called that send commands to the TPM to perform
or continue its selftest. However, the firmware should already have sent
these commands so that the TPM will not do much work at this time.
Signed-off-by: Stefan Berger
---
drivers/char/tpm/tpm2-sessions.c | 1 -
drivers/char/tpm/tpm_ibmvtpm.c | 15
sessions.c
+++ b/drivers/char/tpm/tpm2-sessions.c
@@ -1362,4 +1362,5 @@ int tpm2_sessions_init(struct tpm_chip *chip)
return rc;
}
+EXPORT_SYMBOL(tpm2_sessions_init);
#endif /* CONFIG_TCG_TPM2_HMAC */
Reviewed-by: Jarkko Sakkinen
Would have tested it but machine is down..
Reviewed-by: Stefan Berger
BR, Jarkko
he missing call to tpm2_session_init() to the ibmvtpm driver to
resolve this issue.
Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/tpm_ibmvtpm.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/char/tpm/tpm_ibmvtpm.
On 7/1/24 15:01, Jarkko Sakkinen wrote:
On Mon Jul 1, 2024 at 6:29 PM UTC, Stefan Berger wrote:
On 7/1/24 11:22, Jarkko Sakkinen wrote:
On Fri, 2024-06-28 at 17:00 +0200, Linux regression tracking (Thorsten
Leemhuis) wrote:
[CCing the regression list]
On 20.06.24 00:34, Stefan Berger
On 7/1/24 11:22, Jarkko Sakkinen wrote:
On Fri, 2024-06-28 at 17:00 +0200, Linux regression tracking (Thorsten
Leemhuis) wrote:
[CCing the regression list]
On 20.06.24 00:34, Stefan Berger wrote:
Jarkko,
are you ok with this patch?
Hmmm, hope I did not miss anythng, but looks like
On 6/28/24 12:39, James Bottomley wrote:
On Fri, 2024-06-28 at 10:54 +1000, Michael Ellerman wrote:
Stefan Berger writes:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[ 2.987131] tpm tpm0: tpm2_load_context: failed
Jarkko,
are you ok with this patch?
Stefan
On 6/17/24 15:34, Stefan Berger wrote:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[2.987131] tpm tpm0: tpm2_load_context: failed with a TPM error 0x01C4
[2.987140] ima
On 6/17/24 16:05, James Bottomley wrote:
On Mon, 2024-06-17 at 15:56 -0400, Stefan Berger wrote:
On 6/17/24 15:42, James Bottomley wrote:
On Mon, 2024-06-17 at 15:34 -0400, Stefan Berger wrote:
Fix the following type of error message caused by a missing call
to
tpm2_sessions_init() in
On 6/17/24 15:42, James Bottomley wrote:
On Mon, 2024-06-17 at 15:34 -0400, Stefan Berger wrote:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[ 2.987131] tpm tpm0: tpm2_load_context: failed with a TPM error
0x01C4
imary creation")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/tpm_ibmvtpm.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
index d3989b257f42..1e5b107d1f3b 100644
--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/driver
On 3/12/24 11:43, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 10:33 PM EET, Stefan Berger wrote:
On 3/11/24 16:25, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found in
On 3/12/24 12:22, Rob Herring wrote:
On Tue, Mar 12, 2024 at 09:32:50PM +1100, Michael Ellerman wrote:
Rob Herring writes:
On Fri, Mar 08, 2024 at 07:23:35AM -0500, Stefan Berger wrote:
On 3/7/24 16:52, Rob Herring wrote:
On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote
On 3/12/24 11:50, Jarkko Sakkinen wrote:
On Tue Mar 12, 2024 at 12:35 PM EET, Michael Ellerman wrote:
Stefan Berger writes:
On 3/7/24 15:00, Jarkko Sakkinen wrote:
On Thu Mar 7, 2024 at 9:57 PM EET, Jarkko Sakkinen wrote:
in short summary: s/Use/use/
On Wed Mar 6, 2024 at 5:55 PM EET
On 3/12/24 07:11, Lukas Wunner wrote:
On Mon, Mar 11, 2024 at 09:20:29AM -0400, Stefan Berger wrote:
Add linux,sml-log, which carries the firmware TPM log in a uint8-array, to
the properties. Either this property is required or both linux,sml-base and
linux,sml-size are required. Add a test
On 3/11/24 16:25, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found in linux,sml-base. This resolves an issue on PowerVM and KVM
on Power where after a kexec the memory pointed
On 3/11/24 13:24, Christophe Leroy wrote:
Le 11/03/2024 à 14:20, Stefan Berger a écrit :
linux,sml-base holds the address of a buffer with the TPM log. This
buffer may become invalid after a kexec. To avoid accessing an invalid
address or corrupted buffer, embed the whole TPM log in the
tree
binding documentation")
Cc: Lukas Wunner
Cc: Nayna Jain
Signed-off-by: Michael Ellerman
Signed-off-by: Stefan Berger
---
.../devicetree/bindings/tpm/ibm,vtpm.yaml | 20 +--
.../devicetree/bindings/tpm/tpm-common.yaml | 14 -
2 files changed, 31 insert
,sml-base and linux,sml-size on these two platforms.
