On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
+void process_buffer_measurement(const void *buf, int size,
+ const char *eventname, enum ima_hooks func,
+ int pcr)
{
int ret = 0;
struct ima_template_entry *entry = N
On 10/23/2019 8:47 PM, Nayna Jain wrote:
This patch defines a function to detect the secure boot state of a
PowerNV system.
+bool is_ppc_secureboot_enabled(void)
+{
+ struct device_node *node;
+ bool enabled = false;
+
+ node = of_find_compatible_node(NULL, NULL, "ibm,secvar-
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+/*
+ * The "secure_rules" are enabled only on "secureboot" enabled systems.
+ * These rules verify the file signatures against known good values.
+ * The "appraise_type=imasig|modsig" option allows the known good signature
+ * to be stored as an xattr or
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+bool is_ppc_trustedboot_enabled(void)
+{
+ struct device_node *node;
+ bool enabled = false;
+
+ node = get_ppc_fw_sb_node();
+ enabled = of_property_read_bool(node, "trusted-enabled");
Can get_ppc_fw_sb_node return NULL?
Would
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+/*
+ * The "secure_and_trusted_rules" contains rules for both the secure boot and
+ * trusted boot. The "template=ima-modsig" option includes the appended
+ * signature, when available, in the IMA measurement list.
+ */
+static const char *const secure_a
On 10/23/2019 8:47 PM, Nayna Jain wrote:
+/*
+ * ima_check_blacklist - determine if the binary is blacklisted.
+ *
+ * Add the hash of the blacklisted binary to the measurement list, based
+ * on policy.
+ *
+ * Returns -EPERM if the hash is blacklisted.
+ */
+int ima_check_blacklist(struct inte
On 10/24/19 5:47 PM, Nayna Jain wrote:
diff --git a/arch/powerpc/include/asm/opal-api.h
b/arch/powerpc/include/asm/opal-api.h
index 378e3997845a..c1f25a760eb1 100644
--- a/arch/powerpc/include/asm/opal-api.h
+++ b/arch/powerpc/include/asm/opal-api.h
@@ -211,7 +211,10 @@
#define OPAL_MPIPL_UP
On 10/24/19 5:47 PM, Nayna Jain wrote:
+static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr,
+char *buf)
+{
+ uint64_t dsize;
+ int rc;
+
+ rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize);
+ if (rc) {
+
On 10/24/19 5:58 PM, Nayna Jain wrote:
+
+/*
+ * Get a certificate list blob from the named secure variable.
+ */
+static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t
*size)
+{
+ int rc;
+ void *db;
+
+ rc = secvar_ops->get(key, keylen, NULL, size);
+
On 10/25/2019 10:24 AM, Nayna Jain wrote:
On 10/24/19 10:20 AM, Lakshmi Ramasubramanian wrote:
On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
+void process_buffer_measurement(const void *buf, int size,
+ const char *eventname, enum ima_hooks func,
+ int
On 10/25/2019 10:02 AM, Nayna Jain wrote:
>> Is there any way to not use conditional compilation in
>> the above array definition? Maybe define different functions to get
>> "secure_rules" for when CONFIG_MODULE_SIG_FORCE is defined and when
>> it is not defined.
>
> How will you decide which fun
On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
process_buffer_measurement() is limited to measuring the kexec boot
command line. This patch makes process_buffer_measurement() more
generic, allowing it to measure other types of buffer data (e.g.
blacklisted binary hashes or key hashes).
Now
On 10/30/19 8:31 PM, Mimi Zohar wrote:
void ima_kexec_cmdline(const void *buf, int size)
{
- u32 secid;
-
- if (buf && size != 0) {
- security_task_getsecid(current, &secid);
+ if (buf && size != 0)
Open brace { is missing in the above if statement.
On 10/31/19 10:02 AM, Lakshmi Ramasubramanian wrote:
On 10/30/19 8:31 PM, Mimi Zohar wrote:
void ima_kexec_cmdline(const void *buf, int size)
{
- u32 secid;
-
- if (buf && size != 0) {
- security_task_getsecid(current, &secid);
+ if (buf && size !=
On 11/5/2019 12:24 AM, Eric Richter wrote:
From: Nayna Jain
The X.509 certificates trusted by the platform and required to secure boot
the OS kernel are wrapped in secure variables, which are controlled by
OPAL.
This patch adds firmware/kernel interface to read and write OPAL secure
variables
On 11/5/2019 12:24 AM, Eric Richter wrote:
From: Nayna Jain
PowerNV secure variables, which store the keys used for OS kernel
verification, are managed by the firmware. These secure variables need to
be accessed by the userspace for addition/deletion of the certificates.
