Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7842928yba; Thu, 2 May 2019 17:55:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJRo0PnvL/6nD/MBN3GTROgKnugwO1IuXf+PsRPkYDc+Rc/mTTR0YlE4XROcTQ7403P8ww X-Received: by 2002:aa7:9206:: with SMTP id 6mr7356119pfo.71.1556844933808; Thu, 02 May 2019 17:55:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556844933; cv=none; d=google.com; s=arc-20160816; b=f8ndkFuQo0/eiUGIMyF/+9tD0g7JcoUuXB2fy+v6oOmMAisLaToAVLwr58tHZnxZzV Cartp/JO0vvtnb/NYb5qZMMvX2UR9aiwyuUoqCP3T4oLgcUxpWOIUStsB4bLttxA+N9Y yWtGDLmmuoEnFvSNMZl+OF9lQXynd9K7x2b52ffDw9uKh5K8jCVT47RM3KU2xhGxBahY l0YWQqfCzQe12qlKRLsyIr1zVoBF4vlkFue9EmeV/H04u4sOYh+HUZZosGJ7XD0XSqr2 lzE1UsczoVzxacGLf/gKop264GpbCep/hQQvk5i9fZya9TjtP5il1HNxp5Q4Ll3dg20x yD2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=NNnxs3dNv5QisYQKvxMFzaYKihd2IybGFDSQhW3HtBQ=; b=t014YYesGjKH6ctiB+3sQpPOBbo/H03Z6zSPFkCSjR3/ooCLM9Br0ry6NicN1F3t9X tQdEF45sJoIlWL2kSr6omJLt1qExZ6MZvMHdy5flEsxH4hoL3JVXB4aQT2A8RpngQJBa OH5ifbbEGIsz8GgVaAnnxvqmbPKHCgB+l+iQCh3eUJ4BP7KwpOaQzpkSt46gbYKssgGg luZRs5MOu50NaOsCju93iwHMKWGIyVde9z8PXEWYIy+it8Mw4lPpuBFnGPE8Ny8ZP9ie APN3TtKBVOsgUHlxLlU/pQWb5OiTnPtv1W7C0/y8nC5YhFA3k5cjn6NVCjnnvP23D9wF Z4lw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n72si625409pfi.0.2019.05.02.17.55.18; Thu, 02 May 2019 17:55:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726528AbfECAyF (ORCPT + 99 others); Thu, 2 May 2019 20:54:05 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:55084 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726114AbfECAyE (ORCPT ); Thu, 2 May 2019 20:54:04 -0400 Received: from fsav110.sakura.ne.jp (fsav110.sakura.ne.jp [27.133.134.237]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id x430roj0088685; Fri, 3 May 2019 09:53:50 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav110.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav110.sakura.ne.jp); Fri, 03 May 2019 09:53:50 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav110.sakura.ne.jp) Received: from [192.168.1.8] (softbank126012062002.bbtec.net [126.12.62.2]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id x430roWk088682 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO); Fri, 3 May 2019 09:53:50 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Subject: Re: [PATCH] kexec_buffer measure To: Casey Schaufler , Mimi Zohar , prakhar srivastava Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module , Paul Moore , John Johansen References: <1555978681.4914.305.camel@linux.ibm.com> <1556812101.4134.28.camel@linux.ibm.com> <7af61ebe-28a8-799c-fe47-d72f247494ed@schaufler-ca.com> From: Tetsuo Handa Message-ID: <5490e443-b3ea-876e-a6b3-6a91005afe61@I-love.SAKURA.ne.jp> Date: Fri, 3 May 2019 09:53:49 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <7af61ebe-28a8-799c-fe47-d72f247494ed@schaufler-ca.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/05/03 1:28, Casey Schaufler wrote: > On 5/2/2019 8:48 AM, Mimi Zohar wrote: >> [Cc'ing Paul, John, Casey] >> >> On Mon, 2019-04-22 at 20:18 -0400, Mimi Zohar wrote: >>> [Cc'ing LSM mailing list] >>> >>> On Fri, 2019-04-19 at 17:30 -0700, prakhar srivastava wrote: >>> >>>> 2) Adding a LSM hook >>>> We are doing both the command line and kernel version measurement in IMA. >>>> Can you please elaborate on how this can be used outside of the scenario? >>>> That will help me come back with a better design and code. I am >>>> neutral about this. >>> As I said previously, initially you might want to only measure the >>> kexec boot command line, but will you ever want to verify or audit log >>> the boot command line hash? Perhaps LSMs would be interested in the >>> boot command line. Should this be an LSM hook? >> From an LSM perspective, is there any interest in the boot command line? > > I can imagine an LSM that cares about the command line, > but I don't have interest in it for any work I have in progress. > Since the kernel command line controls which LSMs to enable, I doubt that an LSM which cares about the command line can detect that the kernel command line was tampered when the kernel command line was tampered...