Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp834218img;
        Thu, 28 Feb 2019 08:35:04 -0800 (PST)
X-Google-Smtp-Source: AHgI3IYJ13JttBsAeKD6MilIYomk8Ro0iNjjsf/yzypp+wEbxLWf87hyo2liz/3x2JA15e9Nnt0J
X-Received: by 2002:a62:70c9:: with SMTP id l192mr412893pfc.207.1551371703965;
        Thu, 28 Feb 2019 08:35:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551371703; cv=none;
        d=google.com; s=arc-20160816;
        b=KviIbsHvCOpoinzSzjPfk7PhltvOwdMMqAYyum81cv3lucuDmp3sg6KCx1E+bo+/O5
         7sH3bcT/DL5fqE5H7MGjQQqPioSFe81OmO2kVgGiaLTTpXSkqt/c9R4P8wdyuwa8pi2w
         HSSViYcC7gamuibIl/3MqzfA4/5YJK/QLOc2be8+Jhmw4KAi919d6HTDmG6HOHouvCUU
         MdrbQ/RzJ5dBGJ9UwPfhNIMWKknJKn0ycYJB3sezZqGZIXlIlhRhsBJBb66uKDm8UBT/
         QrlVxZZtxCEImjhSYXs5g64rAMLs16FnEP+l4hpsSyHQI/CwoORapEaF1AjHESqCDpzS
         C/Lw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-transfer-encoding
         :mime-version:references:in-reply-to:date:cc:to:from:subject;
        bh=cEkqYjzkiF8vqEkXFmUMXZELxcJx+6Ws8Yxowqhtmrs=;
        b=Lyo0/7nwa1V+3iqLVwt/mrEXbNiUd70qtBlmpCwSQoZ0cZOdEaxUEqlET9CKvbm0X1
         nFJTyRfntmIMlF/GoWwb+1Fopc5LzJRJ8+e6vtz9CgaVzrG9QZ5PeGsoOkAJleylcTvY
         YBBVm3TJlRoaefe45oaaSmeuYFxWTq7IQsrh1Xekhsvj2o+E/6QrvNodVDMVcUL/iOKP
         M5C8JjHyzUQJqEnqlTgDFHU6Y96sENSEpxLkKQcyGJs/i0B0pYZmThKxA7QSkTd9g7ga
         HrEXuCldT01HXANTmF5GmuDzJeNauK8OxZ2/1So6pn7t63jMm1CPNo5YNave66hcZsOC
         ehOg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g132si18777256pfc.240.2019.02.28.08.34.48;
        Thu, 28 Feb 2019 08:35:03 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732796AbfB1PGO (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Thu, 28 Feb 2019 10:06:14 -0500
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:59396 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1731474AbfB1PGC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Feb 2019 10:06:02 -0500
Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1SExXLt066336
        for <linux-kernel@vger.kernel.org>; Thu, 28 Feb 2019 10:06:01 -0500
Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2qxh0akdpt-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 28 Feb 2019 10:06:01 -0500
Received: from localhost
        by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.ibm.com>;
        Thu, 28 Feb 2019 15:05:59 -0000
Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194)
        by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Thu, 28 Feb 2019 15:05:56 -0000
Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61])
        by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x1SF5tp550331836
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Thu, 28 Feb 2019 15:05:55 GMT
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 2A38F11C052;
        Thu, 28 Feb 2019 15:05:55 +0000 (GMT)
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 3ABED11C04A;
        Thu, 28 Feb 2019 15:05:54 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.80.106.105])
        by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Thu, 28 Feb 2019 15:05:54 +0000 (GMT)
Subject: Re: [PATCH 2/3] scripts/ima: define a set of common functions
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     Dave Young <dyoung@redhat.com>
Cc:     linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
        David Howells <dhowells@redhat.com>,
        Eric Biederman <ebiederm@xmission.com>
Date:   Thu, 28 Feb 2019 10:05:43 -0500
In-Reply-To: <20190228134146.GA7528@dhcp-128-65.nay.redhat.com>
References: <1548960936-7800-1-git-send-email-zohar@linux.ibm.com>
         <1548960936-7800-3-git-send-email-zohar@linux.ibm.com>
         <20190228134146.GA7528@dhcp-128-65.nay.redhat.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
x-cbid: 19022815-0028-0000-0000-0000034E3180
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 19022815-0029-0000-0000-0000240C8D64
Message-Id: <1551366343.10911.173.camel@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-02-28_07:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1810050000 definitions=main-1902280102
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Dave,

On Thu, 2019-02-28 at 21:41 +0800, Dave Young wrote:
> Hi Mimi,
>  
> Sorry for jumping in late, just noticed this kexec selftests, I think we
> also need a kexec load test not only for ima, but for general kexec

The IMA kselftest tests are for the coordination between the different
methods of verifying file signatures.  In particular, for the kexec
kernel image and kernel module signatures.

The initial IMA kselftest just verifies that in an environment
requiring signed kexec kernel images, the kexec_load syscall fails. 

This week I posted additional IMA kselftests[1][2], including one for
the kexec_file_load syscall.  I would really appreciate these
kselftests being reviewed/acked.

Mimi

[1] Subject: [PATCH v2 0/5] selftests/ima: add kexec and kernel module tests
[2] Patches available from the "next-queued-testing" branch
https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/