* [PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig
[not found] <20211018083137.338757-1-coxu@redhat.com>
@ 2021-10-18 8:31 ` Coiby Xu
2021-11-02 3:52 ` Coiby Xu
2021-10-18 8:31 ` [PATCH v3 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic Coiby Xu
2021-10-18 8:31 ` [PATCH v3 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature Coiby Xu
2 siblings, 1 reply; 4+ messages in thread
From: Coiby Xu @ 2021-10-18 8:31 UTC (permalink / raw)
To: kexec
Cc: linux-arm-kernel, Dave Young, Will Deacon, Eric W . Biederman, open list
commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
powerpc: factor out kexec_file_ops functions" allows implementing
the arch-specific implementation of kernel image verification
in kexec_file_ops->verify_sig. Currently, there is no arch-specific
implementation of arch_kexec_kernel_verify_sig. So clean it up.
Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
include/linux/kexec.h | 4 ----
kernel/kexec_file.c | 34 +++++++++++++---------------------
2 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 0c994ae37729..755fed183224 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
const Elf_Shdr *relsec,
const Elf_Shdr *symtab);
int arch_kimage_file_post_load_cleanup(struct kimage *image);
-#ifdef CONFIG_KEXEC_SIG
-int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
- unsigned long buf_len);
-#endif
int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
extern int kexec_add_buffer(struct kexec_buf *kbuf);
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 33400ff051a8..42b3ac34e4ee 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
return kexec_image_post_load_cleanup_default(image);
}
-#ifdef CONFIG_KEXEC_SIG
-static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
- unsigned long buf_len)
-{
- if (!image->fops || !image->fops->verify_sig) {
- pr_debug("kernel loader does not support signature verification.\n");
- return -EKEYREJECTED;
- }
-
- return image->fops->verify_sig(buf, buf_len);
-}
-
-int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
- unsigned long buf_len)
-{
- return kexec_image_verify_sig_default(image, buf, buf_len);
-}
-#endif
-
/*
* arch_kexec_apply_relocations_add - apply relocations of type RELA
* @pi: Purgatory to be relocated.
@@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
}
#ifdef CONFIG_KEXEC_SIG
+static int kexec_image_verify_sig(struct kimage *image, void *buf,
+ unsigned long buf_len)
+{
+ if (!image->fops || !image->fops->verify_sig) {
+ pr_debug("kernel loader does not support signature verification.\n");
+ return -EKEYREJECTED;
+ }
+
+ return image->fops->verify_sig(buf, buf_len);
+}
+
static int
kimage_validate_signature(struct kimage *image)
{
int ret;
- ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
- image->kernel_buf_len);
+ ret = kexec_image_verify_sig(image, image->kernel_buf,
+ image->kernel_buf_len);
if (ret) {
if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v3 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic
[not found] <20211018083137.338757-1-coxu@redhat.com>
2021-10-18 8:31 ` [PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig Coiby Xu
@ 2021-10-18 8:31 ` Coiby Xu
2021-10-18 8:31 ` [PATCH v3 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature Coiby Xu
2 siblings, 0 replies; 4+ messages in thread
From: Coiby Xu @ 2021-10-18 8:31 UTC (permalink / raw)
To: kexec
Cc: linux-arm-kernel, Dave Young, Will Deacon, Eric W . Biederman,
Thomas Gleixner, Ingo Molnar, Borislav Petkov,
maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
H. Peter Anvin, open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)
The code in bzImage64_verify_sig could make use of system keyrings including
.buitin_trusted_keys, .secondary_trusted_keys and .platform keyring to verify
signed kernel image as PE file. Make it generic so both x86_64 and arm64 can
use it.