Keep the handling of linux,sml-base/sml-size for powernv platforms that
provide the two properties via skiboot.
Fixes: c5df39262dd5 ("drivers/char/tpm: Add securityfs support for event log")
Signed-off-by: Stefan Berger
---
driver
pport for instantiating SML from Open
Firmware")
Suggested-by: Michael Ellerman
Signed-off-by: Stefan Berger
---
arch/powerpc/kernel/prom_init.c | 27 +++
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powe
with
either of the two kexec syscalls.
Regards,
Stefan
v2:
- Added DT bindings patch (2/3)
- Reformulated commit messages and addded Fixes tags
- Follow Michael's suggestion on prom_init patch (1/3)
Stefan Berger (3):
powerpc/prom_init: Replace linux,sml-base/sml-size with linux,sm
On 3/8/24 15:57, Rob Herring wrote:
On Fri, Mar 08, 2024 at 07:23:35AM -0500, Stefan Berger wrote:
On 3/7/24 16:52, Rob Herring wrote:
On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote:
Stefan Berger writes:
linux,sml-base holds the address of a buffer with the TPM log
On 3/7/24 16:52, Rob Herring wrote:
On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote:
Stefan Berger writes:
linux,sml-base holds the address of a buffer with the TPM log. This
buffer may become invalid after a kexec and therefore embed the whole TPM
log in linux,sml-log
On 3/7/24 15:00, Jarkko Sakkinen wrote:
On Thu Mar 7, 2024 at 9:57 PM EET, Jarkko Sakkinen wrote:
in short summary: s/Use/use/
On Wed Mar 6, 2024 at 5:55 PM EET, Stefan Berger wrote:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found in linux,sml-base
On 3/7/24 16:42, Rob Herring wrote:
On Wed, Mar 06, 2024 at 11:08:20AM -0500, Stefan Berger wrote:
On 3/6/24 10:55, Stefan Berger wrote:
This series resolves an issue on PowerVM and KVM on Power where the memory
the TPM log was held in may become inaccessible or corrupted after a kexec
On 3/7/24 15:39, Conor Dooley wrote:
On Thu, Mar 07, 2024 at 10:11:03AM -0500, Stefan Berger wrote:
On 3/7/24 05:41, Michael Ellerman wrote:
Stefan Berger writes:
diff --git a/Documentation/devicetree/bindings/tpm/tpm-common.yaml
b/Documentation/devicetree/bindings/tpm/tpm-common.yaml
On 3/7/24 05:41, Michael Ellerman wrote:
Stefan Berger writes:
linux,sml-base holds the address of a buffer with the TPM log. This
buffer may become invalid after a kexec and therefore embed the whole TPM
log in linux,sml-log. This helps to protect the log since it is properly
carried
On 3/7/24 05:42, Michael Ellerman wrote:
Stefan Berger writes:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found in linux,sml-base. This resolves an issue on PowerVM and KVM
on Power where after a kexec the memory pointed to by linux,sml-base may
have
On 3/6/24 10:55, Stefan Berger wrote:
This series resolves an issue on PowerVM and KVM on Power where the memory
the TPM log was held in may become inaccessible or corrupted after a kexec
soft reboot. The solution on these two platforms is to store the whole log
in the device tree because the
,sml-size on these two platforms.
Signed-off-by: Stefan Berger
---
drivers/char/tpm/eventlog/of.c | 36 +++---
1 file changed, 11 insertions(+), 25 deletions(-)
diff --git a/drivers/char/tpm/eventlog/of.c b/drivers/char/tpm/eventlog/of.c
index 930fe43d5daf
linux,sml-base holds the address of a buffer with the TPM log. This
buffer may become invalid after a kexec and therefore embed the whole TPM
log in linux,sml-log. This helps to protect the log since it is properly
carried across a kexec with both of the kexec syscalls.
