added a quite unsorted first version of a floppy boot loader

1 files changed, 188 insertions, 0 deletions

diff --git a/floppy/doc/www.spinics.net_lists_linux-integrity_msg14580.txt b/floppy/doc/www.spinics.net_lists_linux-integrity_msg14580.txt
new file mode 100644
index 0000000..3d25656
--- /dev/null
+++ b/floppy/doc/www.spinics.net_lists_linux-integrity_msg14580.txt
@@ -0,0 +1,188 @@
+   #[1]Linux Integrity
+
+   _________________________ Search
+
+ Re: Fwd: How to extract linux kernel version information from a kernel image?
+
+   [[2]Date Prev][[3]Date Next][[4]Thread Prev][[5]Thread Next][[6]Date
+   Index][[7]Thread Index]
+
+
+   [INS: :INS]
+     __________________________________________________________________
+
+     * Subject: Re: Fwd: How to extract linux kernel version information
+       from a kernel image?
+     * From: Raphael Gianotti <raphgi@xxxxxxxxxxxxxxxxxxx>
+     * Date: Mon, 28 Sep 2020 15:31:38 -0700
+     * In-reply-to: <[8]a1c877b3-9f99-04a6-2f21-495fc62d0591@unh.edu>
+     * User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0)
+       Gecko/20100101 Thunderbird/68.12.0
+     __________________________________________________________________
+
+On 9/25/2020 4:06 PM, Kayaalp, Mehmet wrote:
+
+On 9/24/20 4:05 PM, Raphael Gianotti wrote:
+
+Forwarding this here since the final intent here is an IMA related
+change to see if anyone has any suggestions.
+
+
+-------- Forwarded Message --------
+Subject:        How to extract linux kernel version information from a
+kernel
+image?
+Date:   Fri, 18 Sep 2020 12:47:13 -0700
+From:   Raphael Gianotti <raphgi@xxxxxxxxxxxxxxxxxxx>
+To:     linux-kernel@xxxxxxxxxxxxxxx
+
+
+
+Hi,
+
+I have been investigating a way to extract the version strong from a
+kernel image (e.g., vmlinux). The version string I've been looking at is
+essentially the linux_banner symbol.
+
+We'll use IMA to measure the version string on the kexec system call,
+providing a way for an attestation service, for instance, to attest to
+what version of the kernel is running on the client.
+
+I haven't found a way to extract the version from the image that isn't
+simply searching the whole image for it. I was hoping someone here may
+be able to point me to a better approach to retrieve the linux_banner
+symbol value from an image or  any existing kernel code that does
+similar parsing.
+
+If that matters for any suggestions, my current focus is on ARM64 images
+(if the code ends up having to be arch specific).
+
+Thanks,
+
+-Raphael
+
+
+In Linux/x86 Boot Protocol [1], the kernel header contains a pointer to
+the kernel_version string at offset 020E (2-byte value):
+
+      # hexdump -s 0x020E -n 2 -e '/2 "%x"'
+/boot/vmlinuz-5.4.0-48-generic; echo
+      3900
+
+Starting after the header (512 bytes), the string is 0x3900 bytes into
+the vmlinuz file:
+
+      # dd bs=1 skip=$((0x3900+512)) if=/boot/vmlinuz-5.4.0-48-generic
+|tr -s '\000' '\n'|head -n 1
+      5.4.0-48-generic (buildd@lcy01-amd64-010) #52-Ubuntu SMP Thu Sep 10
+10:58:49 UTC 2020
+
+In ARM64, the vmlinux is stripped of symbols and compressed into the
+bzImage. To find the linux_banner, System.map file is needed:
+
+      # grep ' linux_banner$' /boot/System.map-5.4.0-48-generic
+      ffff800010df00d0 R linux_banner
+
+The offset into the file can be found by subtracting the load address:
+
+      # grep ' _head$' /boot/System.map-5.4.0-48-generic
+      ffff800010080000 t _head
+
+      # zcat /boot/vmlinuz-5.4.0-48-generic | dd bs=1
+skip=$((0xffff800010df00d0-0xffff800010080000)) | tr -s '\000' '\n' |
+head -n 1
+      Linux version 5.4.0-48-generic (buildd@bos02-arm64-053) (gcc
+version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)) #52-Ubuntu SMP Thu Sep 10
+11:01:50 UTC 2020 (Ubuntu 5.4.0-48.52-generic 5.4.60)
+
+[1]: [9]https://www.kernel.org/doc/html/latest/x86/boot.html
+
+Mehmet
+
+
+
+   Regarding the arm64 vmlinux files, I've noticed in some, if you run the
+   file command for them in the terminal, it does give a "not stripped"
+   string in its result. Also, for those files, objdump does print out
+   symbols, including linux_banner. I've found that out last Friday and I
+   am in the process of looking at what the code for objdump to see how it
+   finds the symbols there and see if I can get its value from the image.
