From: Coiby Xu <coxu@redhat.com>
To: Michal Suchanek <msuchanek@suse.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>, "Lee, Chun-Yi" <jlee@suse.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Philipp Rudo <prudo@redhat.com>, Baoquan He <bhe@redhat.com>,
Alexander Egorenkov <egorenar@linux.ibm.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>,
James Morse <james.morse@arm.com>, Dave Young <dyoung@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>, Kairui Song <kasong@redhat.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org,
kexec@lists.infradead.org
Subject: Re: [PATCH 0/4] Unifrom keyring support across architectures and functions
Date: Fri, 8 Apr 2022 15:47:04 +0800 [thread overview]
Message-ID: <20220408074704.wkyyv2qnx66iinzo@Rk> (raw)
In-Reply-To: <cover.1644953683.git.msuchanek@suse.de>
Hi Michal,
As mentioned by Baoquan, I have a patch set "[PATCH v5 0/3] use more
system keyrings to verify arm64 kdump kernel image signature" [1]. The
differences between your patch set and mine are as follows,
- my patch set only adds support for arm64 while yours also extends to
s390
- I made the code for verifying signed kernel image as PE file in x86
public so arm64 can reuse the code as well which seems to be better
approach
- I also cleaned up clean up arch_kexec_kernel_verify_sig
Would you mind if I integrate your first 3 patches with mine as follows
- for arm64, I'll use my version
- for s390, I'll use your version
For your last patch which allows to use of platform keyring for
signature verification of kernel module, I'll leave it to yourself. How
do you think about it?
[1] https://lore.kernel.org/all/20220401013118.348084-1-coxu@redhat.com/
On Tue, Feb 15, 2022 at 08:39:37PM +0100, Michal Suchanek wrote:
>While testing KEXEC_SIG on powerpc I noticed discrepancy in support for
>different keyrings across architectures and between KEXEC_SIG and
>MODULE_SIG. Fix this by enabling suport for the missing keyrings.
>
>The latter two patches obviously conflict with the ongoing module code
>cleanup. If they turn out desirable I will add them to the other series
>dealing with KEXEC_SIG.
>
>The arm patches can be merged independently.
>
>Thanks
>
>Michal
>
>Michal Suchanek (4):
> Fix arm64 kexec forbidding kernels signed with keys in the secondary
> keyring to boot
> kexec, KEYS, arm64: Make use of platform keyring for signature
> verification
> kexec, KEYS, s390: Make use of built-in and secondary keyring for
> signature verification
> module, KEYS: Make use of platform keyring for signature verification
>
> arch/arm64/kernel/kexec_image.c | 13 +++++++++++--
> arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++-----
> kernel/module_signing.c | 14 ++++++++++----
> 3 files changed, 34 insertions(+), 11 deletions(-)
>
>--
>2.31.1
>
--
Best regards,
Coiby
next prev parent reply other threads:[~2022-04-08 7:47 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-15 19:39 [PATCH 0/4] Unifrom keyring support across architectures and functions Michal Suchanek
2022-02-15 19:39 ` [PATCH 1/4] Fix arm64 kexec forbidding kernels signed with keys in the secondary keyring to boot Michal Suchanek
2022-04-06 15:41 ` joeyli
2022-04-08 7:11 ` Baoquan He
2022-02-15 19:39 ` [PATCH 2/4] kexec, KEYS, arm64: Make use of platform keyring for signature verification Michal Suchanek
2022-04-06 15:45 ` joeyli
2022-02-15 19:39 ` [PATCH 3/4] kexec, KEYS, s390: Make use of built-in and secondary " Michal Suchanek
2022-04-06 15:46 ` joeyli
2022-02-15 19:39 ` [PATCH 4/4] module, KEYS: Make use of platform " Michal Suchanek
2022-02-15 20:08 ` Mimi Zohar
2022-02-15 20:47 ` Michal Suchánek
2022-02-15 22:12 ` Mimi Zohar
2022-02-16 10:56 ` Michal Suchánek
2022-02-16 11:04 ` Michal Suchánek
2022-02-16 11:58 ` Mimi Zohar
2022-02-16 12:09 ` Michal Suchánek
2022-03-22 17:37 ` Luis Chamberlain
2022-03-22 18:55 ` Mimi Zohar
2022-03-28 10:15 ` joeyli
2022-03-28 13:28 ` Mimi Zohar
2022-03-28 14:03 ` Michal Suchánek
2022-03-28 14:44 ` Eric Snowberg
2022-03-28 16:29 ` Michal Suchánek
2022-04-08 7:47 ` Coiby Xu [this message]
2022-04-08 8:51 ` [PATCH 0/4] Unifrom keyring support across architectures and functions Michal Suchánek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220408074704.wkyyv2qnx66iinzo@Rk \
--to=coxu@redhat.com \
--cc=agordeev@linux.ibm.com \
--cc=bhe@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=catalin.marinas@arm.com \
--cc=dyoung@redhat.com \
--cc=egorenar@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=james.morse@arm.com \
--cc=jlee@suse.com \
--cc=kasong@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=msuchanek@suse.de \
--cc=prudo@redhat.com \
--cc=schwidefsky@de.ibm.com \
--cc=svens@linux.ibm.com \
--cc=takahiro.akashi@linaro.org \
--cc=will@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).