From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9FA1C433FE for ; Thu, 19 May 2022 17:11:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242460AbiESRL5 (ORCPT ); Thu, 19 May 2022 13:11:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242457AbiESRLz (ORCPT ); Thu, 19 May 2022 13:11:55 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BC032DD77; Thu, 19 May 2022 10:11:37 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 21E1221B3D; Thu, 19 May 2022 17:11:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1652980296; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=rWh53tGkveY7idEYFsxjbZWpUxq42gDwANR/tTyoynA=; b=GxK3G4QLKN08IdF1ihND5wQ2Ww5O75CoNT+XUN7JDy50/venD87zCA7NNiKGjKc7afCOQl AJJ5F93tVyNCQykjtCBVlUCg2y+WuJP5RKwsDcYZqyf5Ay+FiM9ovzjRmUPAtQ/D/K6glv t+j3pn2by0hLM1Kv95IUGaIORWEpBlw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1652980296; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=rWh53tGkveY7idEYFsxjbZWpUxq42gDwANR/tTyoynA=; b=VMNYKei+gBjUYDhmu+fbZxs5FqWeJIPthSZxCZVqoA4oKbJkLMG5IVS8fNKOmI9Y3PrJ+X 8Tz99XX8TMgJYqAg== Received: from kunlun.suse.cz (unknown [10.100.128.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 885302C141; Thu, 19 May 2022 17:11:35 +0000 (UTC) Date: Thu, 19 May 2022 19:11:34 +0200 From: Michal =?iso-8859-1?Q?Such=E1nek?= To: Baoquan He Cc: Mimi Zohar , Coiby Xu , Heiko Carstens , akpm@linux-foundation.org, kexec@lists.infradead.org, keyrings@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Dave Young , Will Deacon , "Eric W . Biederman" , Chun-Yi Lee , stable@vger.kernel.org, Philipp Rudo , linux-security-module@vger.kernel.org, Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Martin Schwidefsky , "open list:S390" , open list , linux-integrity , Jarkko Sakkinen Subject: Re: [PATCH v8 4/4] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification Message-ID: <20220519171134.GN163591@kunlun.suse.cz> References: <20220512070123.29486-1-coxu@redhat.com> <20220512070123.29486-5-coxu@redhat.com> <20220519003902.GE156677@MiWiFi-R3L-srv> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org On Thu, May 19, 2022 at 10:22:15PM +0800, Baoquan He wrote: > On 05/19/22 at 07:56am, Mimi Zohar wrote: > > [Cc'ing Jarkko, linux-integrity] > > > > On Thu, 2022-05-19 at 08:39 +0800, Baoquan He wrote: > > > On 05/18/22 at 01:29pm, Heiko Carstens wrote: > > > > On Thu, May 12, 2022 at 03:01:23PM +0800, Coiby Xu wrote: > > > > > From: Michal Suchanek > > > > > > > > > > commit e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > > > adds support for KEXEC_SIG verification with keys from platform keyring > > > > > but the built-in keys and secondary keyring are not used. > > > > > > > > > > Add support for the built-in keys and secondary keyring as x86 does. > > > > > > > > > > Fixes: e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > > > Cc: stable@vger.kernel.org > > > > > Cc: Philipp Rudo > > > > > Cc: kexec@lists.infradead.org > > > > > Cc: keyrings@vger.kernel.org > > > > > Cc: linux-security-module@vger.kernel.org > > > > > Signed-off-by: Michal Suchanek > > > > > Reviewed-by: "Lee, Chun-Yi" > > > > > Acked-by: Baoquan He > > > > > Signed-off-by: Coiby Xu > > > > > --- > > > > > arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++----- > > > > > 1 file changed, 13 insertions(+), 5 deletions(-) > > > > > > > > As far as I can tell this doesn't have any dependency to the other > > > > patches in this series, so should I pick this up for the s390 tree, or > > > > how will this go upstream? > > > > > > Thanks, Heiko. > > > > > > I want to ask Mimi if this can be taken into KEYS-ENCRYPTED tree. > > > Otherwise I will ask Andrew to help pick this whole series. > > > > > > Surely, this patch 4 can be taken into s390 seperately since it's > > > independent, both looks good. > > > > KEYS-ENCRYTPED is a type of key, unrelated to using the .platform, > > .builtin, .machine, or .secondary keyrings. One of the main reasons > > for this patch set is to use the new ".machine" keyring, which, if > > enabled, is linked to the "secondary" keyring. However, the only > > reference to the ".machine" keyring is in the cover letter, not any of > > the patch descriptions. Since this is the basis for the system's > > integrity, this seems like a pretty big omission. > > > > From patch 2/4: > > "The code in bzImage64_verify_sig makes use of system keyrings > > including > > .buitin_trusted_keys, .secondary_trusted_keys and .platform keyring to > > verify signed kernel image as PE file..." > > > > From patch 3/4: > > "This patch allows to verify arm64 kernel image signature using not > > only > > .builtin_trusted_keys but also .platform and .secondary_trusted_keys > > keyring." > > > > From patch 4/4: > > "... with keys from platform keyring but the built-in keys and > > secondary keyring are not used." > > > > This patch set could probably go through KEYS/KEYRINGS_INTEGRITY, but > > it's kind of late to be asking. Has it been in linux-next? Should I > > assume this patch set has been fully tested or can we get some "tags"? > > Right, it should be KEYS/KEYRINGS_INTEGRITY related, I made mistaken. > Now it got two ACKs from Michal and me. Michal met the same issue on > arm64 and posted another series of patches, finally Coiby integrated > Michal's patch and his to make this patchset. That would be great if > this can get reviewing from experts on key/keyring. Surely, Coiby need > update the patch log to add the '.machine' keyring into patch logs as > you pointed out. > > IIRC, Coiby has tested it on x86_64/arm64, not sure if he took test on > s390. No, this hasn't been in linux-next. I used the s390 code on powerpc and there it did not work because the built-in key was needed to verify the kernel. I did not really run this on s390, only ported the fix I needed on powerpc back to s390. Thanks Michal From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2FB38C433F5 for ; Thu, 19 May 2022 17:13:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=sduKxd7GapO1zmLRfFpxvnpHifaJz1VSdNurNAL79j0=; b=RAhVZSS4DAdG9x Tn5WLIVSmC5FzkW5qZgmPS0fBE6CoidN8ZCvzIwn+SyBUgllJgK6ZC0Ruvkb+F0Cs8AgXAalLe280 Q0DRkbWfp0T/c1yXP1hRG55VjqnmCmL2dLxQCDx4ge8OTUL5RCUGGRmGfBP9Qxyni8SqnEWzbz4Y5 WgkHfVQEga0h71cNLz9BB09kJuLxZIuZdrof4zHevP59aZRXc1fcsJha/WKzNJvFQqIcWAzpsUwbn gHYe1c/Q58U/P8L8OU1MBttcabZo2extrIjSNDzCHIw59BRHQ7ceBazmJrb7bBdlT7eAtUWstD6VH 8q3x6fS4Oez7UcdG3etw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrjgi-008XZw-Uu; Thu, 19 May 2022 17:11:49 +0000 Received: from smtp-out1.suse.de ([195.135.220.28]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrjgc-008XW7-L7; Thu, 19 May 2022 17:11:44 +0000 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 21E1221B3D; Thu, 19 May 2022 17:11:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1652980296; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=rWh53tGkveY7idEYFsxjbZWpUxq42gDwANR/tTyoynA=; b=GxK3G4QLKN08IdF1ihND5wQ2Ww5O75CoNT+XUN7JDy50/venD87zCA7NNiKGjKc7afCOQl AJJ5F93tVyNCQykjtCBVlUCg2y+WuJP5RKwsDcYZqyf5Ay+FiM9ovzjRmUPAtQ/D/K6glv t+j3pn2by0hLM1Kv95IUGaIORWEpBlw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1652980296; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=rWh53tGkveY7idEYFsxjbZWpUxq42gDwANR/tTyoynA=; b=VMNYKei+gBjUYDhmu+fbZxs5FqWeJIPthSZxCZVqoA4oKbJkLMG5IVS8fNKOmI9Y3PrJ+X 8Tz99XX8TMgJYqAg== Received: from kunlun.suse.cz (unknown [10.100.128.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 885302C141; Thu, 19 May 2022 17:11:35 +0000 (UTC) Date: Thu, 19 May 2022 19:11:34 +0200 From: Michal =?iso-8859-1?Q?Such=E1nek?= To: Baoquan He Cc: Mimi Zohar , Coiby Xu , Heiko Carstens , akpm@linux-foundation.org, kexec@lists.infradead.org, keyrings@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Dave Young , Will Deacon , "Eric W . Biederman" , Chun-Yi Lee , stable@vger.kernel.org, Philipp Rudo , linux-security-module@vger.kernel.org, Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Martin Schwidefsky , "open list:S390" , open list , linux-integrity , Jarkko Sakkinen Subject: Re: [PATCH v8 4/4] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification Message-ID: <20220519171134.GN163591@kunlun.suse.cz> References: <20220512070123.29486-1-coxu@redhat.com> <20220512070123.29486-5-coxu@redhat.com> <20220519003902.GE156677@MiWiFi-R3L-srv> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220519_101142_880634_058FCD89 X-CRM114-Status: GOOD ( 40.55 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, May 19, 2022 at 10:22:15PM +0800, Baoquan He wrote: > On 05/19/22 at 07:56am, Mimi Zohar wrote: > > [Cc'ing Jarkko, linux-integrity] > > > > On Thu, 2022-05-19 at 08:39 +0800, Baoquan He wrote: > > > On 05/18/22 at 01:29pm, Heiko Carstens wrote: > > > > On Thu, May 12, 2022 at 03:01:23PM +0800, Coiby Xu wrote: > > > > > From: Michal Suchanek > > > > > > > > > > commit e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > > > adds support for KEXEC_SIG verification with keys from platform keyring > > > > > but the built-in keys and secondary keyring are not used. > > > > > > > > > > Add support for the built-in keys and secondary keyring as x86 does. > > > > > > > > > > Fixes: e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > > > Cc: stable@vger.kernel.org > > > > > Cc: Philipp Rudo > > > > > Cc: kexec@lists.infradead.org > > > > > Cc: keyrings@vger.kernel.org > > > > > Cc: linux-security-module@vger.kernel.org > > > > > Signed-off-by: Michal Suchanek > > > > > Reviewed-by: "Lee, Chun-Yi" > > > > > Acked-by: Baoquan He > > > > > Signed-off-by: Coiby Xu > > > > > --- > > > > > arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++----- > > > > > 1 file changed, 13 insertions(+), 5 deletions(-) > > > > > > > > As far as I can tell this doesn't have any dependency to the other > > > > patches in this series, so should I pick this up for the s390 tree, or > > > > how will this go upstream? > > > > > > Thanks, Heiko. > > > > > > I want to ask Mimi if this can be taken into KEYS-ENCRYPTED tree. > > > Otherwise I will ask Andrew to help pick this whole series. > > > > > > Surely, this patch 4 can be taken into s390 seperately since it's > > > independent, both looks good. > > > > KEYS-ENCRYTPED is a type of key, unrelated to using the .platform, > > .builtin, .machine, or .secondary keyrings. One of the main reasons > > for this patch set is to use the new ".machine" keyring, which, if > > enabled, is linked to the "secondary" keyring. However, the only > > reference to the ".machine" keyring is in the cover letter, not any of > > the patch descriptions. Since this is the basis for the system's > > integrity, this seems like a pretty big omission. > > > > From patch 2/4: > > "The code in bzImage64_verify_sig makes use of system keyrings > > including > > .buitin_trusted_keys, .secondary_trusted_keys and .platform keyring to > > verify signed kernel image as PE file..." > > > > From patch 3/4: > > "This patch allows to verify arm64 kernel image signature using not > > only > > .builtin_trusted_keys but also .platform and .secondary_trusted_keys > > keyring." > > > > From patch 4/4: > > "... with keys from platform keyring but the built-in keys and > > secondary keyring are not used." > > > > This patch set could probably go through KEYS/KEYRINGS_INTEGRITY, but > > it's kind of late to be asking. Has it been in linux-next? Should I > > assume this patch set has been fully tested or can we get some "tags"? > > Right, it should be KEYS/KEYRINGS_INTEGRITY related, I made mistaken. > Now it got two ACKs from Michal and me. Michal met the same issue on > arm64 and posted another series of patches, finally Coiby integrated > Michal's patch and his to make this patchset. That would be great if > this can get reviewing from experts on key/keyring. Surely, Coiby need > update the patch log to add the '.machine' keyring into patch logs as > you pointed out. > > IIRC, Coiby has tested it on x86_64/arm64, not sure if he took test on > s390. No, this hasn't been in linux-next. I used the s390 code on powerpc and there it did not work because the built-in key was needed to verify the kernel. I did not really run this on s390, only ported the fix I needed on powerpc back to s390. Thanks Michal _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michal =?unknown-8bit?q?Such=C3=A1nek?