ima: on soft reboot, restore the measurement list
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 20 Dec 2016 00:22:35 +0000 (16:22 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 20 Dec 2016 17:48:43 +0000 (09:48 -0800)
commit94c3aac567a9ddb9e868a7fae3c927c08b51b7c6
treed8f23729fb52de514f097fd8b7c167b3da4f4788
parent467d27824920e866af148132f555d40ca1fb199e
ima: on soft reboot, restore the measurement list

The TPM PCRs are only reset on a hard reboot.  In order to validate a
TPM's quote after a soft reboot (eg.  kexec -e), the IMA measurement
list of the running kernel must be saved and restored on boot.  This
patch restores the measurement list.

Link: http://lkml.kernel.org/r/1480554346-29071-3-git-send-email-zohar@linux.vnet.ibm.com
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andreas Steffen <andreas.steffen@strongswan.org>
Cc: Josh Sklar <sklar@linux.vnet.ibm.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
security/integrity/ima/Makefile
security/integrity/ima/ima.h
security/integrity/ima/ima_init.c
security/integrity/ima/ima_kexec.c [new file with mode: 0644]
security/integrity/ima/ima_queue.c
security/integrity/ima/ima_template.c