Re: [PATCH v3 0/9] kexec_file_load implementation for PowerPC
From: Balbir Singh
Date: Wed Jun 22 2016 - 19:58:12 EST
On 23/06/16 03:02, Thiago Jung Bauermann wrote:
> Hello Balbir,
>
Hi Thiago
>>> 3. have IMA pass-on its event log (where integrity measurements are
>>>
>>> registered) accross kexec to the second kernel, so that the event
>>> history is preserved.
>>
>> OK.. and this is safe? Do both the kernels need to be signed by the
>> same certificate?
>
> They don't. The integrity of the event log (assuming that is what you mean
> by "this" in "this is safe") is guaranteed by the TPM device. Each event in
> the measurement list extends a PCR and records its PCR value. It is
> cryptographically guaranteed that if you replay the PCR extends recorded in
> the event log and in the end of the process they match the current PCR
> values in the TPM device, then that event log is correct.
What I meant was how does the new kernel know that the old kernel did not
cheat while passing on the values? I presume because we trust that kernel
via a signature.
and
How do we know the new kernel is safe to load - I guess via a signature that
the new kernel is signed with (assuming it is present in the key ring).
Balbir Singh