Re: [RFC PATCH v1 1/1] Add support for arm64 to carry ima measurement log in kexec_file_load

From: prsriva
Date: Tue Sep 24 2019 - 16:27:09 EST

Next message: Jann Horn: "Re: [PATCH v2 7/7] random: Remove kernel.random.read_wakeup_threshold"
Previous message: Thiago Jung Bauermann: "Re: [RFC PATCH v1 1/1] Add support for arm64 to carry ima measurement log in kexec_file_load"
In reply to: Thiago Jung Bauermann: "Re: [RFC PATCH v1 1/1] Add support for arm64 to carry ima measurement log in kexec_file_load"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/19/19 8:07 PM, Thiago Jung Bauermann wrote:

Hello Prakhar,

Prakhar Srivastava <prsriva@xxxxxxxxxxxxxxxxxxx> writes:

During kexec_file_load, carrying forward the ima measurement log allows
a verifying party to get the entire runtime event log since the last
full reboot since that is when PCRs were last reset.

<snip>

In the previous patch, you took the powerpc file and made a few
modifications to fit your needs. This file is now somewhat different
than the powerpc version, but I don't understand to what purpose. It's
not different in any significant way.

Based on review comments from your previous patch, I was expecting to
see code from the powerpc file moved to an arch-independent part of the
the kernel and possibly adapted so that both arm64 and powerpc could use
it. Can you explain why you chose this approach instead? What is the
advantage of having superficially different but basically equivalent
code in the two architectures?

Actually, there's one change that is significant: instead of a single
linux,ima-kexec-buffer property holding the start address and size of
the buffer, ARM64 is now using two properties (linux,ima-kexec-buffer
and linux,ima-kexec-buffer-end) for the start and end addresses. In my
opinion, unless there's a good reason for it Linux should be consistent
accross architectures when possible.

--
Thiago Jung Bauermann
IBM Linux Technology Center

I looked at the of_ drivers are it became apparent that the driver calls
were already available for consumption. Adding ima specific code will be
same as adding wrapper code for any other property. Which is true for
all properties, effectively setting the property name and pass through
for other parameters.

I still like to move both implementations to a arch independent code path, i could not convince my self that of_*ima is probably the place, but if that's the best place?, then i will go ahead and make that change as well.

Regarding using two properties, it just seemed more consistent how the
properties(start-end) are being used in the kexec, and hides the inner details for the cell structures, thats all.

Its just the placement of the wrapper functions, but once thats done
both archs will call the same.

Thanks,
Prakhar Srivastava

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Next message: Jann Horn: "Re: [PATCH v2 7/7] random: Remove kernel.random.read_wakeup_threshold"
Previous message: Thiago Jung Bauermann: "Re: [RFC PATCH v1 1/1] Add support for arm64 to carry ima measurement log in kexec_file_load"
In reply to: Thiago Jung Bauermann: "Re: [RFC PATCH v1 1/1] Add support for arm64 to carry ima measurement log in kexec_file_load"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]