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
arch/x86/kernel/kexec-bzimage64.c | 13 +------------
include/linux/kexec.h | 7 +++++++
kernel/kexec_file.c | 17 +++++++++++++++++
3 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
index 170d0fd68b1f..f73aab3fde33 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -17,7 +17,6 @@
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/efi.h>
-#include <linux/verification.h>
#include <asm/bootparam.h>
#include <asm/setup.h>
@@ -531,17 +530,7 @@ static int bzImage64_cleanup(void *loader_data)
#ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG
static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
{
- int ret;
-
- ret = verify_pefile_signature(kernel, kernel_len,
- VERIFY_USE_SECONDARY_KEYRING,
- VERIFYING_KEXEC_PE_SIGNATURE);
- if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
- ret = verify_pefile_signature(kernel, kernel_len,
- VERIFY_USE_PLATFORM_KEYRING,
- VERIFYING_KEXEC_PE_SIGNATURE);
- }
- return ret;
+ return kexec_kernel_verify_pe_sig(kernel, kernel_len);
}
#endif
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 755fed183224..2fe39e946988 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -19,6 +19,7 @@
#include <asm/io.h>
#include <uapi/linux/kexec.h>
+#include <linux/verification.h>
#ifdef CONFIG_KEXEC_CORE
#include <linux/list.h>
@@ -196,6 +197,12 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
const Elf_Shdr *relsec,
const Elf_Shdr *symtab);
int arch_kimage_file_post_load_cleanup(struct kimage *image);
+#ifdef CONFIG_KEXEC_SIG
+#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
+int kexec_kernel_verify_pe_sig(const char *kernel,
+ unsigned long kernel_len);
+#endif
+#endif
int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
extern int kexec_add_buffer(struct kexec_buf *kbuf);
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 42b3ac34e4ee..746d50fd8ebe 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -165,6 +165,23 @@ void kimage_file_post_load_cleanup(struct kimage *image)
}
#ifdef CONFIG_KEXEC_SIG
+#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
+int kexec_kernel_verify_pe_sig(const char *kernel, unsigned long kernel_len)
+{
+ int ret;
+
+ ret = verify_pefile_signature(kernel, kernel_len,
+ VERIFY_USE_SECONDARY_KEYRING,
+ VERIFYING_KEXEC_PE_SIGNATURE);
+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
+ ret = verify_pefile_signature(kernel, kernel_len,
+ VERIFY_USE_PLATFORM_KEYRING,
+ VERIFYING_KEXEC_PE_SIGNATURE);
+ }
+ return ret;
+}
+#endif
+
static int kexec_image_verify_sig(struct kimage *image, void *buf,
unsigned long buf_len)
{
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v3 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature
[not found] <20211018083137.338757-1-coxu@redhat.com>
2021-10-18 8:31 ` [PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig Coiby Xu
2021-10-18 8:31 ` [PATCH v3 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic Coiby Xu
@ 2021-10-18 8:31 ` Coiby Xu
2 siblings, 0 replies; 4+ messages in thread
From: Coiby Xu @ 2021-10-18 8:31 UTC (permalink / raw)
To: kexec
Cc: linux-arm-kernel, Dave Young, Will Deacon, Eric W . Biederman,
Catalin Marinas, open list
This allows to verify arm64 kernel image signature using not only
.builtin_trusted_keys but also .secondary_trusted_keys and .platform keyring.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
arch/arm64/kernel/kexec_image.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c
index 9ec34690e255..51af1c22d6da 100644
--- a/arch/arm64/kernel/kexec_image.c
+++ b/arch/arm64/kernel/kexec_image.c
@@ -14,7 +14,6 @@
#include <linux/kexec.h>
#include <linux/pe.h>
#include <linux/string.h>
-#include <linux/verification.h>
#include <asm/byteorder.h>
#include <asm/cpufeature.h>
#include <asm/image.h>
@@ -133,8 +132,7 @@ static void *image_load(struct kimage *image,
#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
static int image_verify_sig(const char *kernel, unsigned long kernel_len)
{
- return verify_pefile_signature(kernel, kernel_len, NULL,
- VERIFYING_KEXEC_PE_SIGNATURE);
+ return kexec_kernel_verify_pe_sig(kernel, kernel_len);
}
#endif
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig
2021-10-18 8:31 ` [PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig Coiby Xu
@ 2021-11-02 3:52 ` Coiby Xu
0 siblings, 0 replies; 4+ messages in thread
From: Coiby Xu @ 2021-11-02 3:52 UTC (permalink / raw)
To: Eric W. Biederman
Cc: linux-arm-kernel, Dave Young, Will Deacon, kexec, open list
Hi Eric,
Does this patch and "[PATCH v3 2/3] kexec, KEYS: make the code in
bzImage64_verify_sig generic" look good you?