This patch adds the s
On 11/10/19 7:10 PM, Nayna Jain wrote:
Hi Nayna,
In order to verify the OS kernel on PowerNV systems, secure boot requires
X.509 certificates trusted by the platform. These are stored in secure
variables controlled by OPAL, called OPAL secure variables. In order to
enable users to manage the ke
Hi Mimi,
On 10/30/2019 8:31 PM, Mimi Zohar wrote:
This patchset extends the previous version[1] by adding support for
checking against a blacklist of binary hashes.
The IMA subsystem supports custom, built-in, arch-specific policies to
define the files to be measured and appraised. These polic
Hi Nayna,
+
+config IMA_SECURE_AND_OR_TRUSTED_BOOT
+ bool
+ depends on IMA
+ depends on IMA_ARCH_POLICY
+ default n
+ help
+ This option is selected by architectures to enable secure and/or
+ trusted boot based on IMA runtime policies.
Why is th
c and arm64, in
of_kexec_setup_new_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 1 +
drivers/of/kexec.c | 236 +
kexec system call.
Rename elfcorehdr_addr to elf_headers_mem to align with arm64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c
buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserved memory. The same reserved memory is read
on kexec or cold boot.
Lakshmi Ramasubramanian (8):
powerpc: Move ima buffer fields to struct
update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
Acked-by: Will Deacon
---
arch/arm64/kernel/machine_kexec_file.c | 123 +
1 file changed, 3 insertions(+), 120 deletions(-)
update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/kexec/file_load.c | 125 ++---
1 file changed, 6 insertions(+), 119 deletions(-)
diff --git a/arch/pow
r() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -
t functions from
"arch/powerpc/kexec/ima.c" to "drivers/of/kexec.c".
Delete "arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files in powerpc and in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago J
architecures do not have to duplicate the code.
Define of_alloc_and_init_fdt() and of_free_fdt() in drivers/of/kexec.c
to allocate and initialize FDT, and to free the FDT buffer respectively.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Suggested-by: Joe Perches
---
drivers/of/kexec.c
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
in
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c to allocate and free memory for FDT.
Use of_alloc_and_init_fdt() and of_free_fdt() to allocate and
initialize the FDT, and to free the FDT respectively.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
mage_arch" for powerpc to store
the address of FDT, and free the memory in powerpc specific
arch_kimage_file_post_load_cleanup().
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Suggested-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 2 ++
arch/pow
"struct kimage" to store the virtual address
of the buffer allocated for the IMA measurement list.
Free the memory allocated for the IMA measurement list in
kimage_file_post_load_cleanup() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Reviewed-by: Thiago Jung
list in
the error code paths in ima_add_kexec_buffer() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
---
security/integrity/ima/ima_kexec.c | 1 +
1 file changed, 1 insertion(+)
di
On 2/4/21 11:26 AM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 10:42 AM Lakshmi Ramasubramanian
wrote:
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c to allocate and free memory for FDT.
Use of_alloc_and_init_fdt() and of_free_fdt() to allocate and
On 2/4/21 3:36 PM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 5:23 PM Lakshmi Ramasubramanian
wrote:
On 2/4/21 11:26 AM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 10:42 AM Lakshmi Ramasubramanian
wrote:
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c to
On 2/5/21 2:05 AM, Greg KH wrote:
On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. In error
On 2/5/21 9:49 AM, Mimi Zohar wrote:
Hi Mimi,
On Fri, 2021-02-05 at 09:39 -0800, Lakshmi Ramasubramanian wrote:
On 2/5/21 2:05 AM, Greg KH wrote:
On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
IMA allocates kernel virtual memory to carry forward the measurement
chosen
node documentation
v0:
Add a layer of abstraction to use the memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in t
c and arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 6 ++
drivers/of/kexec.c | 258
include/linux/of.h | 13 +++
kexec system call.
