From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11ACAC4332F for ; Tue, 15 Feb 2022 19:40:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243763AbiBOTk2 (ORCPT ); Tue, 15 Feb 2022 14:40:28 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:44740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243757AbiBOTk1 (ORCPT ); Tue, 15 Feb 2022 14:40:27 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12284DEB6; Tue, 15 Feb 2022 11:40:15 -0800 (PST) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 204E42112A; Tue, 15 Feb 2022 19:40:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1644954014; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Xag/tiYIWZjYv+wxtYhQ+mbygAAZdHDwq6nPQfuZzo=; b=Fjdwzsuxb9ZxQn/KzDhNEM1i3t8Jg1CLxu4AXw4xy8OCPM6Z5b7DevDOj5kfhMEGo+vRUD zjmIIjGVbOvcRnkjy1Mk5+oEZocOyZBi/e5u5l2CFNssckXTQOWkRfq5S13zn6LSQZnh6h NZU/J/MyJFptCBTVmv3F+NK+9ccFgvg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1644954014; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Xag/tiYIWZjYv+wxtYhQ+mbygAAZdHDwq6nPQfuZzo=; b=f86nJeBFiwa8nt/hv1OO6lAbHJRRZ7eOgXRZxhJhheKW1mRwObnmFtHwvqdvv9Uj/2QAF8 dSFa6e5gxSq2ZCCQ== Received: from kitsune.suse.cz (kitsune.suse.cz [10.100.12.127]) by relay2.suse.de (Postfix) with ESMTP id DD1BDA3B81; Tue, 15 Feb 2022 19:40:13 +0000 (UTC) From: Michal Suchanek Cc: Michal Suchanek , Catalin Marinas , Will Deacon , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Philipp Rudo , Baoquan He , Alexander Egorenkov , AKASHI Takahiro , James Morse , Dave Young , Mimi Zohar , Kairui Song , Martin Schwidefsky , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, kexec@lists.infradead.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, stable@kernel.org Subject: [PATCH 1/4] Fix arm64 kexec forbidding kernels signed with keys in the secondary keyring to boot Date: Tue, 15 Feb 2022 20:39:38 +0100 Message-Id: <83b3583f35c50c609739a8d857d14e8410293373.1644953683.git.msuchanek@suse.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org commit d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd. Fix this by passing VERIFY_USE_SECONDARY_KEYRING to verify_pefile_signature(). Cherry-picked from commit ea93102f3224 ("Fix kexec forbidding kernels signed with keys in the secondary keyring to boot") Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support") Cc: kexec@lists.infradead.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: stable@kernel.org Signed-off-by: Michal Suchanek --- arch/arm64/kernel/kexec_image.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..1fbf2ee7c005 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -133,7 +133,8 @@ static void *image_load(struct kimage *image, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG static int image_verify_sig(const char *kernel, unsigned long kernel_len) { - return verify_pefile_signature(kernel, kernel_len, NULL, + return verify_pefile_signature(kernel, kernel_len, + VERIFY_USE_SECONDARY_KEYRING, VERIFYING_KEXEC_PE_SIGNATURE); } #endif -- 2.31.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E05C5C433F5 for ; Tue, 15 Feb 2022 19:41:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=vOMBoWdPiNyGaTRKEM2RFWXJcuyWeI2Eag6SwTi6lHs=; b=CWGidFcI4UpmFn 5nGUXH9CfBDa8krRGVd4Tc6e3ww2HUsyn5/4lRK9sJEARSVMnxC2jwjOYBGbrqQAu7nSfTB9kuylU Ls7yXC6/ATnfNs1ZwwPDc4mWa6+Z6t/sVpCpTx31eM82+1f0I6kMVv5/IJ56vAIOi21zRN+fMqbu9 +RcH8T7g/JRrsznuW8SbsBvvwgtoWdITSYeePkIJ/XXENxuJzVSLLmOzDKoxdXfjSVtyBLdTJfEql /Rid23se0d1ycd9NK19YTKrUeaaz323b/EahzeLtIHrUuPlu3zIJNr94wmJmS+lOCgfsTXTzSWg2e cvAaCvu+ktsNiY4QXbBQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nK3ge-004MGc-BI; Tue, 15 Feb 2022 19:40:32 +0000 Received: from smtp-out1.suse.de ([195.135.220.28]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nK3gO-004MBS-4B; Tue, 15 Feb 2022 19:40:17 +0000 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 204E42112A; Tue, 15 Feb 2022 