Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp878970img; Fri, 22 Mar 2019 10:28:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqzGYqOc++ptC+HCBghX/VP5Yu2JAybem77Y3IVhjhMJLsFLx+mpe8MajgzfV0Ruy/gY8ZVH X-Received: by 2002:a62:4481:: with SMTP id m1mr10514537pfi.253.1553275707626; Fri, 22 Mar 2019 10:28:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553275707; cv=none; d=google.com; s=arc-20160816; b=mopu6XgnMlDVvfilAIERM9yvm9hrMVeJdkljBlNv23KWO7ZirWdCFAb5rZ9H3JhIv+ S9y1ACYFxZKUbAonFArW3gmPyBGS97C+GmX/plHL5DUOD8qpbUL35lVzw3Mgl0WZ2L/P uFKhwz0NwXxNmBgdIYXeslH4dCfkog9LAedDcHRoKNYBElshC2/VmyM7lcqSiURP+vBg 54N485DLvCBUilbC5pi95L+JOMuxQmMxD/Sk+JbttDUYPOxAc3pkMG6gmQ4VXhowpBo/ Fbof7R9yF+i25iJpIcx8Ie3vaAm6FO0FQRcNbL7pKo1ZXAV0z5gkhLEj4m9IOoQcB74c 6DoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :msip_labels:content-language:accept-language:message-id:date :thread-index:thread-topic:subject:to:from:dkim-signature; bh=5hhqcsQB0rrX0DcG8RkkzffGiQY7ware5mtAA6pSQD8=; b=JT5bboZDfmgOlXwph2dvX329DCFPEguo96K7kqmLtztA/R68B0F0c2cCqcPkbufNLs BzRcNh6Nk2q+bpTu2Ri4OAuig+ZBLxgnQca77ry5RHu3m4M+WiOFwRqNzxHXCKm9gUdq NkidsG3DyYf1BthMQAeP9xBqxX+gFB+s64mBDQoxM45KOyQt1VuXTnqaUenyVusAgS6j iBhw4Bd5jfeGi75xNpDD70686YYCANWe2y7uurOr8qxZX+hOtU/UTQ0VP0EvnwOrKaW0 3Qpzr4TCiy6rnZheAasjR0Z/WJSCGkHbb7imyI7nEh3hI8c2AoyXXBmrMPBPr6bjLs0/ MU1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=Ssg9jzJR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a21si7058281pgg.330.2019.03.22.10.28.09; Fri, 22 Mar 2019 10:28:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=Ssg9jzJR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728329AbfCVR1P (ORCPT + 99 others); Fri, 22 Mar 2019 13:27:15 -0400 Received: from mail-eopbgr690110.outbound.protection.outlook.com ([40.107.69.110]:22500 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727741AbfCVR1O (ORCPT ); Fri, 22 Mar 2019 13:27:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5hhqcsQB0rrX0DcG8RkkzffGiQY7ware5mtAA6pSQD8=; b=Ssg9jzJRu0Tv8VPUnxFWsIAI/iwCjJabee2Xks6cTAdW+FuIU52aaisqTimaY9OPJTItGB8KTpAWsJB5l49IRX8xfmj46taO3y5OJEuBZ0W0jNDxCUZ2O8nZ/2Sv2WbUOKu/Ayja8Du585eKD5E0GxAn5UAl8biw2R5BRxJoOKo= Received: from DM5PR21MB0747.namprd21.prod.outlook.com (10.173.172.13) by DM5PR21MB0153.namprd21.prod.outlook.com (10.173.173.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.5; Fri, 22 Mar 2019 17:27:12 +0000 Received: from DM5PR21MB0747.namprd21.prod.outlook.com ([fe80::3d1e:56c2:2b7:cf91]) by DM5PR21MB0747.namprd21.prod.outlook.com ([fe80::3d1e:56c2:2b7:cf91%8]) with mapi id 15.20.1750.002; Fri, 22 Mar 2019 17:27:12 +0000 From: Prakhar Srivastava To: "linux-kernel@vger.kernel.org" , "linux-integrity@vger.kernel.org" Subject: Adding cmldine args measure to ima Thread-Topic: Adding cmldine args measure to ima Thread-Index: AdTg1Hsi+/BTuAz2T8ua6RTRa1/xhA== Date: Fri, 22 Mar 2019 17:27:12 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=prsriva@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-03-22T17:27:10.5308305Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=0ccbfdb5-9bbd-4015-9640-694c5667768e; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic x-originating-ip: [2001:4898:80e8:7:6cee:5fa7:15d6:4d76] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7bf1fa35-45a7-4bf7-c2c6-08d6aeeb9ecd x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7193020);SRVR:DM5PR21MB0153; x-ms-traffictypediagnostic: DM5PR21MB0153: authentication-results: spf=none (sender IP is ) smtp.mailfrom=prsriva@microsoft.com; x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 09840A4839 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(396003)(39860400002)(136003)(376002)(366004)(199004)(189003)(6436002)(10090500001)(71200400001)(2906002)(8676002)(305945005)(55016002)(74316002)(4744005)(102836004)(86362001)(106356001)(316002)(110136005)(8990500004)(486006)(186003)(81166006)(14454004)(476003)(71190400001)(81156014)(22452003)(5660300002)(9686003)(450100002)(2501003)(99286004)(52536014)(86612001)(105586002)(14444005)(97736004)(53936002)(25786009)(46003)(478600001)(68736007)(33656002)(6506007)(256004)(6116002)(7736002)(7696005)(10290500003)(8936002);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR21MB0153;H:DM5PR21MB0747.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: yJsMhKZ6dopBuuxUzzU2i22w/g4y8WjJYLDsLkBgzUkd9JmfDsTYaThDAr/6A+6CC7UUKltp41CZ/c7dQSI9i74raUI+cfGKh6pcwBm1FcsUMycy1aS+iA4PfaJA3ERCMe+7W3tylB6FppOX19QNkX3OGpryB6/POlhvgwHg7u9djpxBKbiNnyQ7cy1urZZc2YWsH9Tggxbcd0oJkJEYPasInzzluFu3cJgH+7LoD6kU3/hvwlE1XT4FIvihi6XFpAIsDfGfOHpT3eesQH4BMHbUo9IQ9qN5p558DdKno6xQ5QPnOhG/qa6MCZ5zy3wjiR5RsALzR1bOkPqynZGM8DU5fXqlHFE175Yg/e3Mi72Q/ixkWg7q9GHh89QgG73uTf/IwdueG/oPQ6Xeedjq6SEosN2t0gsS0qeX73Dh4v8= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7bf1fa35-45a7-4bf7-c2c6-08d6aeeb9ecd X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2019 17:27:12.3225 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0153 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Currently Kexec (kexec_file_load) code path does not measure the cmdline=20 arguments passed to the next kernel.The boot_aggregate won't change since=20 the EFI loader hasn't been triggered. Attesting the same in K2 has no impac= t. Adding the cmdline measurement will add some attestable criteria. To account for the cmdline passed, we are looking at using IMA to measure a= nd=20 pass the buffer so that it can be attested. Do you have any alternate solutions/concerns with this approach? Thanks, Prakhar Srivastava