On Wed, 2016-11-30 at 15:52 +1100, Michael Ellerman wrote:

Andrew Morton [off-list ref] writes:

quoted

On Tue, 29 Nov 2016 23:45:46 +1100 Michael Ellerman [off-list ref] wrote:

quoted

This is v11 of the kexec_file_load() for powerpc series.

I've stripped this down to the minimum we need, so we can get this in for 4.10.
Any additions can come later incrementally.

This made a bit of a mess of Mimi's series "ima: carry the
measurement list across kexec v10".

Urk, sorry about that. I didn't realise there was a big dependency
between them, but I guess I should have tried to do the rebase.

quoted

powerpc-ima-get-the-kexec-buffer-passed-by-the-previous-kernel.patch
ima-on-soft-reboot-restore-the-measurement-list.patch
ima-permit-duplicate-measurement-list-entries.patch
ima-maintain-memory-size-needed-for-serializing-the-measurement-list.patch
powerpc-ima-send-the-kexec-buffer-to-the-next-kernel.patch
ima-on-soft-reboot-save-the-measurement-list.patch
ima-store-the-builtin-custom-template-definitions-in-a-list.patch
ima-support-restoring-multiple-template-formats.patch
ima-define-a-canonical-binary_runtime_measurements-list-format.patch
ima-platform-independent-hash-value.patch

I made the syntactic fixes but I won't be testing it.

Dmitry Kasatkin's acked-by needs to be included for the IMA patches.

Thanks. 

TBH I don't know how to test the IMA part, I'm relying on Thiago and
Mimi to do that.

It should be straight forward.  Enable CONFIG_IMA_KEXEC to carry the
measurements from one kernel to the next.  Use a kexec_file_load version
of kexec to boot the next kernel.  On the boot command line add
"ima_tcb" or "ima_policy=ima_tcb".

If the measurements were carried across kexec, the IMA measurement list
<securityfs>/ima/ascii_runtime_measurements should contain an initial
"boot_aggregate", as the first record, and a "boot_aggregate", as a
delimiter, for each subsequent kexec.

quoted

quoted

If no one objects I'll merge this via the powerpc tree. The three kexec patches
have been acked by Dave Young (since forever), and have been in linux-next (via
akpm's tree) also for a long time.

OK, I'll wait for these to appear in -next and I will await advice on 

Thanks. I'll let them stew for a few more hours and then put them in my
next for tomorrows linux-next.

Thaigo tested the patches yesterday.   Everything seemed fine.  After
cherry picking the kexec_file_load() patches and rebasing the
restore_kexec patches on top of it in my tree, there were some problems.
Perhaps there is some dependencies that I'm missing.

Mimi