From: "Michal Suchánek" <msuchanek@suse.de>
To: Coiby Xu <coxu@redhat.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>, "Lee, Chun-Yi" <jlee@suse.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Philipp Rudo <prudo@redhat.com>, Baoquan He <bhe@redhat.com>,
Alexander Egorenkov <egorenar@linux.ibm.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>,
James Morse <james.morse@arm.com>, Dave Young <dyoung@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>, Kairui Song <kasong@redhat.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org,
kexec@lists.infradead.org
Subject: Re: [PATCH 0/4] Unifrom keyring support across architectures and functions
Date: Fri, 8 Apr 2022 10:51:20 +0200 [thread overview]
Message-ID: <20220408085120.GV163591@kunlun.suse.cz> (raw)
In-Reply-To: <20220408074704.wkyyv2qnx66iinzo@Rk>
On Fri, Apr 08, 2022 at 03:47:04PM +0800, Coiby Xu wrote:
> Hi Michal,
>
> As mentioned by Baoquan, I have a patch set "[PATCH v5 0/3] use more
> system keyrings to verify arm64 kdump kernel image signature" [1]. The
> differences between your patch set and mine are as follows, - my patch set
> only adds support for arm64 while yours also extends to
> s390
> - I made the code for verifying signed kernel image as PE file in x86
> public so arm64 can reuse the code as well which seems to be better
> approach
> - I also cleaned up clean up arch_kexec_kernel_verify_sig
>
> Would you mind if I integrate your first 3 patches with mine as follows
> - for arm64, I'll use my version
> - for s390, I'll use your version
Great
less code duplication is always good.
Thanks
Michal
>
> For your last patch which allows to use of platform keyring for
> signature verification of kernel module, I'll leave it to yourself. How
> do you think about it?
>
>
> [1] https://lore.kernel.org/all/20220401013118.348084-1-coxu@redhat.com/
>
> On Tue, Feb 15, 2022 at 08:39:37PM +0100, Michal Suchanek wrote:
> > While testing KEXEC_SIG on powerpc I noticed discrepancy in support for
> > different keyrings across architectures and between KEXEC_SIG and
> > MODULE_SIG. Fix this by enabling suport for the missing keyrings.
> >
> > The latter two patches obviously conflict with the ongoing module code
> > cleanup. If they turn out desirable I will add them to the other series
> > dealing with KEXEC_SIG.
> >
> > The arm patches can be merged independently.
> >
> > Thanks
> >
> > Michal
> >
> > Michal Suchanek (4):
> > Fix arm64 kexec forbidding kernels signed with keys in the secondary
> > keyring to boot
> > kexec, KEYS, arm64: Make use of platform keyring for signature
> > verification
> > kexec, KEYS, s390: Make use of built-in and secondary keyring for
> > signature verification
> > module, KEYS: Make use of platform keyring for signature verification
> >
> > arch/arm64/kernel/kexec_image.c | 13 +++++++++++--
> > arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++-----
> > kernel/module_signing.c | 14 ++++++++++----
> > 3 files changed, 34 insertions(+), 11 deletions(-)
> >
> > --
> > 2.31.1
> >
>
> --
> Best regards,
> Coiby
>
prev parent reply other threads:[~2022-04-08 8:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-15 19:39 [PATCH 0/4] Unifrom keyring support across architectures and functions Michal Suchanek
2022-02-15 19:39 ` [PATCH 1/4] Fix arm64 kexec forbidding kernels signed with keys in the secondary keyring to boot Michal Suchanek
2022-04-06 15:41 ` joeyli
2022-04-08 7:11 ` Baoquan He
2022-02-15 19:39 ` [PATCH 2/4] kexec, KEYS, arm64: Make use of platform keyring for signature verification Michal Suchanek
2022-04-06 15:45 ` joeyli
2022-02-15 19:39 ` [PATCH 3/4] kexec, KEYS, s390: Make use of built-in and secondary " Michal Suchanek
2022-04-06 15:46 ` joeyli
2022-02-15 19:39 ` [PATCH 4/4] module, KEYS: Make use of platform " Michal Suchanek
2022-02-15 20:08 ` Mimi Zohar
2022-02-15 20:47 ` Michal Suchánek
2022-02-15 22:12 ` Mimi Zohar
2022-02-16 10:56 ` Michal Suchánek
2022-02-16 11:04 ` Michal Suchánek
2022-02-16 11:58 ` Mimi Zohar
2022-02-16 12:09 ` Michal Suchánek
2022-03-22 17:37 ` Luis Chamberlain
2022-03-22 18:55 ` Mimi Zohar
2022-03-28 10:15 ` joeyli
2022-03-28 13:28 ` Mimi Zohar
2022-03-28 14:03 ` Michal Suchánek
2022-03-28 14:44 ` Eric Snowberg
2022-03-28 16:29 ` Michal Suchánek
2022-04-08 7:47 ` [PATCH 0/4] Unifrom keyring support across architectures and functions Coiby Xu
2022-04-08 8:51 ` Michal Suchánek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220408085120.GV163591@kunlun.suse.cz \
--to=msuchanek@suse.de \
--cc=agordeev@linux.ibm.com \
--cc=bhe@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=catalin.marinas@arm.com \
--cc=coxu@redhat.com \
--cc=dyoung@redhat.com \
--cc=egorenar@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=james.morse@arm.com \
--cc=jlee@suse.com \
--cc=kasong@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=prudo@redhat.com \
--cc=schwidefsky@de.ibm.com \
--cc=svens@linux.ibm.com \
--cc=takahiro.akashi@linaro.org \
--cc=will@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).