Rename elfcorehdr_addr to elf_headers_mem to align with arm64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c
e tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec
e tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 29 ---
arch/powerpc/kexec/file_load.c| 132 +-
ar
r() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -
information is
present in the device tree for powerpc.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 107bb4319e0e
t;arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files and functions in powerpc and
in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago J
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
in
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
On 2/10/21 9:15 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
On kexec file load Integrity Measurement Architecture (IMA) subsystem
may verify the IMA signature of the kernel and initramfs, and measure
it. The command line parameters passed to
On 2/10/21 9:23 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:52AM -0800, Lakshmi Ramasubramanian wrote:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
or additional properties
On 2/10/21 9:20 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:55AM -0800, Lakshmi Ramasubramanian wrote:
The fields ima_buffer_addr and ima_buffer_size in "struct kimage_arch"
for powerpc are used to carry forward the IMA measurement list across
kexec system call. These fiel
On 2/10/21 1:39 PM, Mimi Zohar wrote:
On Wed, 2021-02-10 at 15:55 -0500, Mimi Zohar wrote:
On Wed, 2021-02-10 at 14:42 -0600, Rob Herring wrote:
On Wed, Feb 10, 2021 at 11:33 AM Lakshmi Ramasubramanian
Ideally, we don't apply the same patch in 2 branches. It looks like
there's
On 2/10/21 5:42 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
From: Rob Herring
The code for setting up the /chosen node in the device tree
and updating the memory reservation for the next kernel has been
moved to of_kexec_alloc_and_setup_fdt() defined in "drive
tion
Date: Fri, 12 Feb 2021 00:50:20 +0800
From: kernel test robot
To: Lakshmi Ramasubramanian
CC: kbuild-...@lists.01.org
Hi Lakshmi,
I love your patch! Yet something to improve:
[auto build test ERROR on integrity/next-integrity]
[also build test ERROR on v5.11-rc7 next-20210211]
[cannot apply to
On 2/11/21 9:42 AM, Lakshmi Ramasubramanian wrote:
Hi Rob,
[PATCH] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem
This change causes build problem for x86_64 architecture (please see the
mail from kernel test bot below) since arch/x86/include/asm/kexec.h uses
"elf_load_addr
On 2/11/21 3:59 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 2/11/21 9:42 AM, Lakshmi Ramasubramanian wrote:
Hi Rob,
[PATCH] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem
This change causes build problem for x86_64 architecture (please see the
mail from
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complication that I just noticed and needs to be
addressed. More below.
<...>
+
+/*
+ * of_kexec_alloc_and_setup_fdt - Alloc and setup a new Flattened Device Tree
+ *
+ * @image: kexec image being loaded.
+ * @i
On 2/11/21 6:11 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 2/11/21 3:59 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 2/11/21 9:42 AM, Lakshmi Ramasubramanian wrote:
Hi Rob,
[PATCH] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem
On 2/12/21 6:38 AM, Rob Herring wrote:
On Thu, Feb 11, 2021 at 7:17 PM Lakshmi Ramasubramanian
wrote:
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complication that I just noticed and needs to be
addressed. More below.
<...>
+
+/*
+ * of_kexec_alloc_an
On 2/12/21 10:24 AM, Rob Herring wrote:
On Fri, Feb 12, 2021 at 11:19 AM Lakshmi Ramasubramanian
wrote:
On 2/12/21 6:38 AM, Rob Herring wrote:
On Thu, Feb 11, 2021 at 7:17 PM Lakshmi Ramasubramanian
wrote:
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complic
c and arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 6 +
drivers/of/kexec.c | 265
include/linux/of.h | 5 +
uffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserved memory. The same reserved memory is read
on kexec or cold boot.
Lakshmi Ramasubramanian (7):
arm64: Renam
e tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec
.
Rename elf_headers_mem to elf_load_addr to align with powerpc name so
common code can use it.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
---
arch/arm64/include/asm/kexec.h | 2 +-
arch/arm64/kernel/machine_kexec_file.c | 6 +++---
2 files changed, 4
kexec system call.
Rename elfcorehdr_addr to elf_load_addr to align with x86_64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c| 4 ++--
arch/powerpc/kexec
r_size in ima_add_kexec_buffer()
in security/integrity/ima/ima_kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h
e tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 30 ---
arch/powerpc/kexec/file_load.c| 132 +-
ar
information is
present in the device tree for powerpc.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc
t;arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files and functions in powerpc and
in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Ba
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago J
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/ar
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
ew boolean config OF_KEXEC that is enabled if
CONFIG_KEXEC_FILE and CONFIG_OF_FLATTREE are enabled, and
the architecture is arm64 or powerpc64. Build drivers/of/kexec.c
if CONFIG_OF_KEXEC is enabled.
Signed-off-by: Lakshmi Ramasubramanian
Fixes: 33488dc4d61f ("of: Add a common kexec FDT
On 2/18/21 4:07 PM, Mimi Zohar wrote:
Hi Mimi,
On Thu, 2021-02-18 at 14:33 -0800, Lakshmi Ramasubramanian wrote:
of_kexec_alloc_and_setup_fdt() defined in drivers/of/kexec.c builds
a new device tree object that includes architecture specific data
for kexec system call. This should be defined
On 2/18/21 5:13 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 2/18/21 4:07 PM, Mimi Zohar wrote:
Hi Mimi,
On Thu, 2021-02-18 at 14:33 -0800, Lakshmi Ramasubramanian wrote:
of_kexec_alloc_and_setup_fdt() defined in drivers/of/kexec.c builds
a new device tree object
On 2/19/21 6:25 AM, Thiago Jung Bauermann wrote:
One small nit in the function header (please see below), but otherwise
the change looks good.
