Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp6401059ybp; Tue, 15 Oct 2019 14:29:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqwcXa5AZOmgt19Q/7eAkAIIdfFlt3LsG7nqqcA74G74kXbVBOjnT8M0nsvUAFutsTFjB5eS X-Received: by 2002:a05:6402:328:: with SMTP id q8mr34833543edw.136.1571174998898; Tue, 15 Oct 2019 14:29:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571174998; cv=none; d=google.com; s=arc-20160816; b=JgP472x200K1kttncBsL7I4QUnvTsu6+VC5dAolsXbOkxlDoVhEGf5c45Zy/eCAbVQ 2Bzd6Rr4g4OwicOIRwOqJYuu/ruGCOXp8RZBuxPycgQwc769G91yddosDMsy52qInkV7 jmxJaXi/OAd+QuxnBVpSI3Xn/iyLR9ubXltlGAWQSG6xqr8A//vCqHvGjn/7/AOqawVm qYxBpZDL0Hp5JNh1TDPnurF9D4dJnd7H5BYLRX5JBDtyA+5IIrfwGAldik5vTrHriNBO 3UNKkg/uzeAg1CH+N0JuIC/Fqkzl2fXGNyBwtFHlDzZ1jJg+dxaMINNS2R8VKfoyMXkE NMOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Pfvg+FTtrisg7B2S8oM0CWu26E9e8Sf1gXQfTf34924=; b=fm8q1OKDnFr0wMor6DY02agvBbSUm55PneIyzBJftPLFEvh/n8o3A0BxTLZFZMVH6q X/LHkGl8hNLwslLhAHefxh3JF4pwfR39wX1yBTb+XBPXac1eLW3JyM+sudO/eSwK8XEN Y4uVGieoHRqSWytHAdtUmB5pPGoeGoY3z8uHo3CGoQJGPA2spcVSRs0TYxf6SzW01g1C pfysgJpGkbhcgSEh38WhCXEU08cUBk8aVmoJ2MUYUen6Fdky8+XTi7TbR08ZRjzfB+Ou k6JvqKrwFa18cckKJgBZy0OQ/FKgqs5QlhgT130ydgvLNDTyjvCQ6lk9/nabK5/OGkxy s7Cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=DWS32Jsm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a8si15895098edm.240.2019.10.15.14.29.35; Tue, 15 Oct 2019 14:29:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=DWS32Jsm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728707AbfJOSrb (ORCPT + 99 others); Tue, 15 Oct 2019 14:47:31 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:44643 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727083AbfJOSrb (ORCPT ); Tue, 15 Oct 2019 14:47:31 -0400 Received: by mail-ed1-f68.google.com with SMTP id r16so18977675edq.11 for ; Tue, 15 Oct 2019 11:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Pfvg+FTtrisg7B2S8oM0CWu26E9e8Sf1gXQfTf34924=; b=DWS32JsmOlg5VgikKYtVcPLKwn3b9Q4/V0KNahVXNAMx9O+6dQVwKcEF+Lndyz/cUP T8qVbCzzI3QD4vSRPTkIfkRWU0VtopbR5bmjoK4EhIeo9z9nHu8Y2+S4WUCHESEGLueY kZnycdUuYFT92OAHv90YZyjrMLD64mqJ+UjTBIxOfJG0g2TXBBHtiI1uNutceqDunni7 83OPAVIphlgUTv6vOQ4XNmhn+EIzhha33eHjbIWmFxMuCd9Q36GIFYhc2Df2CVCFka+j tj76RJeVAtrK9OBMXa9y9PmMSeCS5tBi6bId/9RNBVnNplRBX3EyVTbe+cvZFAJ/BjE7 ZpZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Pfvg+FTtrisg7B2S8oM0CWu26E9e8Sf1gXQfTf34924=; b=hQBHGnIeZLePC9XI0DtwiqQOxwmU+3+oK5EGZIZYkAPopAI6R285UL9lF3/QO1JWFZ OXHJWnc+XYkPRQDCXQk4k8bkPA+qRw27CuS21457mM/Brl7xVD0m2UIpvCwYJsTHVgdT d62W3O5FQ1mMztUfft/aGSTjjR4+RZipgKvAKK7R/m5fXyhOUXw+GZoi0dmeH5PW88sZ nEy+JJy/lSzu9JiHZxOnDGb7Bi8ZRM2Oss5TM5PBlxAH13eyA4ip+eFTs3QOacsUs88t XiGI/DBeXmVsF9iPoh1QzDEVBsUMFcO+FEg+p71G2WC05iOlfVLUCdqTMkAu7TQQ3MQW Bapw== X-Gm-Message-State: APjAAAXlMcj5BaxbyE4mUANVBujjvCGbHuD7gAG8JQRQ2zislP/DfY26 FGaDnD82uoqk413Ewo7Q3a0vT30xAowRKwATQOeXYQ== X-Received: by 2002:a05:6402:2022:: with SMTP id ay2mr34963109edb.219.1571165249255; Tue, 15 Oct 2019 11:47:29 -0700 (PDT) MIME-Version: 1.0 References: <20191011003600.22090-1-prsriva@linux.microsoft.com> <87d92514-e5e4-a79f-467f-f24a4ed279b6@arm.com> <0053eb68-0905-4679-c97a-00c5cb6f1abb@arm.com> In-Reply-To: <0053eb68-0905-4679-c97a-00c5cb6f1abb@arm.com> From: Pavel Tatashin Date: Tue, 15 Oct 2019 14:47:18 -0400 Message-ID: Subject: Re: [PATCH V4 0/2] Add support for arm64 to carry ima measurement To: James Morse Cc: prsriva , LKML , Linux ARM , linux-integrity@vger.kernel.org, kexec mailing list , Mark Rutland , jean-philippe@linaro.org, arnd@arndb.de, takahiro.akashi@linaro.org, sboyd@kernel.org, Catalin Marinas , zohar@linux.ibm.com, Masahiro Yamada , duwe@lst.de, bauerman@linux.ibm.com, Thomas Gleixner , allison@lohutok.net, Ard Biesheuvel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > I think the UEFI persistent-memory-reservations thing is a better fit for this [0][1]. Hi James, Thank you for your thought. As I understand you propose the to use the existing method as such: 1. Use the existing kexec ABI to pass reservation from kernel to kernel using EFI the same as is done for GICv3 tables. 2. Allow this memory to be reservable only during first Linux boot via EFI memory reserve 3. Allow to have this memory pre-reserved by firmware or to be embedded into device tree. A question I have is how to tell that a reserved region is reserved for IMA use. With GICv3 it is done by reading the registers, finding the interrupt tables memory, and check that the memory ranges are indeed pre-reserved. Is there a way to name memory with the current ABI that you think is acceptable? Thank you, Pasha