Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp7489514imu;
        Thu, 31 Jan 2019 10:57:42 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4Ia6L/KulbY+7iYIY22RKn5w84lpDyJfkZ3OG0s2JwJuoPF8MwJmJVLTkOn8aT3Dc2NxMu
X-Received: by 2002:a63:1258:: with SMTP id 24mr32154986pgs.114.1548961062144;
        Thu, 31 Jan 2019 10:57:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548961062; cv=none;
        d=google.com; s=arc-20160816;
        b=aotWHmURQVLuTuhHavLFd4wZoKu3U6gGsWIs1XEXE1kRsssTlAhbhiZFpg5CiRBWR6
         L6B26MDwzRDD7zPxkYFmoamuHdeJNP9ULFdEjhY4FlZsO7me9jz+/+jtko2gddC+TP3L
         T+Poev9FY0A8mA78TwJL127mMoutTk8nr6AUVhYqW5EHhYLpbTydQa4rVhIB0JphTWzF
         0UCFM5Tn1fV3Xg2eY7PbtEtYZcGfmSnEZHPnekcWw4kFT3gKcnTIr7UzYSqviF4SfTzo
         9G7aS+RjoykdqeCh8hu86XEcdLAmuc9Iccq0r2XHJq/BoTQ7GABdV1r8kkSq5YA/TexM
         F+pA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=qGhknF/hBfnflguQLwx9ef04Qioyo80MtwNbrC2+p/c=;
        b=ODg9bkRjua44cBcH/FIPS9WJyX0o3sgYDXnybVFjVJE1sCrJzpZ7HdLceFWv9wleu3
         Lsk3Wa0nNTl9HNl2CdrzcLaAfVfSj4c0CWOgArJgy6MDLCHTwO6Zh5f/gEbsYK01YHtV
         8mrODM+fUHCbsALxNGyrPoomimicgjhzfSseMSpgJof9q4dCjN+vvOK/guQQIWcxXWBa
         g1eC35NBpi4mxEmPcStQpMwt7j2jEq3oGuH9IyxSkJ/9zrEBwUwNML9cwYvW15Y8n/4o
         ZfNlTbyrnED/QYraf/f2aGAhwNiVBCbA7AfOr0y7v4YHBumln1dXDJelOtIAVQVunXb1
         GYDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v2si5034594plz.53.2019.01.31.10.57.26;
        Thu, 31 Jan 2019 10:57:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728023AbfAaS4V (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Thu, 31 Jan 2019 13:56:21 -0500
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:45890 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727936AbfAaS4U (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 31 Jan 2019 13:56:20 -0500
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0VIs6BE036990
        for <linux-kernel@vger.kernel.org>; Thu, 31 Jan 2019 13:56:20 -0500
Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2qc67c9k1w-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 31 Jan 2019 13:56:18 -0500
Received: from localhost
        by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.ibm.com>;
        Thu, 31 Jan 2019 18:56:16 -0000
Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197)
        by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Thu, 31 Jan 2019 18:56:13 -0000
Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58])
        by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x0VIuCfr66519120
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Thu, 31 Jan 2019 18:56:12 GMT
Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 6B20D4C050;
        Thu, 31 Jan 2019 18:56:12 +0000 (GMT)
Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id A825E4C04E;
        Thu, 31 Jan 2019 18:56:10 +0000 (GMT)
Received: from localhost.ibm.com (unknown [9.80.107.203])
        by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Thu, 31 Jan 2019 18:56:10 +0000 (GMT)
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     linux-integrity@vger.kernel.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
        David Howells <dhowells@redhat.com>,
        Dave Young <dyoung@redhat.com>,
        Eric Biederman <ebiederm@xmission.com>,
        Mimi Zohar <zohar@linux.ibm.com>
Subject: [PATCH 0/3] selftest/ima: add kexec_file_load test
Date:   Thu, 31 Jan 2019 13:55:33 -0500
X-Mailer: git-send-email 2.7.5
X-TM-AS-GCONF: 00
x-cbid: 19013118-0008-0000-0000-000002B97B25
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 19013118-0009-0000-0000-000022257F1A
Message-Id: <1548960936-7800-1-git-send-email-zohar@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-31_10:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=688 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1810050000 definitions=main-1901310141
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The kernel can be configured to verify PE signed kernel images, IMA
kernel image signatures, both types of signatures, or none.  Verify
only properly signed kernel images are loaded into memory, based on
the kernel configuration and runtime policies.

Mimi Zohar (3):
  selftest/ima: cleanup the kexec selftest
  scripts/ima: define a set of common functions
  selftests/ima: kexec_file_load syscall test

 tools/testing/selftests/ima/Makefile               |   2 +-
 tools/testing/selftests/ima/common_lib.sh          |  20 ++
 .../testing/selftests/ima/test_kexec_file_load.sh  | 250 +++++++++++++++++++++
 tools/testing/selftests/ima/test_kexec_load.sh     |  31 +--
 4 files changed, 281 insertions(+), 22 deletions(-)
 create mode 100755 tools/testing/selftests/ima/common_lib.sh
 create mode 100755 tools/testing/selftests/ima/test_kexec_file_load.sh

-- 
2.7.5