Signed-off-by: Stefan
with
either of the two kexec syscalls.
Regards,
Stefan
Stefan Berger (2):
powerpc/prom_init: Replace linux,sml-base/sml-size with linux,sml-log
tpm: of: If available Use linux,sml-log to get the log and its size
arch/powerpc/kernel/prom_init.c | 8 ++--
drivers/char/tpm/eventlog/of.c
6e22f12b19 ("tpm: enhance read_log_of() to support Physical TPM event
log")
Signed-off-by: Michael Ellerman
Reviewed-by: Stefan Berger
---
arch/powerpc/kernel/prom_init.c | 8 ++--
drivers/char/tpm/eventlog/of.c | 23 ---
2 files changed, 10 insertions(+), 21 de
is patch.
Fixes: a0458284f062 ("powerpc: Add support code for kexec_file_load()")
Reported-by: Stefan Berger
Signed-off-by: Michael Ellerman
I agree to the code:
Reviewed-by: Stefan Berger
On 6/9/23 14:18, Jarkko Sakkinen wrote:
On Thu May 25, 2023 at 1:56 AM EEST, Jerry Snitselaar wrote:
On Tue, Apr 18, 2023 at 09:44:07AM -0400, Stefan Berger wrote:
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it
On 5/24/23 19:16, Jerry Snitselaar wrote:
On Tue, Apr 18, 2023 at 09:44:08AM -0400, Stefan Berger wrote:
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed-by: Mimi Zohar
Reviewed-by: Rob Herring
Tested-by: Nageswara R Sastry
Tested-by: Coiby Xu
---
v6:
- Add
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file change
tem
and ensures a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
Tested-by: Nag
- fixed compilation issues for x86
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree specific function commonly available
of: kexec: Refactor IMA buffer related functions to make them reusable
tpm/kexec: Duplicate TPM measur
On 2/23/23 22:25, Michael Ellerman wrote:
The TPM code in prom_init.c creates a small buffer of memory to store
the TPM's SML (Stored Measurement Log). It's communicated to Linux via
the linux,sml-base/size device tree properties of the TPM node.
When kexec'ing that buffer can be overwritten,
TPM event
log")
Signed-off-by: Michael Ellerman
Reviewed-by: Stefan Berger
On 2/13/23 06:32, Michael Ellerman wrote:
Stefan Berger writes:
On 2/10/23 03:03, Andrew Donnellan wrote:
From: Russell Currey
...
+static int plpks_set_variable(const char *key, u64 key_len, u8 *data,
+ u64 data_size)
+{
+ struct plpks_var var = {0
On 2/10/23 16:23, Stefan Berger wrote:
+
+// PLPKS dynamic secure boot doesn't give us a format string in the same way
OPAL does.
+// Instead, report the format using the SB_VERSION variable in the keystore.
+// The string is made up by us, and takes the form "ibm,plpks-sb-v&
On 2/10/23 03:03, Andrew Donnellan wrote:
From: Russell Currey
The pseries platform can support dynamic secure boot (i.e. secure boot
using user-defined keys) using variables contained with the PowerVM LPAR
Platform KeyStore (PLPKS). Using the powerpc secvar API, expose the
relevant variabl
ting memory for password.\n");
+ goto out;
+ }
+
+ memcpy(ospassword, password, len);
+ ospasswordlength = (u16)len;
+
+out:
+ fdt_nop_property(fdt, chosen_node, "ibm,plpks-pw");
+ // Since we've cleared the password, we must update the FDT checksum
+ early_init_dt_verify(fdt);
+}
+
static __init int pseries_plpks_init(void)
{
int rc;
Reviewed-by: Stefan Berger
return -ENODEV;
}
- set_secvar_ops(&opal_secvar_ops);
-
- return 0;
+ return set_secvar_ops(&opal_secvar_ops);
}
static const struct of_device_id opal_secvar_match[] = {
Reviewed-by: Stefan Berger
goto out;
Reviewed-by: Stefan Berger
ty. These are equivalent, as skiboot creates
a node with both "ibm,edk2-compat-v1" and "ibm,secvar-backend" as
compatible strings.)
