From: Yannik Sembritzki <yannik@sembritzki.me>
To: Linus Torvalds <torvalds@linux-foundation.org>,
David Howells <dhowells@redhat.com>,
Vivek Goyal <vgoyal@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Peter Anvin <hpa@zytor.com>,
the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot
Date: Wed, 15 Aug 2018 19:37:46 +0200 [thread overview]
Message-ID: <273c639a-b322-996a-84f2-e55ad187893b@sembritzki.me> (raw)
In-Reply-To: <654fbafb-69da-cd9a-b176-7b03401e71c5@sembritzki.me>
I'm sorry, the sign-off was missing again (this is my first submission
to linux).
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Cc: stable@vger.kernel.org
---
arch/x86/kernel/kexec-bzimage64.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/kexec-bzimage64.c
b/arch/x86/kernel/kexec-bzimage64.c
index 7326078e..2ba47e24 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -41,6 +41,9 @@
#define MIN_KERNEL_LOAD_ADDR 0x100000
#define MIN_INITRD_LOAD_ADDR 0x1000000
+// Allow both builtin trusted keys and secondary trusted keys
+#define TRUST_FULL_KEYRING (void *)1UL
+
/*
* This is a place holder for all boot loader specific data structure which
* gets allocated in one call but gets freed much later during cleanup
@@ -532,7 +535,7 @@ static int bzImage64_cleanup(void *loader_data)
static int bzImage64_verify_sig(const char *kernel, unsigned long
kernel_len)
{
return verify_pefile_signature(kernel, kernel_len,
- NULL,
+ TRUST_FULL_KEYRING,
VERIFYING_KEXEC_PE_SIGNATURE);
}
#endif
--
2.17.1
On 15.08.2018 19:27, Yannik Sembritzki wrote:
> Would this be okay?
>
> diff --git a/arch/x86/kernel/kexec-bzimage64.c
> b/arch/x86/kernel/kexec-bzimage64.c
> index 7326078e..2ba47e24 100644
> --- a/arch/x86/kernel/kexec-bzimage64.c
> +++ b/arch/x86/kernel/kexec-bzimage64.c
> @@ -41,6 +41,9 @@
> #define MIN_KERNEL_LOAD_ADDR 0x100000
> #define MIN_INITRD_LOAD_ADDR 0x1000000
>
> +// Allow both builtin trusted keys and secondary trusted keys
> +#define TRUST_FULL_KEYRING (void *)1UL
> +
> /*
> * This is a place holder for all boot loader specific data structure which
> * gets allocated in one call but gets freed much later during cleanup
> @@ -532,7 +535,7 @@ static int bzImage64_cleanup(void *loader_data)
> static int bzImage64_verify_sig(const char *kernel, unsigned long
> kernel_len)
> {
> return verify_pefile_signature(kernel, kernel_len,
> - NULL,
> + TRUST_FULL_KEYRING,
> VERIFYING_KEXEC_PE_SIGNATURE);
> }
> #endif
> --
>
> On 15.08.2018 18:54, Linus Torvalds wrote:
>> This needs more people involved, and at least a sign-off.
>>
>> It looks ok, but I think we need a #define for the magical (void *)1UL
>> thing. I see the use in verify_pkcs7_signature(), but still.
>>
>> Linus
>>
>>
>>
>> On Wed, Aug 15, 2018 at 3:11 AM Yannik Sembritzki <yannik@sembritzki.me> wrote:
>>> ---
>>> arch/x86/kernel/kexec-bzimage64.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
>>> index 7326078e..eaaa125d 100644
>>> --- a/arch/x86/kernel/kexec-bzimage64.c
>>> +++ b/arch/x86/kernel/kexec-bzimage64.c
>>> @@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data)
>>> static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
>>> {
>>> return verify_pefile_signature(kernel, kernel_len,
>>> - NULL,
>>> + (void *)1UL,
>>> VERIFYING_KEXEC_PE_SIGNATURE);
>>> }
>>> #endif
>>> --
>>> 2.17.1
>>>
>>> The exact scenario under which this issue occurs is described here:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1554113
>>>
next prev parent reply other threads:[~2018-08-15 17:37 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-15 10:00 [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot Yannik Sembritzki
2018-08-15 16:54 ` Linus Torvalds
2018-08-15 17:27 ` Yannik Sembritzki
2018-08-15 17:37 ` Yannik Sembritzki [this message]
2018-08-15 17:42 ` Vivek Goyal
2018-08-15 18:44 ` Yannik Sembritzki
2018-08-15 18:58 ` Vivek Goyal
2018-08-15 19:06 ` Yannik Sembritzki
2018-08-15 19:49 ` Vivek Goyal
2018-08-15 20:47 ` Linus Torvalds
2018-08-15 20:53 ` James Bottomley
2018-08-15 21:08 ` Yannik Sembritzki
2018-08-15 21:13 ` James Bottomley
2018-08-15 21:31 ` Yannik Sembritzki
2018-08-15 21:40 ` James Bottomley
2018-08-15 21:50 ` Yannik Sembritzki
2018-08-15 21:57 ` Vivek Goyal
2018-08-15 22:14 ` Yannik Sembritzki
2018-08-15 21:52 ` Vivek Goyal
2018-08-15 21:57 ` James Bottomley
2018-08-15 21:14 ` Linus Torvalds
2018-08-16 13:51 ` David Howells
2018-08-16 15:16 ` James Bottomley
2018-08-16 15:42 ` James Bottomley
2018-08-16 15:49 ` David Howells
2018-08-16 15:56 ` James Bottomley
2018-08-16 16:56 ` David Laight
2018-08-16 17:15 ` James Bottomley
2018-08-16 20:31 ` David Howells
2018-08-17 0:07 ` James Bottomley
2018-08-17 8:24 ` David Howells
2018-08-17 14:58 ` James Bottomley
2018-08-17 15:42 ` Justin Forbes
2018-08-17 16:02 ` James Bottomley
2018-08-16 0:52 ` Dave Young
2018-08-16 0:55 ` Dave Young
2018-08-16 12:13 ` David Howells
2018-08-16 14:22 ` James Bottomley
2018-08-16 14:43 ` David Howells
2018-08-16 14:59 ` James Bottomley
2018-08-17 17:00 ` Alan Cox
2018-08-15 17:45 ` Linus Torvalds
2018-08-15 18:19 ` Yannik Sembritzki
2018-08-15 18:22 ` Linus Torvalds
2018-08-15 19:42 ` [PATCH 0/2] Fix kexec forbidding kernels signed with keys in the secondary keyring " Yannik Sembritzki
2018-08-16 18:02 ` Linus Torvalds
2018-08-15 19:42 ` [PATCH 1/2] " Yannik Sembritzki
2018-08-15 19:42 ` [PATCH 2/2] Replace magic for trusting the secondary keyring with #define Yannik Sembritzki
2018-08-15 21:14 ` kbuild test robot
2018-08-15 21:19 ` [PATCH 2/2] [FIXED] " Yannik Sembritzki
2018-08-15 22:01 ` Linus Torvalds
2018-08-15 22:07 ` [PATCH 2/2] [FIXED v2] " Yannik Sembritzki
2018-08-16 1:11 ` Dave Young
2018-08-16 7:43 ` Yannik Sembritzki
2018-08-16 8:02 ` Dave Young
2018-08-16 8:20 ` Greg Kroah-Hartman
2018-08-16 12:46 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=273c639a-b322-996a-84f2-e55ad187893b@sembritzki.me \
--to=yannik@sembritzki.me \
--cc=dhowells@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vgoyal@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).