Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7417462yba;
        Thu, 2 May 2019 09:28:08 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxWbQVwL8yR6sHmFbPA5tMyaVuk8goXIjcvt/233WJ9gd1Xod/+dMYDZQNDzCmbm7Wujv5t
X-Received: by 2002:a17:902:42:: with SMTP id 60mr4730024pla.79.1556814488629;
        Thu, 02 May 2019 09:28:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556814488; cv=none;
        d=google.com; s=arc-20160816;
        b=jrCSkjosNtdw5M1QBPubLKbmdkp7fUftZl/KWFcWwlOPfjlPi4PKeCQGSE7ZmmtMYn
         lf+8HCCBJJ02dOwJGCrMOX7Q/vcYwEIo0sgGBk8+hFnkh3Tcrbj3AVD+AXDCSEO3jMLe
         fULrnY9IvVge+XgczdKWSqIakENKecQ9Z5Ir2qGigmfZQT7Eva6HTYw5wERNOiFFcS1I
         91tN8p7XxDsEyeNUmErhMUKdoRXJcrh03YauuucYj2wyP0DDWAYT21uRKMEyWX374fgb
         FcnadKt3f8GMp7W2uoFrSPnRxmIsOKEdkb5prGHx4SGoi4O0LIacPrd52WIb6ZP+p+KU
         /W2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=4PgbqVnvHOQkUk3YG4PidmP1RHiYRTKxgvCKv2qGFds=;
        b=n0KcRf9e8yHhcJEdei+MvpZNivTfTjHt5rsdz71j/G6Yz2iBc7gOdrBa3uM/hfizdy
         4yFngoW8NYSEUxwzYU+jdCmy5mm7hk49UUs6dbEaV2mNIcay9u0S17pQg7KZvNWtxoSl
         q0kbZ8NAu59maadP3LFESdoPs51BQ6p3p45G+QwFGl587yU+DWNBNgV1Fh2azQQ6ZKRT
         TaGArFCIBNXmkuMuDxgFLocfXq3GeVwQhLezHReETytKpgFEyXaDLUad/i8WyA1jiimO
         SZxG+CSkOBhV8Bpz/vx1DOLuqmBte28Ovy/Bx7G8UEF3E9q0VrtwEOPvIkj1XAYi+SQt
         x3tQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=NlEn64f9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e13si41649578pgs.341.2019.05.02.09.27.52;
        Thu, 02 May 2019 09:28:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=NlEn64f9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726451AbfEBQ0j (ORCPT <rfc822;zffurovfq63@gmail.com>
        + 99 others); Thu, 2 May 2019 12:26:39 -0400
Received: from sonic308-8.consmr.mail.bf2.yahoo.com ([74.6.130.47]:42074 "EHLO
        sonic308-8.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726321AbfEBQ0i (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 2 May 2019 12:26:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1556814397; bh=4PgbqVnvHOQkUk3YG4PidmP1RHiYRTKxgvCKv2qGFds=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=NlEn64f9wIy74YHwaX7rTyoZLz1CsP60rIouktR01XF/phcxjejrFpEyeT9lWPf/fV1EP8aXKwxBx6uNnJ58KN/1U9S2dXBpKCMiiMBTM+4T2y8vaRVt+PwmRLMXfjCPjLIOmaqKx7NYfBAnk2onWmepVdD2B8C5XFiuTAmJCY5h04ZK+eDUzlM6qqHHfWH7o86YKudh/5N+iyAxTGQ7jp7IFqk8rZIXCzy0GN73Ev/y8RL9SQW+tKCrViF7lL746c+sqn9kdfrOc8dTiouweqg5l7jn4IvLBrIJex+g1twLTBGdhghzc8jgCmdl1sGZuefsMVzxRlOGILsm2RFSiA==
X-YMail-OSG: v1ft5gMVM1kVZeTpHCyFvDoJ6nhxxeayX7D1x3kizyyCsuGnYX.uALbteJM6lzS
 X1gi51Qt8bQacimWdA9VvgwHHf4D5u.Pm6KEokoPLMdGI9FSlYyekFocVqUwoQrZG1U5.i1QW_qR
 Pe.ydTnqpI_EYa1sAYxhJMK0qZnuGdr_6IKHmG3Ch4OBeX0MRynJQdv4_iHBmgrlCoG1x087OOmG
 9Svy4nD8VCyAlrRvRr_sRITOettukAimLiOXgf2tkFLDJGPWE.Q40nS9trkoo61b_D5Qibg7Ocnu
 mGnr7vS5EI2sv5zpI81LF4sleXeS3EHX_2LQarviZfpqwZ6gGekavlqH6mXcC342AnKwSiS.tXL7
 DPpN_P6e4z.ybisQKyN4cyowL3ACXZkQXpQjTLftjjk_gumjj_fmdFpImlsHXfhkX8.fndVQ0W.k
