From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7857BC43219 for ; Wed, 3 Nov 2021 14:27:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 60CD56109F for ; Wed, 3 Nov 2021 14:27:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232051AbhKCO3v (ORCPT ); Wed, 3 Nov 2021 10:29:51 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:56740 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230527AbhKCO3t (ORCPT ); Wed, 3 Nov 2021 10:29:49 -0400 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 6FCE5218D9; Wed, 3 Nov 2021 14:27:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1635949632; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Dog1kS0Nm8BT5xToDrdeBUJVtPUNFmm5wWj5SRd7+2I=; b=BORuspiw5Z2g1pJmzhS/Mn/w26i3SRVFn4yIidQgmvBEwaNrAoDYRkIsdA1J7ZtN8oUtx8 /m/9RbtrEeXQNjK/UZyI0IkzAkQWSeNrBkGMWK3WLWwzXhx80V04K9Q+i1p/2b8Bc5IJu7 aTVOKIZI7QIiWwdudr4Z694kUKcYpiU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1635949632; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Dog1kS0Nm8BT5xToDrdeBUJVtPUNFmm5wWj5SRd7+2I=; b=FTgDDkPGlsImvWmFW+/Zw3OfT/3JwHgMG85BIekvkJkkoZVThpg3GQtPj8HmbLxg9F/bCi t/ooTeugcRuWZkDw== Received: from kitsune.suse.cz (kitsune.suse.cz [10.100.12.127]) by relay2.suse.de (Postfix) with ESMTP id 3C1A9A3B84; Wed, 3 Nov 2021 14:27:11 +0000 (UTC) From: Michal Suchanek To: keyrings@vger.kernel.org Cc: Michal Suchanek , Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Alexander Gordeev , David Howells , Luis Chamberlain , Jessica Yu , Rob Herring , Lakshmi Ramasubramanian , Thiago Jung Bauermann , Hari Bathini , Frank van der Linden , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org Subject: [PATCH 0/3] KEXEC_SIG with appended signature Date: Wed, 3 Nov 2021 15:27:05 +0100 Message-Id: X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org S390 uses appended signature for kernel but implements the check separately from module loader. Support for secure boot on powerpc with appended signature is planned - grub patches submitted upstream but not yet merged. This is an attempt at unified appended signature verification. Thanks Michal Michal Suchanek (3): s390/kexec_file: Don't opencode appended signature verification. module: strip the signature marker in the verification function. powerpc/kexec_file: Add KEXEC_SIG support. arch/powerpc/Kconfig | 11 +++++++ arch/powerpc/kexec/elf_64.c | 14 +++++++++ arch/s390/kernel/machine_kexec_file.c | 42 +++------------------------ include/linux/verification.h | 3 ++ kernel/module-internal.h | 2 -- kernel/module.c | 11 +++---- kernel/module_signing.c | 32 ++++++++++++++------ 7 files changed, 59 insertions(+), 56 deletions(-) -- 2.31.1