+   I wonder if I am missing something and that reported linux_banner
+   symbol I get from objdump is not what I think it is, so do let me know
+   if I am just wasting my time in investigating that when it comes to
+   arm64.
+
+Thanks,
+
+Raphael
+
+
+
+     __________________________________________________________________
+
+   [[10]Date Prev][[11]Date Next][[12]Thread Prev][[13]Thread
+   Next][[14]Date Index][[15]Thread Index]
+     * References:
+          + [16]Fwd: How to extract linux kernel version information from
+            a kernel image?
+               o From: Raphael Gianotti
+          + [17]Re: Fwd: How to extract linux kernel version information
+            from a kernel image?
+               o From: Kayaalp, Mehmet
+
+     * Prev by Date: [18]Re: [PATCH] Fix Atmel TPM crash caused by too
+       frequent queries
+     * Next by Date: [19]More interrupt problems with TIS TPM
+     * Previous by thread: [20]Re: Fwd: How to extract linux kernel
+       version information from a kernel image?
+     * Next by thread: [21][PATCH 0/4] TPM 2.0 fixes in IMA tests
+     * Index(es):
+          + [22]Date
+          + [23]Thread
+
+               [24][Index of Archives]     [25][Linux Kernel]
+   [26][Linux Kernel Hardening]     [27][Linux NFS]     [28][Linux NILFS]
+                 [29][Linux USB Devel]     [30][Video for Linux]
+    [31][Linux Audio Users]     [32][Yosemite News]     [33][Linux SCSI]
+     __________________________________________________________________
+
+   [INS: :INS]
+
+     [34]Powered by Linux
+
+References
+
+   1. https://feeds.feedburner.com/LinuxIntegrity
+   2. https://www.spinics.net/lists/linux-integrity/msg14579.html
+   3. https://www.spinics.net/lists/linux-integrity/msg14581.html
+   4. https://www.spinics.net/lists/linux-integrity/msg14511.html
+   5. https://www.spinics.net/lists/linux-integrity/msg14496.html
+   6. https://www.spinics.net/lists/linux-integrity/mail5.html#14580
+   7. https://www.spinics.net/lists/linux-integrity/thrd5.html#14580
+   8. https://www.spinics.net/lists/linux-integrity/msg14511.html
+   9. https://www.kernel.org/doc/html/latest/x86/boot.html
+  10. https://www.spinics.net/lists/linux-integrity/msg14579.html
+  11. https://www.spinics.net/lists/linux-integrity/msg14581.html
+  12. https://www.spinics.net/lists/linux-integrity/msg14511.html
+  13. https://www.spinics.net/lists/linux-integrity/msg14496.html
+  14. https://www.spinics.net/lists/linux-integrity/mail5.html#14580
+  15. https://www.spinics.net/lists/linux-integrity/thrd5.html#14580
+  16. https://www.spinics.net/lists/linux-integrity/msg14473.html
+  17. https://www.spinics.net/lists/linux-integrity/msg14511.html
+  18. https://www.spinics.net/lists/linux-integrity/msg14579.html
+  19. https://www.spinics.net/lists/linux-integrity/msg14581.html
+  20. https://www.spinics.net/lists/linux-integrity/msg14511.html
+  21. https://www.spinics.net/lists/linux-integrity/msg14496.html
+  22. https://www.spinics.net/lists/linux-integrity/mail5.html#14580
+  23. https://www.spinics.net/lists/linux-integrity/thrd5.html#14580
+  24. https://www.spinics.net/lists/
+  25. https://www.spinics.net/lists/kernel/
+  26. https://www.spinics.net/lists/kernel-hardening/
+  27. https://www.spinics.net/lists/linux-nfs/
+  28. https://www.spinics.net/lists/linux-nilfs/
+  29. https://www.spinics.net/lists/linux-usb/
+  30. https://www.spinics.net/lists/vfl/
+  31. https://www.spinics.net/lists/linux-audio-users/
+  32. https://yosemitenews.info/
+  33. https://www.spinics.net/lists/linux-scsi/
+  34. https://www.spinics.net/lists/