From: Michael Ellerman <mpe@ellerman.id.au>
To: Mark Rutland <mark.rutland@arm.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: herbert@gondor.apana.org.au, bhe@redhat.com,
ard.biesheuvel@linaro.org, catalin.marinas@arm.com,
will.deacon@arm.com, linux-kernel@vger.kernel.org,
kexec@lists.infradead.org, dhowells@redhat.com, arnd@arndb.de,
linux-arm-kernel@lists.infradead.org,
bauerman@linux.vnet.ibm.com, akpm@linux-foundation.org,
dyoung@redhat.com, davem@davemloft.net, vgoyal@redhat.com
Subject: Re: [PATCH 14/14] arm64: kexec_file: add vmlinux format support
Date: Wed, 30 Aug 2017 18:40:14 +1000 [thread overview]
Message-ID: <87ziah1ma9.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <20170829100112.GC2901@leverpostej>
Mark Rutland <mark.rutland@arm.com> writes:
> On Thu, Aug 24, 2017 at 06:30:50PM +0100, Mark Rutland wrote:
>> On Thu, Aug 24, 2017 at 05:18:11PM +0900, AKASHI Takahiro wrote:
>> > The first PT_LOAD segment, which is assumed to be "text" code, in vmlinux
>> > will be loaded at the offset of TEXT_OFFSET from the begining of system
>> > memory. The other PT_LOAD segments are placed relative to the first one.
>>
>> I really don't like assuming things about the vmlinux ELF file.
>>
>> > Regarding kernel verification, since there is no standard way to contain
>> > a signature within elf binary, we follow PowerPC's (not yet upstreamed)
>> > approach, that is, appending a signature right after the kernel binary
>> > itself like module signing.
>>
>> I also *really* don't like this. It's a bizarre in-band mechanism,
>> without explcit information. It's not a nice ABI.
>>
>> If we can load an Image, why do we need to be able to load a vmlinux?
>
> So IIUC, the whole point of this is to be able to kexec_file_load() a
> vmlinux + signature bundle, for !CONFIG_EFI kernels.
>
> For that, I think that we actually need a new kexec_file_load${N}
> syscall, where we can pass the signature for the kernel as a separate
> file. Ideally also with a flags argument and perhaps the ability to sign
> the initrd too.
>
> That way we don't ahve to come up with a magic vmlinux+signature format,
You don't have to come up with one, it already exists. We've been using
it for signed modules for ~5 years.
It also has the advantages of being a signature of the entire ELF, no
silly games about which sections are included, and it's attached to the
vmlinux so you don't have to remember to copy it around. And the code to
produce it and verify it already exists.
cheers
WARNING: multiple messages have this Message-ID (diff)
From: mpe@ellerman.id.au (Michael Ellerman)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 14/14] arm64: kexec_file: add vmlinux format support
Date: Wed, 30 Aug 2017 18:40:14 +1000 [thread overview]
Message-ID: <87ziah1ma9.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <20170829100112.GC2901@leverpostej>
Mark Rutland <mark.rutland@arm.com> writes:
> On Thu, Aug 24, 2017 at 06:30:50PM +0100, Mark Rutland wrote:
>> On Thu, Aug 24, 2017 at 05:18:11PM +0900, AKASHI Takahiro wrote:
>> > The first PT_LOAD segment, which is assumed to be "text" code, in vmlinux
>> > will be loaded at the offset of TEXT_OFFSET from the begining of system
>> > memory. The other PT_LOAD segments are placed relative to the first one.
>>
>> I really don't like assuming things about the vmlinux ELF file.
>>
>> > Regarding kernel verification, since there is no standard way to contain
>> > a signature within elf binary, we follow PowerPC's (not yet upstreamed)
>> > approach, that is, appending a signature right after the kernel binary
>> > itself like module signing.
>>
>> I also *really* don't like this. It's a bizarre in-band mechanism,
>> without explcit information. It's not a nice ABI.
>>
>> If we can load an Image, why do we need to be able to load a vmlinux?
>
> So IIUC, the whole point of this is to be able to kexec_file_load() a
> vmlinux + signature bundle, for !CONFIG_EFI kernels.
>
> For that, I think that we actually need a new kexec_file_load${N}
> syscall, where we can pass the signature for the kernel as a separate
> file. Ideally also with a flags argument and perhaps the ability to sign
> the initrd too.
>
> That way we don't ahve to come up with a magic vmlinux+signature format,
You don't have to come up with one, it already exists. We've been using
it for signed modules for ~5 years.
