the measurement list, which is being passed on > >> the same computer to the next kernel. Could the architecture (eg. > >> LE/BE) change between soft re-boots? > > > > Yes. I am able to boot a BE kernel from an LE kernel with my patches. > > Whether we want to support that or not is another question... > > Yes you must support that. BE -> LE and vice versa. I didn't test BE - LE yet, but will do. > You should also consider the possibility that the next kernel is not > Linux. If the next kernel is an ELF binary and it supports the kexec "calling convention", it should work too. What could possibly go wrong? I can try FreeBSD (I suppose it's an ELF kernel) and see what happens. -- []'s Thiago Jung Bauermann IBM Linux Technology Center