19:40:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1644954014; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Xag/tiYIWZjYv+wxtYhQ+mbygAAZdHDwq6nPQfuZzo=; b=Fjdwzsuxb9ZxQn/KzDhNEM1i3t8Jg1CLxu4AXw4xy8OCPM6Z5b7DevDOj5kfhMEGo+vRUD zjmIIjGVbOvcRnkjy1Mk5+oEZocOyZBi/e5u5l2CFNssckXTQOWkRfq5S13zn6LSQZnh6h NZU/J/MyJFptCBTVmv3F+NK+9ccFgvg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1644954014; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Xag/tiYIWZjYv+wxtYhQ+mbygAAZdHDwq6nPQfuZzo=; b=f86nJeBFiwa8nt/hv1OO6lAbHJRRZ7eOgXRZxhJhheKW1mRwObnmFtHwvqdvv9Uj/2QAF8 dSFa6e5gxSq2ZCCQ== Received: from kitsune.suse.cz (kitsune.suse.cz [10.100.12.127]) by relay2.suse.de (Postfix) with ESMTP id DD1BDA3B81; Tue, 15 Feb 2022 19:40:13 +0000 (UTC) From: Michal Suchanek To: Cc: Michal Suchanek , Catalin Marinas , Will Deacon , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Philipp Rudo , Baoquan He , Alexander Egorenkov , AKASHI Takahiro , James Morse , Dave Young , Mimi Zohar , Kairui Song , Martin Schwidefsky , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, kexec@lists.infradead.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, stable@kernel.org Subject: [PATCH 1/4] Fix arm64 kexec forbidding kernels signed with keys in the secondary keyring to boot Date: Tue, 15 Feb 2022 20:39:38 +0100 Message-Id: <83b3583f35c50c609739a8d857d14e8410293373.1644953683.git.msuchanek@suse.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220215_114016_381380_68032738 X-CRM114-Status: UNSURE ( 9.90 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org commit d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd. Fix this by passing VERIFY_USE_SECONDARY_KEYRING to verify_pefile_signature(). Cherry-picked from commit ea93102f3224 ("Fix kexec forbidding kernels signed with keys in the secondary keyring to boot") Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support") Cc: kexec@lists.infradead.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: stable@kernel.org Signed-off-by: Michal Suchanek --- arch/arm64/kernel/kexec_image.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..1fbf2ee7c005 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -133,7 +133,8 @@ static void *image_load(struct kimage *image, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG static int image_verify_sig(const char *kernel, unsigned long kernel_len) { - return verify_pefile_signature(kernel, kernel_len, NULL, + return verify_pefile_signature(kernel, kernel_len, + VERIFY_USE_SECONDARY_KEYRING, VERIFYING_KEXEC_PE_SIGNATURE); } #endif -- 2.31.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michal Suchanek Date: Tue, 15 Feb 2022 20:39:38 +0100 Subject: [PATCH 1/4] Fix arm64 kexec forbidding kernels signed with keys in the secondary keyring to boot In-Reply-To: References: Message-ID: <83b3583f35c50c609739a8d857d14e8410293373.1644953683.git.msuchanek@suse.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: kexec@lists.infradead.org commit d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd. Fix this by passing VERIFY_USE_SECONDARY_KEYRING to verify_pefile_signature(). Cherry-picked from commit ea93102f3224 ("Fix kexec forbidding kernels signed with keys in the secondary keyring to boot") Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support") Cc: kexec at lists.infradead.org Cc: keyrings at vger.kernel.org Cc: linux-security-module at vger.kernel.org Cc: stable at kernel.org Signed-off-by: Michal Suchanek --- arch/arm64/kernel/kexec_image.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..1fbf2ee7c005 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -133,7 +133,8 @@ static void *image_load(struct kimage *image, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG static int image_verify_sig(const char *kernel, unsigned long kernel_len) { - return verify_pefile_signature(kernel, kernel_len, NULL, + return verify_pefile_signature(kernel, kernel_len, + VERIFY_USE_SECONDARY_KEYRING, VERIFYING_KEXEC_PE_SIGNATURE); } #endif -- 2.31.1