It also has the advantages of being a signature of the entire ELF, no
silly games about which sections are included, and it's attached to the
vmlinux so you don't have to remember to copy it around. And the code to
produce it and verify it already exists.
cheers
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: Mark Rutland <mark.rutland@arm.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: herbert@gondor.apana.org.au, bhe@redhat.com,
ard.biesheuvel@linaro.org, catalin.marinas@arm.com,
will.deacon@arm.com, linux-kernel@vger.kernel.org,
davem@davemloft.net, dhowells@redhat.com, arnd@arndb.de,
vgoyal@redhat.com, bauerman@linux.vnet.ibm.com,
akpm@linux-foundation.org, dyoung@redhat.com,
kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 14/14] arm64: kexec_file: add vmlinux format support
Date: Wed, 30 Aug 2017 18:40:14 +1000 [thread overview]
Message-ID: <87ziah1ma9.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <20170829100112.GC2901@leverpostej>
Mark Rutland <mark.rutland@arm.com> writes:
> On Thu, Aug 24, 2017 at 06:30:50PM +0100, Mark Rutland wrote:
>> On Thu, Aug 24, 2017 at 05:18:11PM +0900, AKASHI Takahiro wrote:
>> > The first PT_LOAD segment, which is assumed to be "text" code, in vmlinux
>> > will be loaded at the offset of TEXT_OFFSET from the begining of system
>> > memory. The other PT_LOAD segments are placed relative to the first one.
>>
>> I really don't like assuming things about the vmlinux ELF file.
>>
>> > Regarding kernel verification, since there is no standard way to contain
>> > a signature within elf binary, we follow PowerPC's (not yet upstreamed)
>> > approach, that is, appending a signature right after the kernel binary
>> > itself like module signing.
>>
>> I also *really* don't like this. It's a bizarre in-band mechanism,
>> without explcit information. It's not a nice ABI.
>>
>> If we can load an Image, why do we need to be able to load a vmlinux?
>
> So IIUC, the whole point of this is to be able to kexec_file_load() a
> vmlinux + signature bundle, for !CONFIG_EFI kernels.
>
> For that, I think that we actually need a new kexec_file_load${N}
> syscall, where we can pass the signature for the kernel as a separate
> file. Ideally also with a flags argument and perhaps the ability to sign
> the initrd too.
>
> That way we don't ahve to come up with a magic vmlinux+signature format,
You don't have to come up with one, it already exists. We've been using
it for signed modules for ~5 years.
It also has the advantages of being a signature of the entire ELF, no
silly games about which sections are included, and it's attached to the
vmlinux so you don't have to remember to copy it around. And the code to
produce it and verify it already exists.
cheers
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2017-08-30 8:40 UTC|newest]
Thread overview: 147+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-24 8:17 [PATCH 00/14] arm64: kexec: add kexec_file_load support AKASHI Takahiro
2017-08-24 8:17 ` AKASHI Takahiro
2017-08-24 8:17 ` AKASHI Takahiro
2017-08-24 8:17 ` [PATCH 01/14] MODSIGN: Export module signature definitions AKASHI Takahiro
2017-08-24 8:17 ` AKASHI Takahiro
2017-08-24 8:17 ` AKASHI Takahiro
2017-08-24 8:17 ` [PATCH 02/14] include: pe.h: remove message[] from mz header definition AKASHI Takahiro
2017-08-24 8:17 ` AKASHI Takahiro
2017-08-24 8:17 ` AKASHI Takahiro
2017-08-24 9:04 ` Ard Biesheuvel
2017-08-24 9:04 ` Ard Biesheuvel
2017-08-24 9:04 ` Ard Biesheuvel
2017-08-24 8:18 ` [PATCH 03/14] resource: add walk_system_ram_res_rev() AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 9:06 ` Ard Biesheuvel
2017-08-24 9:06 ` Ard Biesheuvel
2017-08-24 9:06 ` Ard Biesheuvel
2017-08-25 0:50 ` AKASHI Takahiro
2017-08-25 0:50 ` AKASHI Takahiro
2017-08-25 0:50 ` AKASHI Takahiro
2017-08-31 2:34 ` Pratyush Anand
2017-08-31 2:34 ` Pratyush Anand
2017-08-31 2:34 ` Pratyush Anand
2017-09-08 2:33 ` AKASHI Takahiro
2017-09-08 2:33 ` AKASHI Takahiro
2017-09-08 2:33 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 04/14] kexec_file: factor out vmlinux (elf) parser from powerpc AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 05/14] kexec_file: factor out crashdump elf header function from x86 AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-25 5:47 ` Dave Young
2017-08-25 5:47 ` Dave Young
2017-08-25 5:47 ` Dave Young
2017-09-08 2:31 ` AKASHI Takahiro
2017-09-08 2:31 ` AKASHI Takahiro
2017-09-08 2:31 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 06/14] kexec_file: add kexec_add_segment() AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 07/14] asm-generic: add kexec_file_load system call to unistd.h AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 10:53 ` Arnd Bergmann
2017-08-24 10:53 ` Arnd Bergmann
2017-08-24 10:53 ` Arnd Bergmann
2017-08-24 8:18 ` [PATCH 08/14] arm64: kexec_file: create purgatory AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 9:10 ` Ard Biesheuvel
2017-08-24 9:10 ` Ard Biesheuvel
2017-08-24 9:10 ` Ard Biesheuvel
2017-08-25 1:10 ` AKASHI Takahiro
2017-08-25 1:10 ` AKASHI Takahiro
2017-08-25 1:10 ` AKASHI Takahiro
2017-08-24 16:56 ` Mark Rutland
2017-08-24 16:56 ` Mark Rutland
2017-08-24 16:56 ` Mark Rutland
2017-08-25 1:00 ` AKASHI Takahiro
2017-08-25 1:00 ` AKASHI Takahiro
2017-08-25 1:00 ` AKASHI Takahiro
2017-08-25 10:22 ` Mark Rutland
2017-08-25 10:22 ` Mark Rutland
2017-08-25 10:22 ` Mark Rutland
2017-08-25 16:16 ` Thiago Jung Bauermann
2017-08-25 16:16 ` Thiago Jung Bauermann
2017-08-25 16:16 ` Thiago Jung Bauermann
2017-09-08 2:46 ` AKASHI Takahiro
2017-09-08 2:46 ` AKASHI Takahiro
2017-09-08 2:46 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 09/14] arm64: kexec_file: add sha256 digest check in purgatory AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 9:13 ` Ard Biesheuvel
2017-08-24 9:13 ` Ard Biesheuvel
2017-08-24 9:13 ` Ard Biesheuvel
2017-08-25 1:25 ` AKASHI Takahiro
2017-08-25 1:25 ` AKASHI Takahiro
2017-08-25 1:25 ` AKASHI Takahiro
2017-08-24 17:04 ` Mark Rutland
2017-08-24 17:04 ` Mark Rutland
2017-08-24 17:04 ` Mark Rutland
2017-08-25 1:21 ` AKASHI Takahiro
2017-08-25 1:21 ` AKASHI Takahiro
2017-08-25 1:21 ` AKASHI Takahiro
2017-08-25 10:41 ` Mark Rutland
2017-08-25 10:41 ` Mark Rutland
2017-08-25 10:41 ` Mark Rutland
2017-09-08 2:50 ` AKASHI Takahiro
2017-09-08 2:50 ` AKASHI Takahiro
2017-09-08 2:50 ` AKASHI Takahiro
2017-09-08 15:59 ` Thiago Jung Bauermann
2017-09-08 15:59 ` Thiago Jung Bauermann
2017-09-08 15:59 ` Thiago Jung Bauermann
2017-08-24 8:18 ` [PATCH 10/14] arm64: kexec_file: load initrd, device-tree and purgatory segments AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 17:11 ` Mark Rutland
2017-08-24 17:11 ` Mark Rutland
2017-08-24 17:11 ` Mark Rutland
2017-08-25 1:34 ` AKASHI Takahiro
2017-08-25 1:34 ` AKASHI Takahiro
2017-08-25 1:34 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 11/14] arm64: kexec_file: set up for crash dump adding elf core header AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 12/14] arm64: enable KEXEC_FILE config AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 13/14] arm64: kexec_file: add Image format support AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 17:23 ` Mark Rutland
2017-08-24 17:23 ` Mark Rutland
2017-08-24 17:23 ` Mark Rutland
2017-08-25 1:49 ` AKASHI Takahiro
2017-08-25 1:49 ` AKASHI Takahiro
2017-08-25 1:49 ` AKASHI Takahiro
2017-08-24 8:18 ` [PATCH 14/14] arm64: kexec_file: add vmlinux " AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 8:18 ` AKASHI Takahiro
2017-08-24 17:30 ` Mark Rutland
2017-08-24 17:30 ` Mark Rutland
2017-08-24 17:30 ` Mark Rutland
2017-08-25 2:03 ` AKASHI Takahiro
2017-08-25 2:03 ` AKASHI Takahiro
2017-08-25 2:03 ` AKASHI Takahiro
2017-08-25 6:13 ` Dave Young
2017-08-25 6:13 ` Dave Young
2017-08-25 6:13 ` Dave Young
2017-09-08 2:54 ` AKASHI Takahiro
2017-09-08 2:54 ` AKASHI Takahiro
2017-09-08 2:54 ` AKASHI Takahiro
2017-08-29 10:01 ` Mark Rutland
2017-08-29 10:01 ` Mark Rutland
2017-08-29 10:01 ` Mark Rutland
2017-08-29 16:15 ` Thiago Jung Bauermann
2017-08-29 16:15 ` Thiago Jung Bauermann
2017-08-29 16:15 ` Thiago Jung Bauermann
2017-08-30 8:40 ` Michael Ellerman [this message]
2017-08-30 8:40 ` Michael Ellerman
2017-08-30 8:40 ` Michael Ellerman
2017-09-08 3:07 ` AKASHI Takahiro
2017-09-08 3:07 ` AKASHI Takahiro
2017-09-08 3:07 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ziah1ma9.fsf@concordia.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=bauerman@linux.vnet.ibm.com \
--cc=bhe@redhat.com \
--cc=catalin.marinas@arm.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dyoung@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=kexec@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=takahiro.akashi@linaro.org \
--cc=vgoyal@redhat.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.