On Thu, 2019-06-13 at 16:26 +0800, Dave Young wrote:

On 06/12/19 at 06:31pm, Mimi Zohar wrote:

quoted

[Cc: kexec mailing list]

Hi Eric, Dave,

On Wed, 2019-06-12 at 15:15 -0700, Prakhar Srivastava wrote:

quoted

During soft reboot(kexec_file_load) boot cmdline args
are not measured.Thus the new kernel on load boots with
an assumption of cold reboot.

This patch makes a call to the ima hook ima_kexec_cmdline,
added in "Define a new IMA hook to measure the boot command
line arguments"
to measure the boot cmdline args into the ima log.

- call ima_kexec_cmdline from kexec_file_load.
- move the call ima_add_kexec_buffer after the cmdline
args have been measured.

Signed-off-by: Prakhar Srivastava <redacted>

Cc: Eric W. Biederman <redacted>
Cc: Dave Young <redacted>

Any chance we could get some Acks?

The ima_* is blackbox functions to me, looks like this patch is trying
to measure kexec cmdline buffer and save in some ima logs and then add all the
measure results including those for kernel/initrd to a kexec_buf and pass to 2nd

Right, including the new boot command line measurement.

kernel.

It should be good and only take effect when IMA enabled. If all the
assumptions are right:

Acked-by: Dave Young <redacted>

Thanks, Dave.