From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Baoquan He <bhe@redhat.com>,
kexec@lists.infradead.org, keyrings@vger.kernel.org,
linux-security-module@vger.kernel.org,
Michal Suchanek <msuchanek@suse.de>,
Will Deacon <will@kernel.org>, Coiby Xu <coxu@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>
Subject: [PATCH 5.19 7/7] arm64: kexec_file: use more system keyrings to verify kernel image signature
Date: Fri, 19 Aug 2022 17:39:23 +0200 [thread overview]
Message-ID: <20220819153711.815836041@linuxfoundation.org> (raw)
In-Reply-To: <20220819153711.552247994@linuxfoundation.org>
From: Coiby Xu <coxu@redhat.com>
commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
Currently, when loading a kernel image via the kexec_file_load() system
call, arm64 can only use the .builtin_trusted_keys keyring to verify
a signature whereas x86 can use three more keyrings i.e.
.secondary_trusted_keys, .machine and .platform keyrings. For example,
one resulting problem is kexec'ing a kernel image would be rejected
with the error "Lockdown: kexec: kexec of unsigned images is restricted;
see man kernel_lockdown.7".
This patch set enables arm64 to make use of the same keyrings as x86 to
verify the signature kexec'ed kernel image.
Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
Acked-by: Baoquan He <bhe@redhat.com>
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Co-developed-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/kexec_image.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
--- a/arch/arm64/kernel/kexec_image.c
+++ b/arch/arm64/kernel/kexec_image.c
@@ -14,7 +14,6 @@
#include <linux/kexec.h>
#include <linux/pe.h>
#include <linux/string.h>
-#include <linux/verification.h>
#include <asm/byteorder.h>
#include <asm/cpufeature.h>
#include <asm/image.h>
@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
return NULL;
}
-#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-static int image_verify_sig(const char *kernel, unsigned long kernel_len)
-{
- return verify_pefile_signature(kernel, kernel_len, NULL,
- VERIFYING_KEXEC_PE_SIGNATURE);
-}
-#endif
-
const struct kexec_file_ops kexec_image_ops = {
.probe = image_probe,
.load = image_load,
#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
- .verify_sig = image_verify_sig,
+ .verify_sig = kexec_kernel_verify_pe_sig,
#endif
};
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Baoquan He <bhe@redhat.com>,
kexec@lists.infradead.org, keyrings@vger.kernel.org,
linux-security-module@vger.kernel.org,
Michal Suchanek <msuchanek@suse.de>,
Will Deacon <will@kernel.org>, Coiby Xu <coxu@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>
Subject: [PATCH 5.19 7/7] arm64: kexec_file: use more system keyrings to verify kernel image signature
Date: Fri, 19 Aug 2022 17:39:23 +0200 [thread overview]
Message-ID: <20220819153711.815836041@linuxfoundation.org> (raw)
In-Reply-To: <20220819153711.552247994@linuxfoundation.org>
From: Coiby Xu <coxu@redhat.com>
commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
Currently, when loading a kernel image via the kexec_file_load() system
call, arm64 can only use the .builtin_trusted_keys keyring to verify
a signature whereas x86 can use three more keyrings i.e.
.secondary_trusted_keys, .machine and .platform keyrings. For example,
one resulting problem is kexec'ing a kernel image would be rejected
with the error "Lockdown: kexec: kexec of unsigned images is restricted;
see man kernel_lockdown.7".
This patch set enables arm64 to make use of the same keyrings as x86 to
verify the signature kexec'ed kernel image.
Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
Acked-by: Baoquan He <bhe@redhat.com>
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Co-developed-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/kexec_image.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
--- a/arch/arm64/kernel/kexec_image.c
+++ b/arch/arm64/kernel/kexec_image.c
@@ -14,7 +14,6 @@
#include <linux/kexec.h>
#include <linux/pe.h>
#include <linux/string.h>
-#include <linux/verification.h>
#include <asm/byteorder.h>
#include <asm/cpufeature.h>
#include <asm/image.h>
@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
return NULL;
}
-#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-static int image_verify_sig(const char *kernel, unsigned long kernel_len)
-{
- return verify_pefile_signature(kernel, kernel_len, NULL,
- VERIFYING_KEXEC_PE_SIGNATURE);
-}
-#endif
-
const struct kexec_file_ops kexec_image_ops = {
.probe = image_probe,
.load = image_load,
#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
- .verify_sig = image_verify_sig,
+ .verify_sig = kexec_kernel_verify_pe_sig,
#endif
};
next prev parent reply other threads:[~2022-08-19 15:40 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-19 15:39 [PATCH 5.19 0/7] 5.19.3-rc1 review Greg Kroah-Hartman
2022-08-19 15:39 ` [PATCH 5.19 1/7] Revert "mm: kfence: apply kmemleak_ignore_phys on early allocated pool" Greg Kroah-Hartman
2022-08-19 15:39 ` [PATCH 5.19 2/7] tee: add overflow check in register_shm_helper() Greg Kroah-Hartman
2022-08-19 15:39 ` [PATCH 5.19 3/7] net_sched: cls_route: disallow handle of 0 Greg Kroah-Hartman
2022-08-19 15:39 ` [PATCH 5.19 4/7] btrfs: only write the sectors in the vertical stripe which has data stripes Greg Kroah-Hartman
2022-08-19 15:39 ` [PATCH 5.19 5/7] btrfs: raid56: dont trust any cached sector in __raid56_parity_recover() Greg Kroah-Hartman
2022-08-19 15:39 ` [PATCH 5.19 6/7] kexec, KEYS: make the code in bzImage64_verify_sig generic Greg Kroah-Hartman
2022-08-19 15:39 ` Greg Kroah-Hartman
2022-08-19 15:39 ` Greg Kroah-Hartman [this message]
2022-08-19 15:39 ` [PATCH 5.19 7/7] arm64: kexec_file: use more system keyrings to verify kernel image signature Greg Kroah-Hartman
2022-08-20 0:22 ` [PATCH 5.19 0/7] 5.19.3-rc1 review Zan Aziz
2022-08-20 0:39 ` Shuah Khan
2022-08-20 0:40 ` Ron Economos
2022-08-20 8:04 ` Naresh Kamboju
2022-08-20 9:53 ` Sudip Mukherjee (Codethink)
2022-08-20 10:06 ` Bagas Sanjaya
2022-08-21 0:54 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220819153711.815836041@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bhe@redhat.com \
--cc=coxu@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=msuchanek@suse.de \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.