[PATCH V3 5/6] Update the Kconfig to support carrying forward the IMA Measurement log and and update the setup_dtb call to add the linux,ima-kexec-buffer property to the DTB.
From: Prakhar Srivastava
Date: Mon Jul 20 2020 - 11:24:07 EST
Signed-off-by: Prakhar Srivastava <prsriva@xxxxxxxxxxxxxxxxxxx>
---
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/machine_kexec_file.c | 11 +++++++++++
2 files changed, 12 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 66dc41fd49f2..ece34b8ca648 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1077,6 +1077,7 @@ config KEXEC
config KEXEC_FILE
bool "kexec file based system call"
select KEXEC_CORE
+ select HAVE_IMA_KEXEC
help
This is new version of kexec system call. This system call is
file based and takes file descriptors as system call argument
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 4c54723e7a04..066670c43626 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -153,6 +153,17 @@ static int setup_dtb(struct kimage *image,
FDT_PROP_KASLR_SEED);
}
+ /* add ima-kexec-buffer */
+ if (image->arch.ima_buffer_size > 0) {
+
+ ret = fdt_appendprop_addrrange(dtb, 0, off,
+ "linux,ima-kexec-buffer",
+ image->arch.ima_buffer_addr,
+ image->arch.ima_buffer_size);
+ if (ret)
+ return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+ }
+
/* add rng-seed */
if (rng_is_initialized()) {
void *rng_seed;
--
2.25.1