Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp834218img; Thu, 28 Feb 2019 08:35:04 -0800 (PST) X-Google-Smtp-Source: AHgI3IYJ13JttBsAeKD6MilIYomk8Ro0iNjjsf/yzypp+wEbxLWf87hyo2liz/3x2JA15e9Nnt0J X-Received: by 2002:a62:70c9:: with SMTP id l192mr412893pfc.207.1551371703965; Thu, 28 Feb 2019 08:35:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551371703; cv=none; d=google.com; s=arc-20160816; b=KviIbsHvCOpoinzSzjPfk7PhltvOwdMMqAYyum81cv3lucuDmp3sg6KCx1E+bo+/O5 7sH3bcT/DL5fqE5H7MGjQQqPioSFe81OmO2kVgGiaLTTpXSkqt/c9R4P8wdyuwa8pi2w HSSViYcC7gamuibIl/3MqzfA4/5YJK/QLOc2be8+Jhmw4KAi919d6HTDmG6HOHouvCUU MdrbQ/RzJ5dBGJ9UwPfhNIMWKknJKn0ycYJB3sezZqGZIXlIlhRhsBJBb66uKDm8UBT/ QrlVxZZtxCEImjhSYXs5g64rAMLs16FnEP+l4hpsSyHQI/CwoORapEaF1AjHESqCDpzS C/Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=cEkqYjzkiF8vqEkXFmUMXZELxcJx+6Ws8Yxowqhtmrs=; b=Lyo0/7nwa1V+3iqLVwt/mrEXbNiUd70qtBlmpCwSQoZ0cZOdEaxUEqlET9CKvbm0X1 nFJTyRfntmIMlF/GoWwb+1Fopc5LzJRJ8+e6vtz9CgaVzrG9QZ5PeGsoOkAJleylcTvY YBBVm3TJlRoaefe45oaaSmeuYFxWTq7IQsrh1Xekhsvj2o+E/6QrvNodVDMVcUL/iOKP M5C8JjHyzUQJqEnqlTgDFHU6Y96sENSEpxLkKQcyGJs/i0B0pYZmThKxA7QSkTd9g7ga HrEXuCldT01HXANTmF5GmuDzJeNauK8OxZ2/1So6pn7t63jMm1CPNo5YNave66hcZsOC ehOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g132si18777256pfc.240.2019.02.28.08.34.48; Thu, 28 Feb 2019 08:35:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732796AbfB1PGO (ORCPT + 99 others); Thu, 28 Feb 2019 10:06:14 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:59396 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1731474AbfB1PGC (ORCPT ); Thu, 28 Feb 2019 10:06:02 -0500 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1SExXLt066336 for ; Thu, 28 Feb 2019 10:06:01 -0500 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0b-001b2d01.pphosted.com with ESMTP id 2qxh0akdpt-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 Feb 2019 10:06:01 -0500 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 28 Feb 2019 15:05:59 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 28 Feb 2019 15:05:56 -0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x1SF5tp550331836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 28 Feb 2019 15:05:55 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A38F11C052; Thu, 28 Feb 2019 15:05:55 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3ABED11C04A; Thu, 28 Feb 2019 15:05:54 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.106.105]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 28 Feb 2019 15:05:54 +0000 (GMT) Subject: Re: [PATCH 2/3] scripts/ima: define a set of common functions From: Mimi Zohar To: Dave Young Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, David Howells , Eric Biederman Date: Thu, 28 Feb 2019 10:05:43 -0500 In-Reply-To: <20190228134146.GA7528@dhcp-128-65.nay.redhat.com> References: <1548960936-7800-1-git-send-email-zohar@linux.ibm.com> <1548960936-7800-3-git-send-email-zohar@linux.ibm.com> <20190228134146.GA7528@dhcp-128-65.nay.redhat.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19022815-0028-0000-0000-0000034E3180 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19022815-0029-0000-0000-0000240C8D64 Message-Id: <1551366343.10911.173.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-02-28_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1902280102 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Dave, On Thu, 2019-02-28 at 21:41 +0800, Dave Young wrote: > Hi Mimi, > > Sorry for jumping in late, just noticed this kexec selftests, I think we > also need a kexec load test not only for ima, but for general kexec The IMA kselftest tests are for the coordination between the different methods of verifying file signatures.  In particular, for the kexec kernel image and kernel module signatures. The initial IMA kselftest just verifies that in an environment requiring signed kexec kernel images, the kexec_load syscall fails.  This week I posted additional IMA kselftests[1][2], including one for the kexec_file_load syscall.  I would really appreciate these kselftests being reviewed/acked. Mimi [1] Subject: [PATCH v2 0/5] selftests/ima: add kexec and kernel module tests [2] Patches available from the "next-queued-testing" branch https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/