Reviewed-by: Lakshmi Ramasubramanian
Commit 2377c92e37fe ("powerpc/kexec_file: fix FDT size estimation for kdump
kernel") fixed how
On 2/19/21 6:16 AM, Rob Herring wrote:
On Thu, Feb 18, 2021 at 8:53 PM Lakshmi Ramasubramanian
wrote:
On 2/18/21 5:13 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 2/18/21 4:07 PM, Mimi Zohar wrote:
Hi Mimi,
On Thu, 2021-02-18 at 14:33 -0800, Lakshmi
On 2/19/21 10:09 AM, Thiago Jung Bauermann wrote:
Mimi Zohar writes:
On Fri, 2021-02-19 at 11:43 -0600, Rob Herring wrote:
On Fri, Feb 19, 2021 at 10:57 AM Lakshmi Ramasubramanian
wrote:
On 2/19/21 6:16 AM, Rob Herring wrote:
On Thu, Feb 18, 2021 at 8:53 PM Lakshmi Ramasubramanian
ELF related fields elf_headers, elf_headers_sz, and elf_load_addr
have been moved from 'struct kimage_arch' to 'struct kimage'.
Use the ELF fields defined in 'struct kimage'.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Fixes: 33488dc4d61f (&qu
for kexec system call.
Move the ELF fields to 'struct kimage' defined in include/linux/kexec.h
so common code can use it.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Fixes: 33488dc4d61f ("of: Add a common kexec FDT setup function")
Reported-by: kernel
e ima-kexec-buffer node in the chosen
node documentation
v0:
Add a layer of abstraction to use the memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store th
ELF related fields elf_headers, elf_headers_sz, and elfcorehdr_addr
have been moved from 'struct kimage_arch' to 'struct kimage' as
elf_headers, elf_headers_sz, and elf_load_addr respectively.
Use the ELF fields defined in 'struct kimage'.
Signed-off-by: Lakshmi
ELF related fields elf_headers, elf_headers_sz, and elf_headers_mem
have been moved from 'struct kimage_arch' to 'struct kimage' as
elf_headers, elf_headers_sz, and elf_load_addr respectively.
Use the ELF fields defined in 'struct kimage'.
Signed-off-by: Lakshmi
c and arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Fixes: 33488dc4d61f ("of: Add a common kexec FDT setup function")
Reported-by: ker
e tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 30 ---
arch/powerpc/kexec/file_load.
e tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --
r_size in ima_add_kexec_buffer()
in security/integrity/ima/ima_kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ima.h | 3 ---
ar
information is
present in the device tree for powerpc.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc
t;arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files and functions in powerpc and
in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Ba
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago J
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/ar
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
On 2/21/21 5:32 PM, Guenter Roeck wrote:
Hi Guenter,
On Sat, Feb 13, 2021 at 08:10:41AM -0800, Lakshmi Ramasubramanian wrote:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
or
On 2/23/21 5:20 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
or additional properties that will be ignored. The
On 3/2/21 7:06 AM, Rob Herring wrote:
On Sun, Feb 21, 2021 at 11:49 AM Lakshmi Ramasubramanian
wrote:
On kexec file load Integrity Measurement Architecture (IMA) subsystem
may verify the IMA signature of the kernel and initramfs, and measure
it. The command line parameters passed to the
nel command line and /chosen properties.
Therefore change kexec_fdt_totalsize_ppc64() to calculate just the extra
space needed by the kdump kernel, and change the function name so that it
better reflects what the function is now doing.
Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Lak
t ima kexec functions to
drivers/of/kexec.c")
Cc: Frank Rowand
Cc: Prakhar Srivastava
Cc: Lakshmi Ramasubramanian
Cc: Thiago Jung Bauermann
Cc: Rob Herring
Signed-off-by: Vaibhav Jain
---
drivers/of/kexec.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/drivers/of/kexec.c
On 4/15/21 12:14 PM, Lakshmi Ramasubramanian wrote:
Sorry - missed copying device-tree and powerpc mailing lists.
There are a few "goto out;" statements before the local variable "fdt"
is initialized through the call to of_kexec_alloc_and_setup_fdt() in
elf64_load(). Th
On 4/16/21 2:05 AM, Michael Ellerman wrote:
Daniel Axtens writes:
On 4/15/21 12:14 PM, Lakshmi Ramasubramanian wrote:
Sorry - missed copying device-tree and powerpc mailing lists.
There are a few "goto out;" statements before the local variable "fdt"
is initialized
1 - 100 of 132 matches
Mail list logo
