Re: [PATCH V8 2/3] Define a new ima template field buf

[PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load · Prakhar Srivastava <hidden> · 2019-06-13
[PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args · Prakhar Srivastava <hidden> · 2019-06-13
Re: [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-13
Re: [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args · Dave Young <hidden> · 2019-06-13
Re: [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-13
Re: [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args · James Morris <jmorris@namei.org> · 2019-06-13
Re: [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-13
[PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments · Prakhar Srivastava <hidden> · 2019-06-13
Re: [PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments · James Morris <jmorris@namei.org> · 2019-06-13
Re: [PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-13
Re: [PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments · prakhar srivastava <hidden> · 2019-06-14
[PATCH V8 2/3] Define a new ima template field buf · Prakhar Srivastava <hidden> · 2019-06-13
Re: [PATCH V8 2/3] Define a new ima template field buf · James Morris <jmorris@namei.org> · 2019-06-13
Re: [PATCH V8 2/3] Define a new ima template field buf · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-13
Re: [PATCH V8 2/3] Define a new ima template field buf · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-14
Re: [PATCH V8 2/3] Define a new ima template field buf · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-14
Re: [PATCH V8 2/3] Define a new ima template field buf · prakhar srivastava <hidden> · 2019-06-14
Re: [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-13
Re: [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load · prakhar srivastava <hidden> · 2019-06-14

From: James Morris <jmorris@namei.org>
Date: 2019-06-13 19:15:58
Also in: linux-security-module, lkml

On Wed, 12 Jun 2019, Prakhar Srivastava wrote:

A buffer(kexec cmdline args) measured into ima cannot be
appraised without already being aware of the buffer contents.
Since hashes are non-reversible, raw buffer is needed for
validation or regenerating hash for appraisal/attestation.

This patch adds support to ima to allow store/read the
buffer contents in HEX.

- Add two new fields to ima_event_data to hold the buf and
buf_len [Suggested by Roberto]
- Add a new temaplte field 'buf' to be used to store/read
the buffer data.[Suggested by Mimi]
- Updated process_buffer_meaurement to add the buffer to
ima_event_data. process_buffer_measurement added in
"Define a new IMA hook to measure the boot command line
 arguments"
- Add a new template policy name ima-buf to represent
'd-ng|n-ng|buf'

Signed-off-by: Prakhar Srivastava <redacted>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>


Reviewed-by: James Morris <redacted>


-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help