From: Lachlan Sneff <t-josne@linux.microsoft.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 2/2] IMA: Verify IMA buffer passing through the kexec barrier
Date: Thu, 2 Jul 2020 11:35:45 -0400 [thread overview]
Message-ID: <20200702153545.3126-3-t-josne@linux.microsoft.com> (raw)
In-Reply-To: <20200702153545.3126-1-t-josne@linux.microsoft.com>
Add a testcase that verifies that kexec correctly passes
the IMA buffer through the soft reboot.
This test must be run standalone, since it runs kexec.
Signed-off-by: Lachlan Sneff <t-josne@linux.microsoft.com>
---
testcases/kexec/README.md | 4 ++++
testcases/kexec/ima_buffer.sh | 42 +++++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+)
create mode 100755 testcases/kexec/ima_buffer.sh
diff --git a/testcases/kexec/README.md b/testcases/kexec/README.md
index 42988cd7b..f4018387e 100644
--- a/testcases/kexec/README.md
+++ b/testcases/kexec/README.md
@@ -24,3 +24,7 @@ Running
- kexec cmdline measurement
1. `IMAGE=<path to kernel image> testcases/kexec/cmdline.sh start`
2. Runtime logs will be emitted in `testcases/kexec/kexec_cmdline.log`.
+
+- kexec ima buffer passing
+ 1. `IMAGE=<path to kernel image> testcases/kexec/ima_buffer.sh start`
+ 2. Runtime logs will be emitted in `testcases/kexec/kexec_ima_buffer.log`.
diff --git a/testcases/kexec/ima_buffer.sh b/testcases/kexec/ima_buffer.sh
new file mode 100755
index 000000000..3ce661236
--- /dev/null
+++ b/testcases/kexec/ima_buffer.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+ASCII_MEASUREMENTS="/sys/kernel/security/integrity/ima/ascii_runtime_measurements"
+SCRIPT_DIR="$(dirname $(realpath $0))"
+IMAGE=$(realpath "${IMAGE:-$SCRIPT_DIR/Image}")
+LOG_FILE="$SCRIPT_DIR/kexec_ima_buffer.log"
+
+. $SCRIPT_DIR/utils.sh
+
+must_be_root
+on_correct_machine
+
+case $1 in
+ start)
+ # Start the state machine
+ cp $ASCII_MEASUREMENTS /etc/saved-ima-buffer
+
+ install 1
+ if ! kexec -s $IMAGE --reuse-cmdline; then
+ echo "kexec failed: $?" >> $LOG_FILE
+ fi
+ ;;
+ 1)
+ update-rc.d resume-after-kexec remove
+ rm /etc/init.d/resume-after-kexec
+
+ n_lines=$(wc -l /etc/saved-ima-buffer | cut -d' ' -f1)
+ if cat $ASCII_MEASUREMENTS | \
+ head -n $n_lines | \
+ cmp -s - /etc/saved-ima-buffer
+ then
+ echo "test succeeded" > $LOG_FILE
+ else
+ echo "test failed" > $LOG_FILE
+ fi
+
+ rm /etc/saved-ima-buffer
+ ;;
+ *)
+ echo "You must run '$0 start' to begin the test"
+ ;;
+esac
--
2.25.1
next prev parent reply other threads:[~2020-07-02 15:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-02 15:35 [LTP] [PATCH 0/2] Test cmdline measurement and IMA buffer passing through kexec Lachlan Sneff
2020-07-02 15:35 ` [LTP] [PATCH 1/2] IMA: Verify that the kernel cmdline is passed and measured correctly through the kexec barrier Lachlan Sneff
2020-07-15 0:58 ` Mimi Zohar
2020-07-15 8:03 ` Petr Vorel
2020-07-15 19:38 ` Lachlan Sneff
2020-07-15 19:40 ` Mimi Zohar
2020-07-15 8:18 ` Petr Vorel
2020-07-15 19:46 ` Lachlan Sneff
2020-07-02 15:35 ` Lachlan Sneff [this message]
2020-07-15 1:41 ` [LTP] [PATCH 2/2] IMA: Verify IMA buffer passing " Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200702153545.3126-3-t-josne@linux.microsoft.com \
--to=t-josne@linux.microsoft.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox