From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78641C433EF for ; Mon, 27 Sep 2021 00:51:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5AEED60F4A for ; Mon, 27 Sep 2021 00:51:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232321AbhI0Aww (ORCPT ); Sun, 26 Sep 2021 20:52:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232304AbhI0Aws (ORCPT ); Sun, 26 Sep 2021 20:52:48 -0400 Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7ECE9C061570 for ; Sun, 26 Sep 2021 17:51:11 -0700 (PDT) Received: by mail-pj1-x102a.google.com with SMTP id d4-20020a17090ad98400b0019ece228690so2414597pjv.5 for ; Sun, 26 Sep 2021 17:51:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wRlSrRWN8ZeQosEp+WXYy+zsVZFnR5I4rS0SZN/3GUk=; b=SRoWUSJ1fjtUuizmYMmEwXSiT3KtKaU+3ub480ffovEAog18NdgJLFYjPWywXncKwT 3aDhNli7LfWuJB9JvntfTb2dDRJlrq+wFbsD7liqiSYAwLt4GzyD0dT9oK1zdv0G82fA IoUD7d5Ua5jm+ECKkMlPQI1lRbWEzbeBaAfa0IKQDG75BvSsLIlBbYG0BJAJhiYcJ6t7 DwLAeosqhgHNcCxHkJl+Jzc0Prxp0lXrF4Ng7h9wZ7wm3IRxCiv3e+J+EPAxZnHXNwGl e5JLBdP1hPD+MQ5ZZpCQKojybJY+2FXGHu9GeLhAWLw4RGScyi7l9ps/csobjfQEcL1C 4omA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wRlSrRWN8ZeQosEp+WXYy+zsVZFnR5I4rS0SZN/3GUk=; b=mnRJ5mzQPFEpi671nNglx8JMh9kMe87GCUByLh6blRZ5lcvMWqYfdXfXclLF/iSkMM 7Ykb9GaRtz75sqsdHWnxFZd4hO2y3vJRcfM+9JEn7E9rItjgn4l+BJK0tKC5r8STElPt eWh7SfBQVZt9T5c1QrNR3DZhdJM5lcQvl0DwFW9hBVtmNpuH+ScQKRrneW0Vvfhse6MP lAd0EH4Fi8NuArOfeaY+CBm6O2uCbcDom3aifbnRw3c+040xretXRt1scZGTTvDi5FuS xOQElNvIabF4/B8/6R3xSK/ZdZd/8E6BnF5RAwwxBXsmcQk6+gT0w3243M6ebCEG+o6j 5ubw== X-Gm-Message-State: AOAM531nGATm2DUfcA1XDf8spS4GCb96e4ocScCW847TfZGK49Nu+Qpw 9Qrl197wiT0ZALVoA3RpON7MkmCbCoLTNg== X-Google-Smtp-Source: ABdhPJzITfB8sv5VtDt3+G79zOX6nfr7DAL6rLUu/elC9n6vpsv9QRoDUR3roDWcTce8lZkdFIx2jg== X-Received: by 2002:a17:90a:514e:: with SMTP id k14mr16790467pjm.154.1632703871119; Sun, 26 Sep 2021 17:51:11 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id h16sm13980124pjt.30.2021.09.26.17.51.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Sep 2021 17:51:10 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: linux-arm-kernel@lists.infradead.org, Coiby Xu , Catalin Marinas , Will Deacon , linux-kernel@vger.kernel.org (open list) Subject: [PATCH 2/2] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Mon, 27 Sep 2021 08:50:04 +0800 Message-Id: <20210927005004.36367-3-coiby.xu@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210927005004.36367-1-coiby.xu@gmail.com> References: <20210927005004.36367-1-coiby.xu@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Coiby Xu This allows to verify arm64 kernel image signature using not only .builtin_trusted_keys but also .secondary_trusted_keys and .platform keyring. Signed-off-by: Coiby Xu --- arch/arm64/kernel/kexec_image.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..2357ee2f229a 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -14,7 +14,6 @@ #include #include #include -#include #include #include #include @@ -133,8 +132,7 @@ static void *image_load(struct kimage *image, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG static int image_verify_sig(const char *kernel, unsigned long kernel_len) { - return verify_pefile_signature(kernel, kernel_len, NULL, - VERIFYING_KEXEC_PE_SIGNATURE); + return arch_kexec_kernel_verify_pe_sig(kernel, kernel_len); } #endif -- 2.33.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0ACDDC4332F for ; Mon, 27 Sep 2021 00:53:29 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C25CD61041 for ; Mon, 27 Sep 2021 00:53:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C25CD61041 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=YCq9IZGvlSBu2SrqAHlNXtG8Vv1UAkawKm/N/CYxa50=; b=VsBHmhon4nC15n /LFmlXSLOeVxP2Nh2u+L0Jgd6Kkt12nBj5JT6DsDujOXRtsRkrq46dgY8xvbynag2jMqib6EhXtDL KxqkUM8dmshCgWADRUpD/aNtE6zb7bcJ4Cj1oRgKszPvRq6J+7Yz803WjZwJXfHobHSLG5zkYRbAv FEJK9RLjQCd7aSQZBRMD2rDw6mYxehIqnRGoGO20MGrGxDxmVvx7ptsKpz++g5KjMHQtX/Lf14UpN K3hfOI9bOPIAgG2vXKGiMgCWsLhu6D/laESPQLjoAb9e0fBOxXJVALw0XowpdOnK0kz0jxKaavayL KDJqUiuDvGJkOHMDXj8A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mUeri-001IXJ-6z; Mon, 27 Sep 2021 00:51:30 +0000 Received: from mail-pl1-x62f.google.com ([2607:f8b0:4864:20::62f]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mUerP-001ISb-RQ; Mon, 27 