From patchwork Thu Jan 31 18:55:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 10791199 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DDFFB746 for ; Thu, 31 Jan 2019 18:56:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D4AF13175E for ; Thu, 31 Jan 2019 18:56:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C83AC3176A; Thu, 31 Jan 2019 18:56:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5E0623175E for ; Thu, 31 Jan 2019 18:56:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727890AbfAaS4T (ORCPT ); Thu, 31 Jan 2019 13:56:19 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:41892 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726233AbfAaS4T (ORCPT ); Thu, 31 Jan 2019 13:56:19 -0500 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0VIt99m031445 for ; Thu, 31 Jan 2019 13:56:18 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2qc5umtkm8-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 31 Jan 2019 13:56:17 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 31 Jan 2019 18:56:16 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 31 Jan 2019 18:56:13 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x0VIuCfr66519120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 31 Jan 2019 18:56:12 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6B20D4C050; Thu, 31 Jan 2019 18:56:12 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A825E4C04E; Thu, 31 Jan 2019 18:56:10 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.107.203]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 31 Jan 2019 18:56:10 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, David Howells , Dave Young , Eric Biederman , Mimi Zohar Subject: [PATCH 0/3] selftest/ima: add kexec_file_load test Date: Thu, 31 Jan 2019 13:55:33 -0500 X-Mailer: git-send-email 2.7.5 X-TM-AS-GCONF: 00 x-cbid: 19013118-0008-0000-0000-000002B97B25 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19013118-0009-0000-0000-000022257F1A Message-Id: <1548960936-7800-1-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-31_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=646 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901310141 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The kernel can be configured to verify PE signed kernel images, IMA kernel image signatures, both types of signatures, or none. Verify only properly signed kernel images are loaded into memory, based on the kernel configuration and runtime policies. Mimi Zohar (3): selftest/ima: cleanup the kexec selftest scripts/ima: define a set of common functions selftests/ima: kexec_file_load syscall test tools/testing/selftests/ima/Makefile | 2 +- tools/testing/selftests/ima/common_lib.sh | 20 ++ .../testing/selftests/ima/test_kexec_file_load.sh | 250 +++++++++++++++++++++ tools/testing/selftests/ima/test_kexec_load.sh | 31 +-- 4 files changed, 281 insertions(+), 22 deletions(-) create mode 100755 tools/testing/selftests/ima/common_lib.sh create mode 100755 tools/testing/selftests/ima/test_kexec_file_load.sh