= Date: Thu, 19 May 2022 19:11:34 +0200 Subject: [PATCH v8 4/4] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification In-Reply-To: References: <20220512070123.29486-1-coxu@redhat.com> <20220512070123.29486-5-coxu@redhat.com> <20220519003902.GE156677@MiWiFi-R3L-srv> Message-ID: <20220519171134.GN163591@kunlun.suse.cz> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: kexec@lists.infradead.org On Thu, May 19, 2022 at 10:22:15PM +0800, Baoquan He wrote: > On 05/19/22 at 07:56am, Mimi Zohar wrote: > > [Cc'ing Jarkko, linux-integrity] > > > > On Thu, 2022-05-19 at 08:39 +0800, Baoquan He wrote: > > > On 05/18/22 at 01:29pm, Heiko Carstens wrote: > > > > On Thu, May 12, 2022 at 03:01:23PM +0800, Coiby Xu wrote: > > > > > From: Michal Suchanek > > > > > > > > > > commit e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > > > adds support for KEXEC_SIG verification with keys from platform keyring > > > > > but the built-in keys and secondary keyring are not used. > > > > > > > > > > Add support for the built-in keys and secondary keyring as x86 does. > > > > > > > > > > Fixes: e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > > > Cc: stable at vger.kernel.org > > > > > Cc: Philipp Rudo > > > > > Cc: kexec at lists.infradead.org > > > > > Cc: keyrings at vger.kernel.org > > > > > Cc: linux-security-module at vger.kernel.org > > > > > Signed-off-by: Michal Suchanek > > > > > Reviewed-by: "Lee, Chun-Yi" > > > > > Acked-by: Baoquan He > > > > > Signed-off-by: Coiby Xu > > > > > --- > > > > > arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++----- > > > > > 1 file changed, 13 insertions(+), 5 deletions(-) > > > > > > > > As far as I can tell this doesn't have any dependency to the other > > > > patches in this series, so should I pick this up for the s390 tree, or > > > > how will this go upstream? > > > > > > Thanks, Heiko. > > > > > > I want to ask Mimi if this can be taken into KEYS-ENCRYPTED tree. > > > Otherwise I will ask Andrew to help pick this whole series. > > > > > > Surely, this patch 4 can be taken into s390 seperately since it's > > > independent, both looks good. > > > > KEYS-ENCRYTPED is a type of key, unrelated to using the .platform, > > .builtin, .machine, or .secondary keyrings. One of the main reasons > > for this patch set is to use the new ".machine" keyring, which, if > > enabled, is linked to the "secondary" keyring. However, the only > > reference to the ".machine" keyring is in the cover letter, not any of > > the patch descriptions. Since this is the basis for the system's > > integrity, this seems like a pretty big omission. > > > > From patch 2/4: > > "The code in bzImage64_verify_sig makes use of system keyrings > > including > > .buitin_trusted_keys, .secondary_trusted_keys and .platform keyring to > > verify signed kernel image as PE file..." > > > > From patch 3/4: > > "This patch allows to verify arm64 kernel image signature using not > > only > > .builtin_trusted_keys but also .platform and .secondary_trusted_keys > > keyring." > > > > From patch 4/4: > > "... with keys from platform keyring but the built-in keys and > > secondary keyring are not used." > > > > This patch set could probably go through KEYS/KEYRINGS_INTEGRITY, but > > it's kind of late to be asking. Has it been in linux-next? Should I > > assume this patch set has been fully tested or can we get some "tags"? > > Right, it should be KEYS/KEYRINGS_INTEGRITY related, I made mistaken. > Now it got two ACKs from Michal and me. Michal met the same issue on > arm64 and posted another series of patches, finally Coiby integrated > Michal's patch and his to make this patchset. That would be great if > this can get reviewing from experts on key/keyring. Surely, Coiby need > update the patch log to add the '.machine' keyring into patch logs as > you pointed out. > > IIRC, Coiby has tested it on x86_64/arm64, not sure if he took test on > s390. No, this hasn't been in linux-next. I used the s390 code on powerpc and there it did not work because the built-in key was needed to verify the kernel. I did not really run this on s390, only ported the fix I needed on powerpc back to s390. Thanks Michal