On Mon, Oct 18, 2021 at 04:31:35PM +0800, Coiby Xu wrote:
>commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
>powerpc: factor out kexec_file_ops functions" allows implementing
>the arch-specific implementation of kernel image verification
>in kexec_file_ops->verify_sig. Currently, there is no arch-specific
>implementation of arch_kexec_kernel_verify_sig. So clean it up.
>
>Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
>Signed-off-by: Coiby Xu <coxu@redhat.com>
>---
> include/linux/kexec.h | 4 ----
> kernel/kexec_file.c | 34 +++++++++++++---------------------
> 2 files changed, 13 insertions(+), 25 deletions(-)
>
>diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>index 0c994ae37729..755fed183224 100644
>--- a/include/linux/kexec.h
>+++ b/include/linux/kexec.h
>@@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
> const Elf_Shdr *relsec,
> const Elf_Shdr *symtab);
> int arch_kimage_file_post_load_cleanup(struct kimage *image);
>-#ifdef CONFIG_KEXEC_SIG
>-int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
>- unsigned long buf_len);
>-#endif
> int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
>
> extern int kexec_add_buffer(struct kexec_buf *kbuf);
>diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>index 33400ff051a8..42b3ac34e4ee 100644
>--- a/kernel/kexec_file.c
>+++ b/kernel/kexec_file.c
>@@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
> return kexec_image_post_load_cleanup_default(image);
> }
>
>-#ifdef CONFIG_KEXEC_SIG
>-static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
>- unsigned long buf_len)
>-{
>- if (!image->fops || !image->fops->verify_sig) {
>- pr_debug("kernel loader does not support signature verification.\n");
>- return -EKEYREJECTED;
>- }
>-
>- return image->fops->verify_sig(buf, buf_len);
>-}
>-
>-int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
>- unsigned long buf_len)
>-{
>- return kexec_image_verify_sig_default(image, buf, buf_len);
>-}
>-#endif
>-
> /*
> * arch_kexec_apply_relocations_add - apply relocations of type RELA
> * @pi: Purgatory to be relocated.
>@@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
> }
>
> #ifdef CONFIG_KEXEC_SIG
>+static int kexec_image_verify_sig(struct kimage *image, void *buf,
>+ unsigned long buf_len)
>+{
>+ if (!image->fops || !image->fops->verify_sig) {
>+ pr_debug("kernel loader does not support signature verification.\n");
>+ return -EKEYREJECTED;
>+ }
>+
>+ return image->fops->verify_sig(buf, buf_len);
>+}
>+
> static int
> kimage_validate_signature(struct kimage *image)
> {
> int ret;
>
>- ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
>- image->kernel_buf_len);
>+ ret = kexec_image_verify_sig(image, image->kernel_buf,
>+ image->kernel_buf_len);
> if (ret) {
>
> if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
>--
>2.31.1
>
--
Best regards,
Coiby
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-02 3:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20211018083137.338757-1-coxu@redhat.com>
2021-10-18 8:31 ` [PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig Coiby Xu
2021-11-02 3:52 ` Coiby Xu
2021-10-18 8:31 ` [PATCH v3 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic Coiby Xu
2021-10-18 8:31 ` [PATCH v3 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature Coiby Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).