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
On 1/31/23 01:39, Andrew Donnellan wrote:
From: Russell Currey
The pseries platform can support dynamic secure boot (i.e. secure boot
using user-defined keys) using variables contained with the PowerVM LPAR
Platform KeyStore (PLPKS). Using the powerpc secvar API, expose the
relevant variabl
On 1/31/23 01:39, Andrew Donnellan wrote:
From: Russell Currey
Before interacting with the PLPKS, we ask the hypervisor to generate a
password for the current boot, which is then required for most further
PLPKS operations.
If we kexec into a new kernel, the new kernel will try and fail to
g
: Stefan Berger
---
v3: New patch
v5: Drop plpks_get_password() since we no longer need to expose it.
---
arch/powerpc/include/asm/plpks.h | 5 +
arch/powerpc/platforms/pseries/plpks.c | 5 +
2 files changed, 10 insertions(+)
diff --git a/arch/powerpc/include/asm/plpks.h b
off-by: Russell Currey
Reviewed-by: Stefan Berger
---
v3: New patch
v5: Change the previous description into a comment (npiggin)
---
arch/powerpc/Kconfig | 1 +
arch/powerpc/platforms/pseries/Kconfig | 19 +--
2 files changed, 10 insertions(+), 10 del
ller to
allocate it. If the caller needs to discover the size, it can set
var->data to NULL and var->datalen will be populated. Update header file
to document this.
It looks like there are no callers yet that would need to be adapted...
Reviewed-by: Stefan Berger
Suggested-by: Michael E
lose information from the conversion.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
arch/powerpc/platforms/pseries/plpks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/ps
Nayna Jain
[ajd: split patch, add timeout handling and misc cleanups]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
dary.
Signed-off-by: Nayna Jain
[ajd: split patch, extend to support additional v3 API fields, minor fixes]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
Donnellan
Reviewed-by: Stefan Berger
owerpc/platforms/pseries/plpks.c
+++ b/arch/powerpc/platforms/pseries/plpks.c
@@ -18,8 +18,7 @@
#include
#include
#include
-
-#include "plpks.h"
+#include
#define PKS_FW_OWNER 0x1
#define PKS_BOOTLOADER_OWNER 0x2
Reviewed-by: Stefan Berger
codes that aren't ENOENT.
Reported-by: Sudhakar Kuppusamy
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/secvar-sysfs
;
+ if (max_size > PAGE_SIZE)
+ pr_warn_ratelimited("PAGE_SIZE (%lu) is smaller than maximum object
size (%llu), writes are limited to PAGE_SIZE\n",
+ PAGE_SIZE, max_size);
+
return 0;
err:
kobject_put(secvar_kob
static();
+
+ if (rc) {
+ pr_err("Failed to create variable attributes\n");
+ goto err;
+ }
return 0;
err:
With the above change:
Reviewed-by: Stefan Berger
.
This is not being used by the OPAL secvar implementation at present, and
the config directory will not be created if no attributes are set.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: Remove unnecessary
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
functional change.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
ell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
struct file *filep, struct kobject *kobj,
Reviewed-by: Stefan Berger
rc);
+ pr_err("error getting secvar from firmware
%d\n", rc);
+ else
+ rc = 0;
+
break;
}
Reviewed-by: Stefan Berger
On 1/31/23 01:39, Andrew Donnellan wrote:
From: Russell Currey
The secvar code only supports one consumer at a time.
Multiple consumers aren't possible at this point in time, but we'd want
it to be obvious if it ever could happen.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donn
On 1/18/23 01:10, Andrew Donnellan wrote:
+
+// PLPKS dynamic secure boot doesn't give us a format string in the same way
OPAL does.
+// Instead, report the format using the SB_VERSION variable in the keystore.
+static ssize_t plpks_secvar_format(char *buf)
Ideally there would be a size_t
potentially better alternative, also from the perspective of the changes need,
which is a lot less , and it's already used for other stuff as well.