Sep 2021 00:51:13 +0000 Received: by mail-pl1-x62f.google.com with SMTP id a7so10618081plm.1; Sun, 26 Sep 2021 17:51:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wRlSrRWN8ZeQosEp+WXYy+zsVZFnR5I4rS0SZN/3GUk=; b=SRoWUSJ1fjtUuizmYMmEwXSiT3KtKaU+3ub480ffovEAog18NdgJLFYjPWywXncKwT 3aDhNli7LfWuJB9JvntfTb2dDRJlrq+wFbsD7liqiSYAwLt4GzyD0dT9oK1zdv0G82fA IoUD7d5Ua5jm+ECKkMlPQI1lRbWEzbeBaAfa0IKQDG75BvSsLIlBbYG0BJAJhiYcJ6t7 DwLAeosqhgHNcCxHkJl+Jzc0Prxp0lXrF4Ng7h9wZ7wm3IRxCiv3e+J+EPAxZnHXNwGl e5JLBdP1hPD+MQ5ZZpCQKojybJY+2FXGHu9GeLhAWLw4RGScyi7l9ps/csobjfQEcL1C 4omA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wRlSrRWN8ZeQosEp+WXYy+zsVZFnR5I4rS0SZN/3GUk=; b=e5Zse5inprSu8TXJaFDpg3ixDLDs/OzknT0BXnqYn6eUXDO2mU3OIcgQpSdo1PqxMl JEdvNOEx4JCmF9Q663nqZukvZYBw23a0J5DS7MpaqU/fOA8YV2jEza1lTghGkDOO6rgr YJi8s+g879xomRwW4ALz2bg4SBJaF97TYmGHUx9JqjB07kUq3xmKC8uZof0Vtru7ctmh 6rB0wzdCIH2fpWIPA1bgxaRqKmN+rU24b1FGhSoyzzd8uHiAkCNptZzjp+Yx7CCKPVGo kWMifnPsWjFj1W3AY0F2c4y4T/FgYltH1eszheHezlOxCK2lVmjbIpHltVaJkN1A4BAw rv4Q== X-Gm-Message-State: AOAM531RARic3xDl1GWJcn2k8BFJYf9MtyvBu4KnIT5f2wGLTuDfgP/8 DT2pU0AlAFjM3zniGvrxa80Q6pbLmOzsVQ== X-Google-Smtp-Source: ABdhPJzITfB8sv5VtDt3+G79zOX6nfr7DAL6rLUu/elC9n6vpsv9QRoDUR3roDWcTce8lZkdFIx2jg== X-Received: by 2002:a17:90a:514e:: with SMTP id k14mr16790467pjm.154.1632703871119; Sun, 26 Sep 2021 17:51:11 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id h16sm13980124pjt.30.2021.09.26.17.51.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Sep 2021 17:51:10 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: linux-arm-kernel@lists.infradead.org, Coiby Xu , Catalin Marinas , Will Deacon , linux-kernel@vger.kernel.org (open list) Subject: [PATCH 2/2] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Mon, 27 Sep 2021 08:50:04 +0800 Message-Id: <20210927005004.36367-3-coiby.xu@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210927005004.36367-1-coiby.xu@gmail.com> References: <20210927005004.36367-1-coiby.xu@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210926_175111_931264_F6874610 X-CRM114-Status: GOOD ( 10.70 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Coiby Xu This allows to verify arm64 kernel image signature using not only .builtin_trusted_keys but also .secondary_trusted_keys and .platform keyring. Signed-off-by: Coiby Xu --- arch/arm64/kernel/kexec_image.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..2357ee2f229a 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -14,7 +14,6 @@ #include #include #include -#include #include #include #include @@ -133,8 +132,7 @@ static void *image_load(struct kimage *image, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG static int image_verify_sig(const char *kernel, unsigned long kernel_len) { - return verify_pefile_signature(kernel, kernel_len, NULL, - VERIFYING_KEXEC_PE_SIGNATURE); + return arch_kexec_kernel_verify_pe_sig(kernel, kernel_len); } #endif -- 2.33.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: From: Coiby Xu Subject: [PATCH 2/2] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Mon, 27 Sep 2021 08:50:04 +0800 Message-Id: <20210927005004.36367-3-coiby.xu@gmail.com> In-Reply-To: <20210927005004.36367-1-coiby.xu@gmail.com> References: <20210927005004.36367-1-coiby.xu@gmail.com> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: kexec@lists.infradead.org Cc: linux-arm-kernel@lists.infradead.org, Coiby Xu , Catalin Marinas , Will Deacon , open list From: Coiby Xu This allows to verify arm64 kernel image signature using not only .builtin_trusted_keys but also .secondary_trusted_keys and .platform keyring. Signed-off-by: Coiby Xu --- arch/arm64/kernel/kexec_image.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..2357ee2f229a 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -14,7 +14,6 @@ #include #include #include -#include #include #include #include @@ -133,8 +132,7 @@ static void *image_load(struct kimage *image, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG static int image_verify_sig(const char *kernel, unsigned long kernel_len) { - return verify_pefile_signature(kernel, kernel_len, NULL, - VERIFYING_KEXEC_PE_SIGNATURE); + return arch_kexec_kernel_verify_pe_sig(kernel, kernel_len); } #endif -- 2.33.0 _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec