Re: [PATCH v10 5/9] ima: make process_buffer_measurement() generic

[PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
[PATCH v10 1/9] powerpc: detect the secure boot mode of the system · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 1/9] powerpc: detect the secure boot mode of the system · Eric Richter <hidden> · 2019-11-05
[PATCH v10a 1/9] powerpc: detect the secure boot mode of the system · Eric Richter <hidden> · 2019-11-05
Re: [PATCH v10a 1/9] powerpc: detect the secure boot mode of the system · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 4/9] powerpc/ima: define trusted boot policy · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 4/9] powerpc/ima: define trusted boot policy · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 6/9] certs: add wrapper function to check blacklisted binary hash · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 6/9] certs: add wrapper function to check blacklisted binary hash · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 7/9] ima: check against blacklisted hashes for files with modsig · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 7/9] ima: check against blacklisted hashes for files with modsig · Michael Ellerman <hidden> · 2019-11-14
[RFC PATCH v10 9/9] powerpc/ima: indicate kernel modules appended signatures are enforced · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [RFC PATCH v10 9/9] powerpc/ima: indicate kernel modules appended signatures are enforced · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 8/9] powerpc/ima: update ima arch policy to check for blacklist · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 8/9] powerpc/ima: update ima arch policy to check for blacklist · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 3/9] powerpc: detect the trusted boot state of the system · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
[PATCH v10a 3/9] powerpc: detect the trusted boot state of the system · Eric Richter <hidden> · 2019-11-05
Re: [PATCH v10a 3/9] powerpc: detect the trusted boot state of the system · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 2/9] powerpc/ima: add support to initialize ima policy rules · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 2/9] powerpc/ima: add support to initialize ima policy rules · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 5/9] ima: make process_buffer_measurement() generic · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 5/9] ima: make process_buffer_measurement() generic · Lakshmi Ramasubramanian <hidden> · 2019-10-31
Re: [PATCH v10 5/9] ima: make process_buffer_measurement() generic · Lakshmi Ramasubramanian <hidden> · 2019-10-31
Re: [PATCH v10 5/9] ima: make process_buffer_measurement() generic · Michael Ellerman <hidden> · 2019-11-14
Re: [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies · Lakshmi Ramasubramanian <hidden> · 2019-12-09
Re: [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies · Mimi Zohar <zohar@linux.ibm.com> · 2019-12-09

From: Michael Ellerman <hidden>
Date: 2019-11-14 09:08:15
Also in: linux-efi, linux-integrity, lkml

On Thu, 2019-10-31 at 03:31:30 UTC, Mimi Zohar wrote:

From: Nayna Jain <nayna@linux.ibm.com>

process_buffer_measurement() is limited to measuring the kexec boot
command line. This patch makes process_buffer_measurement() more
generic, allowing it to measure other types of buffer data (e.g.
blacklisted binary hashes or key hashes).

process_buffer_measurement() may be called directly from an IMA
hook or as an auxiliary measurement record. In both cases the buffer
measurement is based on policy. This patch modifies the function to
conditionally retrieve the policy defined PCR and template for the IMA
hook case.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
[zohar@linux.ibm.com: added comment in process_buffer_measurement()]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/e14555e3d0e9edfad0a6840c0152f71aba97e793

cheers

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help