[PATCH v2 0/7] ima: kexec: measure events between kexec load and execute

[Tushar Sugandhi]

On 10/27/23 08:18, Mimi Zohar wrote:
> On Thu, 2023-10-05 at 11:25 -0700, Tushar Sugandhi wrote:
>> The current Kernel behavior is IMA measurements snapshot is taken at
>> kexec 'load' and not at kexec 'execute'.  IMA log is then carried
>> over to the new Kernel after kexec 'execute'.
>>
>> Some systems can be configured to call kexec 'load' first, and followed
>> by kexec 'execute' after some time.  (as opposed to calling 'load' and
>> 'execute' in one single kexec command).
> 
> Additional measurements may be introduced by the kexec load itself.
> Saving the measurement list as close as possible to the reboot is
> beneficial, whether or not the kexec load and kexec execute are
> executed separately.
> 
True. What I am trying to say here is the longer the window between
'load' and 'execute', greater are the chances of measurements getting
added.
But as long as a single measurement gets added between 'load' and
'execute', it will break the attestation after kexec soft-reboot.

So maybe the above line in the patch description is not necessary.
I will remove.

>> In such scenario, if new IMA
>> measurements are added between kexec 'load' and kexec 'execute', the
>> TPM PCRs are extended with the IMA events between 'load' and 'execute'.
>> But those IMA events are not carried over to the new Kernel after kexec
>> soft reboot.  This results in mismatch between TPM PCR quotes, and the
>> actual IMA measurements list, after the system boots into the new kexec
>> image.  This mismatch results in the remote attestation failing for that
>> system.
>>
>> This patch series proposes a solution to solve this problem by allocating
>> the necessary buffer at kexec 'load' time, and populating the buffer
>> with the IMA measurements at kexec 'execute' time.
> 
> How about beginning the paragraph with "To solve this problem allocate
> ... and populate ..."
> 
Sure. Will do.

~Tushar