 InDW.AvkYlzJ7HVbIDxaAG0iFnli9lp99rblsVyh5z1auqbhizyPmD7_6zeHt0.xOAiCWEJ4vmsn
 lwaluspgwfNkxU1WDSpdBlKqvL9YT.Wnuz2OO8mXROxPDaAM8aAOnEuIt3DPH6LjA9LZ0suDoOWL
 ODIxr2e40AStAo8A4O1bfxtWG3FJJZkHVf1Gad_Jql1ysoZbDJS10L3QIkKg2hHVTitS2MjsyHGn
 UST6VHDMXFCEdzsRRV6VkyNsZDmXoHRBWYD9jR7HF5rMb_x6rOBCoePPCnd.tIUSz4Vi5aRu.KkN
 O0ZTT4WPEyGExim0Kkp3b8DD9TY1EJwvUsUoU3BDznDhkSy8p7dQbwK5ACaDRVXix2xhIbKtN7Lm
 HFzoUMYqeCSA_8ZOxHnrREZg1TEyWfjZvoegIDgO2ez6J0zu1LGNNqRsmIwEQkHkpaGQ_HPACZNs
 D.Ig067Cs55LtsmgE7rDOexn4t_Uo36e9LcoAJ2PUwMQgPF47GEJXX_n1g94Pje5FbfaK6Eg2sVe
 mk1zmhfnFqaWgLkVnCrwWkGW8Bl.L7YMJwQsLKb7ewF342utHEk._xTHUM1i3PIStbHiw.6l73rq
 P2l.MxMvbE.CmZE6gW42Kn4vr9vZVDjLOz_zyKUt7bYqGvZKs6KSI9.kD6yY3_Y9EGLc.3bsPnsb
 19pWRYv4QIHeDuBFn7Md0kSFv7xODdGoeG2YKJDxztfPsAAxLhSHhf0ZDlnS0JCsEtfjaGg6oXen
 rnJsLBtlPipw_FlPL8sahzSy9DwCK_Q--
Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.bf2.yahoo.com with HTTP; Thu, 2 May 2019 16:26:37 +0000
Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.103]) ([67.169.65.224])
          by smtp414.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID c5863758f5d33a2aa8aed50d6f642b99;
          Thu, 02 May 2019 16:26:36 +0000 (UTC)
Subject: Re: [PATCH] kexec_buffer measure
To:     Mimi Zohar <zohar@linux.ibm.com>,
        prakhar srivastava <prsriva02@gmail.com>
Cc:     linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-security-module <linux-security-module@vger.kernel.org>,
        Paul Moore <paul@paul-moore.com>,
        John Johansen <john.johansen@canonical.com>,
        casey@schaufler-ca.com
References: <CAEFn8qKkXgxUKtribbtFwvG9NykGQo10jQ5Du_i9wJz-wKreOA@mail.gmail.com>
 <1555978681.4914.305.camel@linux.ibm.com>
 <1556812101.4134.28.camel@linux.ibm.com>
From:   Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <a30f7742-8368-be0c-4bab-28bcce0966aa@schaufler-ca.com>
Date:   Thu, 2 May 2019 09:26:34 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <1556812101.4134.28.camel@linux.ibm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 5/2/2019 8:48 AM, Mimi Zohar wrote:
> [Cc'ing Paul, John, Casey]
>
> On Mon, 2019-04-22 at 20:18 -0400, Mimi Zohar wrote:
>> [Cc'ing LSM mailing list]
>>
>> On Fri, 2019-04-19 at 17:30 -0700, prakhar srivastava wrote:
>>
>>> 2) Adding a LSM hook
>>> We are doing both the command line and kernel version measurement in IMA.
>>> Can you please elaborate on how this can be used outside of the scenario?
>>> That will help me come back with a better design and code. I am
>>> neutral about this.
>> As I said previously, initially you might want to only measure the
>> kexec boot command line, but will you ever want to verify or audit log
>> the boot command line hash?????Perhaps LSMs would be interested in the
>> boot command line. ??Should this be an LSM hook?
>  From an LSM perspective, is there any interest in the boot command line?

I can imagine an LSM that cares about the command line,
but I have an interest in it for any work I have in progress.

>
> Mimi
>