Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp7489514imu; Thu, 31 Jan 2019 10:57:42 -0800 (PST) X-Google-Smtp-Source: ALg8bN4Ia6L/KulbY+7iYIY22RKn5w84lpDyJfkZ3OG0s2JwJuoPF8MwJmJVLTkOn8aT3Dc2NxMu X-Received: by 2002:a63:1258:: with SMTP id 24mr32154986pgs.114.1548961062144; Thu, 31 Jan 2019 10:57:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548961062; cv=none; d=google.com; s=arc-20160816; b=aotWHmURQVLuTuhHavLFd4wZoKu3U6gGsWIs1XEXE1kRsssTlAhbhiZFpg5CiRBWR6 L6B26MDwzRDD7zPxkYFmoamuHdeJNP9ULFdEjhY4FlZsO7me9jz+/+jtko2gddC+TP3L T+Poev9FY0A8mA78TwJL127mMoutTk8nr6AUVhYqW5EHhYLpbTydQa4rVhIB0JphTWzF 0UCFM5Tn1fV3Xg2eY7PbtEtYZcGfmSnEZHPnekcWw4kFT3gKcnTIr7UzYSqviF4SfTzo 9G7aS+RjoykdqeCh8hu86XEcdLAmuc9Iccq0r2XHJq/BoTQ7GABdV1r8kkSq5YA/TexM F+pA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=qGhknF/hBfnflguQLwx9ef04Qioyo80MtwNbrC2+p/c=; b=ODg9bkRjua44cBcH/FIPS9WJyX0o3sgYDXnybVFjVJE1sCrJzpZ7HdLceFWv9wleu3 Lsk3Wa0nNTl9HNl2CdrzcLaAfVfSj4c0CWOgArJgy6MDLCHTwO6Zh5f/gEbsYK01YHtV 8mrODM+fUHCbsALxNGyrPoomimicgjhzfSseMSpgJof9q4dCjN+vvOK/guQQIWcxXWBa g1eC35NBpi4mxEmPcStQpMwt7j2jEq3oGuH9IyxSkJ/9zrEBwUwNML9cwYvW15Y8n/4o ZfNlTbyrnED/QYraf/f2aGAhwNiVBCbA7AfOr0y7v4YHBumln1dXDJelOtIAVQVunXb1 GYDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v2si5034594plz.53.2019.01.31.10.57.26; Thu, 31 Jan 2019 10:57:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728023AbfAaS4V (ORCPT + 99 others); Thu, 31 Jan 2019 13:56:21 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:45890 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727936AbfAaS4U (ORCPT ); Thu, 31 Jan 2019 13:56:20 -0500 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0VIs6BE036990 for ; Thu, 31 Jan 2019 13:56:20 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2qc67c9k1w-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 31 Jan 2019 13:56:18 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 31 Jan 2019 18:56:16 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 31 Jan 2019 18:56:13 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x0VIuCfr66519120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 31 Jan 2019 18:56:12 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6B20D4C050; Thu, 31 Jan 2019 18:56:12 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A825E4C04E; Thu, 31 Jan 2019 18:56:10 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.107.203]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 31 Jan 2019 18:56:10 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, David Howells , Dave Young , Eric Biederman , Mimi Zohar Subject: [PATCH 0/3] selftest/ima: add kexec_file_load test Date: Thu, 31 Jan 2019 13:55:33 -0500 X-Mailer: git-send-email 2.7.5 X-TM-AS-GCONF: 00 x-cbid: 19013118-0008-0000-0000-000002B97B25 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19013118-0009-0000-0000-000022257F1A Message-Id: <1548960936-7800-1-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-31_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=688 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901310141 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The kernel can be configured to verify PE signed kernel images, IMA kernel image signatures, both types of signatures, or none. Verify only properly signed kernel images are loaded into memory, based on the kernel configuration and runtime policies. Mimi Zohar (3): selftest/ima: cleanup the kexec selftest scripts/ima: define a set of common functions selftests/ima: kexec_file_load syscall test tools/testing/selftests/ima/Makefile | 2 +- tools/testing/selftests/ima/common_lib.sh | 20 ++ .../testing/selftests/ima/test_kexec_file_load.sh | 250 +++++++++++++++++++++ tools/testing/selftests/ima/test_kexec_load.sh | 31 +-- 4 files changed, 281 insertions(+), 22 deletions(-) create mode 100755 tools/testing/selftests/ima/common_lib.sh create mode 100755 tools/testing/selftests/ima/test_kexec_file_load.sh -- 2.7.5