Received: by 10.192.165.148 with SMTP id m20csp84464imm; Thu, 3 May 2018 15:24:17 -0700 (PDT) X-Google-Smtp-Source: AB8JxZryDuWEH8xXna2bP8qrL7MxFZoOf3sko+vERmBcEXjizxx9rtdm5H8HMin9xlxInac7/MlW X-Received: by 10.98.113.5 with SMTP id m5mr18197356pfc.167.1525386256969; Thu, 03 May 2018 15:24:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525386256; cv=none; d=google.com; s=arc-20160816; b=zuM6uQF5S81RfykUOoLtoW3i0iP146TCfXgEh56tf+4OEIXBq9vzra3FUB5WTPIqjZ 0Rxw+BmxzF/uBy+Enc627RJ1sZUAbnD2spy+kR7/duRi4I+RZ8Y9T2LDscWkjIMjeBx3 Co+FVthdciI5gbc+hQw0oXTvWhPHybAWTkZhvL+xLLBEvzlFW26Mc+pFPHEYEaBu52Dr RKaIkxDoZIYtB6uuHlbuKThn4Hkkv9EOClWW66xDGKeL0iBrns4BW/Jr4Sc70OxEkIMm 3stm4alOgshtYqZ0HY915fTLQCsKnVE+5HW+687YltoHSYuaF9fFA6S05DWlKsTxvymH 3FNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=o3S6Mp74BG41bpjACc+hR2CgEBypw3h+CKhNqVbptn8=; b=hfV75mAjCvGhU7iVd0O+5KPFaOIyry46z+UJ+jw6qwCG1JXj8HuyBwNx5HzQOzf6qF SV060ePrHNQ//mWb/uSml7KRpN7cxQpjFEOMSjyP9ZHTtEXn2Os833SUfG0DvKJl/5EB KDH79/+fJFQVbZfsWIZPDuYuBe3eaLxzjW9Rg+FsQ7eV7LCcEVx1hyA/MWspD8JxdpUX 31i/IYQQTP7Ug79TnQ/KCihcfAcwOysUqGX/C+MaYMSDWXjdpuJTHg0jU3mwmY9EEVdi hzJWzxL+rtqYgVW69GwLeSIawz8tJ/4Vj07YSimjT/EzCA9YyzH4JIpB6hytQTl6J0st TEhw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q124-v6si12081983pgq.215.2018.05.03.15.24.02; Thu, 03 May 2018 15:24:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751239AbeECWXe (ORCPT + 99 others); Thu, 3 May 2018 18:23:34 -0400 Received: from mx2.suse.de ([195.135.220.15]:55465 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751161AbeECWXc (ORCPT ); Thu, 3 May 2018 18:23:32 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 4193DADD5; Thu, 3 May 2018 22:23:30 +0000 (UTC) Date: Thu, 3 May 2018 22:23:29 +0000 From: "Luis R. Rodriguez" To: Mimi Zohar Cc: Hans de Goede , Ard Biesheuvel , "Luis R . Rodriguez" , Greg Kroah-Hartman , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Jones , Dave Olsthoorn , Will Deacon , Andy Lutomirski , Matt Fleming , David Howells , Josh Triplett , dmitry.torokhov@gmail.com, mfuzzey@parkeon.com, Kalle Valo , Arend Van Spriel , Linus Torvalds , nbroeking@me.com, bjorn.andersson@linaro.org, Torsten Duwe , Kees Cook , x86@kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module Subject: Re: [PATCH v5 2/5] efi: Add embedded peripheral firmware support Message-ID: <20180503222329.GD27853@wotan.suse.de> References: <20180429093558.5411-1-hdegoede@redhat.com> <20180429093558.5411-3-hdegoede@redhat.com> <1525185374.5669.49.camel@linux.vnet.ibm.com> <1525202847.5669.64.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1525202847.5669.64.camel@linux.vnet.ibm.com> User-Agent: Mutt/1.6.0 (2016-04-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 01, 2018 at 03:27:27PM -0400, Mimi Zohar wrote: > On Tue, 2018-05-01 at 21:11 +0200, Hans de Goede wrote: > > Only the pre hook? I believe the post-hook should still be called too, > > right? So that we've hashes of all loaded firmwares in the IMA core. > > Good catch! ?Right, if IMA-measurement is enabled, then we would want > to add the measurement. Mimi, just a heads up, we only use the post hook for the syfs fallback mechanism, ie, we don't even use the post hook for direct fs lookup. Do we want that there? Luis