Stefan
On Thu, Sep 01, 2022 at 05:46:06PM -0400, Stefan Berger wrote:
The of-tree subsystem does not currently preserve the IBM vTPM 1.2 and
vTP
tem
and ensures a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
Tested-by: Nag
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed-by: Mimi Zohar
Reviewed-by: Rob Herring
Tested-by: Nageswara R Sastry
Tested-by: Coiby Xu
---
v6:
- Add
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file change
ot can test the series already
- Changes to individual patches documented in patch descripitons
v3:
- Moved TPM Open Firmware related function to
drivers/char/tpm/eventlog/tpm_of.c
v2:
- rearranged patches
- fixed compilation issues for x86
Palmer Dabbelt (1):
drivers: of: kexec ima: Su
On 8/15/22 02:48, Coiby Xu wrote:
I can confirm this patch set fixes an issue that guest kdump kernel
crashes on POWER9 host by applying it to 5.19.1 (there is a conflict
when applying this patch set to latest kernel i.e. 6.0.0-rc1)
I rebased it. 2 of the borrowed patches disappeared now sin
On 8/12/22 13:10, Borislav Petkov wrote:
On Fri, Aug 12, 2022 at 12:43:02PM -0400, Stefan Berger wrote:
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the pre
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file change
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
Reviewed-by: Mimi Zohar
Reviewed-by: Rob Herring
Tested-by: Nageswara R Sastry
---
v6:
- Add __init to
tem
and ensures a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
Tested-by: Nag
irmware related function to
drivers/char/tpm/eventlog/tpm_of.c
v2:
- rearranged patches
- fixed compilation issues for x86
Jonathan McDowell (1):
x86/kexec: Carry forward IMA measurement log on kexec
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan Berger (3):
tpm: o
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command line parameters passed to the kernel in the
kexec call may also be measured by IMA.
A remote attestation servic
On 7/10/22 23:04, Jarkko Sakkinen wrote:
On Wed, Jul 06, 2022 at 11:23:27AM -0400, Stefan Berger wrote:
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new
On 7/11/22 18:04, Mimi Zohar wrote:
Hi Stefan,
On Thu, 2022-07-07 at 13:20 -0400, Stefan Berger wrote:
- /*
-* For both vtpm/tpm, firmware has log addr and log size in big
-* endian format. But in case of vtpm, there is a method called
-* sml-handover which is
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v6:
- Add __init to get_kexec_buffer as suggested by Jonathan
v5:
- Rebased on Jonathan McDowell's c
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the pre
tem
and ensures a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
---
v6:
- Defin
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
From: Jonathan McDowell
On kexec file load, the Integrity Measurement Architecture (IMA)
subsystem may verify the IMA signature of the kernel and initramfs, and
measure it. The command line parameters passed to the kernel in the
kexec call may also be measured by IMA.
A remote attestation servic
From: Palmer Dabbelt
RISC-V recently added kexec_file() support, which uses enables kexec
IMA. We're the first 32-bit platform to support this, so we found a
build bug.
Acked-by: Rob Herring
Signed-off-by: Palmer Dabbelt
Reviewed-by: Mimi Zohar
---
drivers/of/kexec.c | 4 ++--
1 file change
athan McDowell (1):
x86/kexec: Carry forward IMA measurement log on kexec
Palmer Dabbelt (1):
drivers: of: kexec ima: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree specific function commonly available
of: kexec: Refactor IMA buffer related functions to make them reusable
On 7/7/22 10:47, Jonathan McDowell wrote:
On Wed, Jul 06, 2022 at 11:23:28AM -0400, Stefan Berger wrote:
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v5
Refactor IMA buffer related functions to make them reusable for carrying
TPM logs across kexec.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Mimi Zohar
---
v5:
- Rebased on Jonathan McDowell's commit "b69a2afd5afc x86/kexec: Carry
forward IMA measurement lo
From: Vaibhav Jain
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the pre
tem
and ensures a valid buffer pointed to by the of-tree.
Use the subsys_initcall(), rather than an ealier initcall, since
page_is_ram() in get_kexec_buffer() only starts working at this stage.
Signed-off-by: Stefan Berger
Cc: Rob Herring
Cc: Frank Rowand
Cc: Eric Biederman
---
v4:
- Added #
c ima: Support 32-bit platforms
Stefan Berger (3):
tpm: of: Make of-tree specific function commonly available
of: kexec: Refactor IMA buffer related functions to make them reusable
tpm/kexec: Duplicate TPM measurement log in of-tree for kexec
Vaibhav Jain (1):
of: check previous kernel&
Simplify tpm_read_log_of() by moving reusable parts of the code into
an inline function that makes it commonly available so it can be
used also for kexec support. Call the new of_tpm_get_sml_parameters()
function from the TPM Open Firmware driver.
Signed-off-by: Stefan Berger
Cc: Jarkko Sakkinen
1 - 100 of 149 matches
Mail list logo
