Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp2041642ybe; Sat, 14 Sep 2019 06:52:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqyz3o49ogrqdMwZ4ZJf4Yo/DHETFWHjpPLfN0dosWYAo9EGlc6u9K+45z9gsLIvRtbdZnvf X-Received: by 2002:a17:906:1cc6:: with SMTP id i6mr5407616ejh.40.1568469138056; Sat, 14 Sep 2019 06:52:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568469138; cv=none; d=google.com; s=arc-20160816; b=iZ6rvC8HbPfu1q6/857apx91rNN3dakXiX46gYZFzhJDDGVhocD512xubaVUTdAxu8 m5Lmh71NHvVEVUWEfBevz7hiIBF2F87RzMsDfsaTx4fQwxBnOW+krsoWE1bGaBlXz6rc UZA504ZN8v5R8QjFa/va85h3e1ORGctQgDxgwCdM5uD8QK+rJF2TGlybecBHTqn71JXh DZIzx0F8oxQWzm57ixFeU4qK866H415p5raWGaK72yRK1xYyPZolSUassl/uv1Qu0vun XNo3EPQg1zzDCWLBS+IcnHGCPBWi68but5VWFw2oUZQqcdTPJBTZvLfEOT6n4RFO3Fc9 cvwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-filter; bh=Ck10hN0ALxc3sSRE3XtIyS5Uu6gzIjAki3xqqRZZhHc=; b=0IoNUC8lKxQP+LNldER1kkCSNc1hGh92bvK3+i44kvNvwH3+ZD0KdzomvnN6gUJB2r +FEUijg0tBVzV2+rQvKmJe3iNJrBhTumGMDU6+DUfdm61EWibaQRH94sndPP9wschQvv kMezKP3npa03b0pM7TGkKxrpg37RklIR8oLbPmdvM0NrwqKjziVAWziAoHHaPDlNlQLU Jk7MvhmjRyeociqj2Qxri302RlWSDwtgaTuSKleO71Kbof7heN7EKqlw0Du7cH8CNkzJ SyAQ4n124MiMQ7p2wSE6VTjR0tTaun6aL4HRek1HHafwWbhoEC+Dvw7oZFHFZFnsYTwp u1pg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o16si16368065ejr.190.2019.09.14.06.51.54; Sat, 14 Sep 2019 06:52:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404193AbfIMWuR (ORCPT + 99 others); Fri, 13 Sep 2019 18:50:17 -0400 Received: from linux.microsoft.com ([13.77.154.182]:46632 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404114AbfIMWuR (ORCPT ); Fri, 13 Sep 2019 18:50:17 -0400 Received: from prsriva-Precision-Tower-5810.corp.microsoft.com (unknown [167.220.2.18]) by linux.microsoft.com (Postfix) with ESMTPSA id E945020B7186; Fri, 13 Sep 2019 15:50:15 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E945020B7186 From: Prakhar Srivastava To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-integrity@vger.kernel.org, kexec@lists.infradead.org Cc: arnd@arndb.de, jean-philippe@linaro.org, allison@lohutok.net, kristina.martsenko@arm.org, yamada.masahiro@socionext.com, duwe@lst.de, mark.rutland@arm.com, tglx@linutronix.de, takahiro.akashi@linaro.org, james.morse@arm.org, catalin.marinas@arm.com, sboyd@kernel.org, bauerman@linux.ibm.com, zohar@linux.ibm.com Subject: [RFC PATCH v1 0/1] Add support for arm64 to carry ima measurement log in kexec_file_load Date: Fri, 13 Sep 2019 15:50:08 -0700 Message-Id: <20190913225009.3406-1-prsriva@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add support for arm64 to carry ima measurement log to the next kexec'ed session triggered via kexec_file_load. - Top of Linux 5.3-rc6 Currently during kexec the kernel file signatures are/can be validated prior to actual load, the information(PE/ima signature) is not carried to the next session. This lead to loss of information. Carrying forward the ima measurement log to the next kexec'ed session allows a verifying party to get the entire runtime event log since the last full reboot, since that is when PCRs were last reset. Changelog: v1: - add new fdt porperties to mark start and end for ima measurement log. - use fdt_* functions to add/remove fdt properties and memory allocations. - remove additional check for endian-ness as they are checked in fdt_* functions. v0: - Add support to carry ima measurement log in arm64, uses same code as powerpc. Prakhar Srivastava (1): Add support for arm64 to carry ima measurement log in kexec_file_load arch/arm64/Kconfig | 7 + arch/arm64/include/asm/ima.h | 29 ++++ arch/arm64/include/asm/kexec.h | 5 + arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/ima_kexec.c | 213 +++++++++++++++++++++++++ arch/arm64/kernel/machine_kexec_file.c | 6 + 6 files changed, 262 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/include/asm/ima.h create mode 100644 arch/arm64/kernel/ima_kexec.c -- 2.17.1