mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-23 11:04:44 +08:00
b69a2afd5a
On kexec file load, the Integrity Measurement Architecture (IMA) subsystem may verify the IMA signature of the kernel and initramfs, and measure it. The command line parameters passed to the kernel in the kexec call may also be measured by IMA. A remote attestation service can verify a TPM quote based on the TPM event log, the IMA measurement list and the TPM PCR data. This can be achieved only if the IMA measurement log is carried over from the current kernel to the next kernel across the kexec call. PowerPC and ARM64 both achieve this using device tree with a "linux,ima-kexec-buffer" node. x86 platforms generally don't make use of device tree, so use the setup_data mechanism to pass the IMA buffer to the new kernel. Signed-off-by: Jonathan McDowell <noodles@fb.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> # IMA function definitions Link: https://lore.kernel.org/r/YmKyvlF3my1yWTvK@noodles-fedora-PC23Y6EG |
||
---|---|---|
.. | ||
unittest-data | ||
address.c | ||
base.c | ||
device.c | ||
dynamic.c | ||
fdt_address.c | ||
fdt.c | ||
irq.c | ||
Kconfig | ||
kexec.c | ||
kobj.c | ||
Makefile | ||
of_numa.c | ||
of_private.h | ||
of_reserved_mem.c | ||
overlay.c | ||
pdt.c | ||
platform.c | ||
property.c | ||
resolver.c | ||
unittest.c |