Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3124340yba; Mon, 22 Apr 2019 20:39:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqxO2iXolRUOEQz6lneTXAmKeEW6QohPR2yxFPyBQNVp8Uz7h2FXMSbBKA+RhHSWSD5ileIw X-Received: by 2002:a63:1a1b:: with SMTP id a27mr22756328pga.59.1555990761028; Mon, 22 Apr 2019 20:39:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555990761; cv=none; d=google.com; s=arc-20160816; b=UDsKPjjaelY7SUTQ7tExtHdocuuh8bxWup06MwwdyGoN1cwziLYSRGJ3OPB6yDMMja PGGHMKN+DKihs3Qimp60vXgDzZiPlG38GcFFdLJyUt6kqNGUh7s9Z6msdJkNnAiA3NUn lAuL41wRNFMsOdt+VhCjbFHSkEjbkV62oDtMrRfjZS3lLHQtbNqjo+xohXW/OxCkXmzp yjGEFYg6+VBVK5igmFgZx3RZtEfZ5yGTrOy/u5IVfNMGbpifR9XIgmXdq/Ai2z8BpIKU TEcMzPxiv0MpZ06XxFeEc/j3IqCn1NP9NuZDXqFZ/WvlKBsBdYgCm2MvX6vP+fH8Gm9H WEqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=7wJaRI0XzlbB/n0Qs0KT2g2slBc1YrCBSiMHMPHQYLg=; b=Tosb6w4/EZF3Mamwy8+Skb4s/RgBpAJLXw6d4BP+8UQ7ac2oNnO683Cfexp80azC8l Kw+sp95PaF819fJMAO6SE/z/Sn1h+kIzkZS1FBZ3xoL1AIbfSr8P5tygczHNkw2gTami hxlEBgBmOW76jhgPgyM2nWaxp/Ds3I/IEhIZmg3ekBM1VbHRLAuH87GgUAiMmjoyluYn 41N4O0gZk9ROq8Ryh0nKqsYaw6cZHS+sBGzjLIQSrTmj+NMlPS9vJPHpSRh9ibc60qq+ ijqmstERqTzW2dfIa8uz7CxdprUINWUABlpHqRovUztWWV4sWmksuE64pzQ8A7dkA+hY UW+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v79si13548172pgb.56.2019.04.22.20.39.05; Mon, 22 Apr 2019 20:39:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730949AbfDWASU (ORCPT + 99 others); Mon, 22 Apr 2019 20:18:20 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:58214 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729676AbfDWAST (ORCPT ); Mon, 22 Apr 2019 20:18:19 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3N03UJj028414 for ; Mon, 22 Apr 2019 20:18:18 -0400 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2s1qhb15ve-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Apr 2019 20:18:18 -0400 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 23 Apr 2019 01:18:16 +0100 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 23 Apr 2019 01:18:13 +0100 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x3N0ICqB36831360 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Apr 2019 00:18:12 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8E78E4C04A; Tue, 23 Apr 2019 00:18:12 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C86514C040; Tue, 23 Apr 2019 00:18:11 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.109.124]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 23 Apr 2019 00:18:11 +0000 (GMT) Subject: Re: [PATCH] kexec_buffer measure From: Mimi Zohar To: prakhar srivastava Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module Date: Mon, 22 Apr 2019 20:18:01 -0400 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19042300-0008-0000-0000-000002DC7162 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19042300-0009-0000-0000-00002248BE1A Message-Id: <1555978681.4914.305.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-22_01:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=970 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904220180 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [Cc'ing LSM mailing list] On Fri, 2019-04-19 at 17:30 -0700, prakhar srivastava wrote: > 2) Adding a LSM hook > We are doing both the command line and kernel version measurement in IMA. > Can you please elaborate on how this can be used outside of the scenario? > That will help me come back with a better design and code. I am > neutral about this. As I said previously, initially you might want to only measure the kexec boot command line, but will you ever want to verify or audit log the boot command line hash?  Perhaps LSMs would be interested in the boot command line.  Should this be an LSM hook? Mimi