From: Mimi Zohar <zohar@linux.ibm.com>
To: steven chen <chenste@linux.microsoft.com>,
stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com,
roberto.sassu@huawei.com, eric.snowberg@oracle.com,
ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com,
bauermann@kolabnow.com, linux-integrity@vger.kernel.org,
kexec@lists.infradead.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com,
James.Bottomley@HansenPartnership.com, bhe@redhat.com,
vgoyal@redhat.com, dyoung@redhat.com
Subject: Re: [PATCH v9 1/7] ima: copy only complete measurement records across kexec
Date: Tue, 04 Mar 2025 21:08:00 -0500 [thread overview]
Message-ID: <3aadae5d35af3f984b9e8bc548d73bb878d666bd.camel@linux.ibm.com> (raw)
In-Reply-To: <20250304190351.96975-2-chenste@linux.microsoft.com>
On Tue, 2025-03-04 at 11:03 -0800, steven chen wrote:
>
> - Compared the memory size allocated with memory size of the entire
> measurement record. Copy only complete measurement records if there
> is enough memory. If there is not enough memory, it will not copy
> any IMA measurement records, and this situation will result in a
> failure of remote attestation.
In discussions with Tushar, I was very clear that as many measurement records as
possible should be carried over to the kexec'ed kernel. The main change between
v8 and v9 was to make sure the last record copied was a complete record.
Mimi
next prev parent reply other threads:[~2025-03-05 2:08 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 19:03 [PATCH v9 0/7] ima: kexec: measure events between kexec load and execute steven chen
2025-03-04 19:03 ` [PATCH v9 1/7] ima: copy only complete measurement records across kexec steven chen
2025-03-05 2:08 ` Mimi Zohar [this message]
2025-03-05 11:34 ` Mimi Zohar
2025-03-05 12:08 ` Baoquan He
2025-03-05 12:27 ` Mimi Zohar
2025-03-06 22:45 ` steven chen
2025-03-07 2:51 ` Mimi Zohar
2025-03-11 12:44 ` Mimi Zohar
2025-03-11 23:45 ` steven chen
2025-03-04 19:03 ` [PATCH v9 2/7] kexec: define functions to map and unmap segments steven chen
2025-03-04 22:23 ` Jarkko Sakkinen
2025-03-05 0:55 ` steven chen
2025-03-05 12:24 ` Baoquan He
2025-03-17 18:26 ` steven chen
2025-03-06 6:35 ` Dan Carpenter
2025-03-04 19:03 ` [PATCH v9 3/7] ima: kexec: skip IMA segment validation after kexec soft reboot steven chen
2025-03-05 12:37 ` Baoquan He
2025-03-04 19:03 ` [PATCH v9 4/7] ima: kexec: define functions to copy IMA log at soft boot steven chen
2025-03-12 8:57 ` kernel test robot
2025-03-04 19:03 ` [PATCH v9 5/7] ima: kexec: move IMA log copy from kexec load to execute steven chen
2025-03-04 19:03 ` [PATCH v9 6/7] ima: make the kexec extra memory configurable steven chen
2025-03-04 19:03 ` [PATCH v9 7/7] ima: measure kexec load and exec events as critical data steven chen
2025-03-05 0:25 ` Mimi Zohar
2025-03-05 0:57 ` steven chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3aadae5d35af3f984b9e8bc548d73bb878d666bd.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=bauermann@kolabnow.com \
--cc=bhe@redhat.com \
--cc=chenste@linux.microsoft.com \
--cc=code@tyhicks.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=eric.snowberg@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=madvenka@linux.microsoft.com \
--cc=nramas@linux.microsoft.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=stefanb@linux.ibm.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox