From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Michal Such??nek <msuchanek@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Philipp Rudo <prudo@redhat.com>, Sasha Levin <sashal@kernel.org>,
Baoquan He <bhe@redhat.com>,
Alexander Egorenkov <egorenar@linux.ibm.com>,
"open list:S390" <linux-s390@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Eric Biederman <ebiederm@xmission.com>,
Mimi Zohar <zohar@linux.ibm.com>,
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
"moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)"
<linux-arm-kernel@lists.infradead.org>,
"open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)"
<linuxppc-dev@lists.ozlabs.org>,
"open list:KEXEC" <kexec@lists.infradead.org>,
Coiby Xu <coxu@redhat.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
James Morse <james.morse@arm.com>
Subject: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
Date: Tue, 27 Sep 2022 11:39:52 +0900 [thread overview]
Message-ID: <20220927023952.GB34139@laputa> (raw)
In-Reply-To: <20220926074024.GD28810@kitsune.suse.cz>
On Mon, Sep 26, 2022 at 09:40:25AM +0200, Michal Such??nek wrote:
> On Mon, Sep 26, 2022 at 08:47:32AM +0200, Greg Kroah-Hartman wrote:
> > On Sat, Sep 24, 2022 at 01:55:23PM +0200, Michal Suchánek wrote:
> > > On Sat, Sep 24, 2022 at 12:13:34PM +0200, Greg Kroah-Hartman wrote:
> > > > On Sat, Sep 24, 2022 at 11:45:21AM +0200, Michal Suchánek wrote:
> > > > > On Sat, Sep 24, 2022 at 11:19:19AM +0200, Greg Kroah-Hartman wrote:
> > > > > > On Fri, Sep 23, 2022 at 07:10:28PM +0200, Michal Suchanek wrote:
> > > > > > > Hello,
> > > > > > >
> > > > > > > this is backport of commit 0d519cadf751
> > > > > > > ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
> > > > > > > to table 5.15 tree including the preparatory patches.
> > > > > >
> > > > > > This feels to me like a new feature for arm64, one that has never worked
> > > > > > before and you are just making it feature-parity with x86, right?
> > > > > >
> > > > > > Or is this a regression fix somewhere? Why is this needed in 5.15.y and
> > > > > > why can't people who need this new feature just use a newer kernel
> > > > > > version (5.19?)
> > > > >
> > > > > It's half-broken implementation of the kexec kernel verification. At the time
> > > > > it was implemented for arm64 we had the platform and secondary keyrings
> > > > > and x86 was using them but on arm64 the initial implementation ignores
> > > > > them.
> > > >
> > > > Ok, so it's something that never worked. Adding support to get it to
> > > > work doesn't really fall into the stable kernel rules, right?
> > >
> > > Not sure. It was defective, not using the facilities available at the
> > > time correctly. Which translates to kernels that can be kexec'd on x86
> > > failing to kexec on arm64 without any explanation (signed with same key,
> > > built for the appropriate arch).
> >
> > Feature parity across architectures is not a "regression", but rather a
> > "this feature is not implemented for this architecture yet" type of
> > thing.
>
> That depends on the view - before kexec verification you could boot any
> kernel, now you can boot some kernels signed with a valid key, but not
> others - the initial implementation is buggy, probably because it
> is based on an old version of the x86 code.
Buggy?
The feature of supporting platform ring had been slipped in just before
I submitted the latest patch series which was eventually merged.
(I should have noticed it though.)
Looking at changes in the commit 278311e417be ("kexec, KEYS: Make use of platform
keyring for signature verify"), it seems to be obvious that it is a new feature
because it introduced a new Kconfig option, CONFIG_INTEGRITY_PLATFORM_KEYRING,
which allows for enabling/disabling platform ring support.
-Takahiro Akashi
> >
> > > > Again, what's wrong with 5.19 for anyone who wants this? Who does want
> > > > this?
> > >
> > > Not sure, really.
> > >
> > > The final patch was repeatedly backported to stable and failed to build
> > > because the prerequisites were missing.
> >
> > That's because it was tagged, but now that you show the full set of
> > requirements, it's pretty obvious to me that this is not relevant for
> > going this far back.
>
> That also works.
>
> Thanks
>
> Michal
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Michal Such??nek <msuchanek@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Philipp Rudo <prudo@redhat.com>, Sasha Levin <sashal@kernel.org>,
Baoquan He <bhe@redhat.com>,
Alexander Egorenkov <egorenar@linux.ibm.com>,
"open list:S390" <linux-s390@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Eric Biederman <ebiederm@xmission.com>,
Mimi Zohar <zohar@linux.ibm.com>,
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
"moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)"
<linux-arm-kernel@lists.infradead.org>,
"open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)"
<linuxppc-dev@lists.ozlabs.org>,
"open list:KEXEC" <kexec@lists.infradead.org>,
Coiby Xu <coxu@redhat.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
James Morse <james.morse@arm.com>
Subject: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
Date: Tue, 27 Sep 2022 11:39:52 +0900 [thread overview]
Message-ID: <20220927023952.GB34139@laputa> (raw)
In-Reply-To: <20220926074024.GD28810@kitsune.suse.cz>
On Mon, Sep 26, 2022 at 09:40:25AM +0200, Michal Such??nek wrote:
> On Mon, Sep 26, 2022 at 08:47:32AM +0200, Greg Kroah-Hartman wrote:
> > On Sat, Sep 24, 2022 at 01:55:23PM +0200, Michal Suchánek wrote:
> > > On Sat, Sep 24, 2022 at 12:13:34PM +0200, Greg Kroah-Hartman wrote:
> > > > On Sat, Sep 24, 2022 at 11:45:21AM +0200, Michal Suchánek wrote:
> > > > > On Sat, Sep 24, 2022 at 11:19:19AM +0200, Greg Kroah-Hartman wrote:
> > > > > > On Fri, Sep 23, 2022 at 07:10:28PM +0200, Michal Suchanek wrote:
> > > > > > > Hello,
> > > > > > >
> > > > > > > this is backport of commit 0d519cadf751
> > > > > > > ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
> > > > > > > to table 5.15 tree including the preparatory patches.
> > > > > >
> > > > > > This feels to me like a new feature for arm64, one that has never worked
> > > > > > before and you are just making it feature-parity with x86, right?
> > > > > >
> > > > > > Or is this a regression fix somewhere? Why is this needed in 5.15.y and
> > > > > > why can't people who need this new feature just use a newer kernel
> > > > > > version (5.19?)
> > > > >
> > > > > It's half-broken implementation of the kexec kernel verification. At the time
> > > > > it was implemented for arm64 we had the platform and secondary keyrings
> > > > > and x86 was using them but on arm64 the initial implementation ignores
> > > > > them.
> > > >
> > > > Ok, so it's something that never worked. Adding support to get it to
> > > > work doesn't really fall into the stable kernel rules, right?
> > >
> > > Not sure. It was defective, not using the facilities available at the
> > > time correctly. Which translates to kernels that can be kexec'd on x86
> > > failing to kexec on arm64 without any explanation (signed with same key,
> > > built for the appropriate arch).
> >
> > Feature parity across architectures is not a "regression", but rather a
> > "this feature is not implemented for this architecture yet" type of
> > thing.
>
> That depends on the view - before kexec verification you could boot any
> kernel, now you can boot some kernels signed with a valid key, but not
> others - the initial implementation is buggy, probably because it
> is based on an old version of the x86 code.
Buggy?
The feature of supporting platform ring had been slipped in just before
I submitted the latest patch series which was eventually merged.
(I should have noticed it though.)
Looking at changes in the commit 278311e417be ("kexec, KEYS: Make use of platform
keyring for signature verify"), it seems to be obvious that it is a new feature
because it introduced a new Kconfig option, CONFIG_INTEGRITY_PLATFORM_KEYRING,
which allows for enabling/disabling platform ring support.
-Takahiro Akashi
> >
> > > > Again, what's wrong with 5.19 for anyone who wants this? Who does want
> > > > this?
> > >
> > > Not sure, really.
> > >
> > > The final patch was repeatedly backported to stable and failed to build
> > > because the prerequisites were missing.
> >
> > That's because it was tagged, but now that you show the full set of
> > requirements, it's pretty obvious to me that this is not relevant for
> > going this far back.
>
> That also works.
>
> Thanks
>
> Michal
WARNING: multiple messages have this Message-ID (diff)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Michal Such??nek <msuchanek@suse.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Alexander Egorenkov <egorenar@linux.ibm.com>,
keyrings@vger.kernel.org, Paul Mackerras <paulus@samba.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Will Deacon <will@kernel.org>, Sasha Levin <sashal@kernel.org>,
"open list:S390" <linux-s390@vger.kernel.org>,
Coiby Xu <coxu@redhat.com>, Baoquan He <bhe@redhat.com>,
"maintainer:X86 ARCHITECTURE \(32-BIT AND 64-BIT\)"
<x86@kernel.org>, Christian Borntraeger <borntraeger@de.ibm.com>,
Ingo Molnar <mingo@redhat.com>,
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>,
Eric Biederman <ebiederm@xmission.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Borislav Petkov <bp@alien8.de>, Mimi Zohar <zohar@linux.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
"moderated list:ARM64 PORT \(AARCH64 ARCHITECTURE\)"
<linux-arm-kernel@lists.infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org >,
"open list:KEXEC" <kexec@lists.infradead.org>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
linux-security-module@vger.kernel.org,
James Morse <james.morse@arm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Philipp Rudo <prudo@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
"open list:LINUX FOR POWERPC \(32-BIT AND 64-BIT\)"
<linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
Date: Tue, 27 Sep 2022 11:39:52 +0900 [thread overview]
Message-ID: <20220927023952.GB34139@laputa> (raw)
In-Reply-To: <20220926074024.GD28810@kitsune.suse.cz>
On Mon, Sep 26, 2022 at 09:40:25AM +0200, Michal Such??nek wrote:
> On Mon, Sep 26, 2022 at 08:47:32AM +0200, Greg Kroah-Hartman wrote:
> > On Sat, Sep 24, 2022 at 01:55:23PM +0200, Michal Suchánek wrote:
> > > On Sat, Sep 24, 2022 at 12:13:34PM +0200, Greg Kroah-Hartman wrote:
> > > > On Sat, Sep 24, 2022 at 11:45:21AM +0200, Michal Suchánek wrote:
> > > > > On Sat, Sep 24, 2022 at 11:19:19AM +0200, Greg Kroah-Hartman wrote:
> > > > > > On Fri, Sep 23, 2022 at 07:10:28PM +0200, Michal Suchanek wrote:
> > > > > > > Hello,
> > > > > > >
> > > > > > > this is backport of commit 0d519cadf751
> > > > > > > ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
> > > > > > > to table 5.15 tree including the preparatory patches.
> > > > > >
> > > > > > This feels to me like a new feature for arm64, one that has never worked
> > > > > > before and you are just making it feature-parity with x86, right?
> > > > > >
> > > > > > Or is this a regression fix somewhere? Why is this needed in 5.15.y and
> > > > > > why can't people who need this new feature just use a newer kernel
> > > > > > version (5.19?)
> > > > >
> > > > > It's half-broken implementation of the kexec kernel verification. At the time
> > > > > it was implemented for arm64 we had the platform and secondary keyrings
> > > > > and x86 was using them but on arm64 the initial implementation ignores
> > > > > them.
> > > >
> > > > Ok, so it's something that never worked. Adding support to get it to
> > > > work doesn't really fall into the stable kernel rules, right?
> > >
> > > Not sure. It was defective, not using the facilities available at the
> > > time correctly. Which translates to kernels that can be kexec'd on x86
> > > failing to kexec on arm64 without any explanation (signed with same key,
> > > built for the appropriate arch).
> >
> > Feature parity across architectures is not a "regression", but rather a
> > "this feature is not implemented for this architecture yet" type of
> > thing.
>
> That depends on the view - before kexec verification you could boot any
> kernel, now you can boot some kernels signed with a valid key, but not
> others - the initial implementation is buggy, probably because it
> is based on an old version of the x86 code.
Buggy?
The feature of supporting platform ring had been slipped in just before
I submitted the latest patch series which was eventually merged.
(I should have noticed it though.)
Looking at changes in the commit 278311e417be ("kexec, KEYS: Make use of platform
keyring for signature verify"), it seems to be obvious that it is a new feature
because it introduced a new Kconfig option, CONFIG_INTEGRITY_PLATFORM_KEYRING,
which allows for enabling/disabling platform ring support.
-Takahiro Akashi
> >
> > > > Again, what's wrong with 5.19 for anyone who wants this? Who does want
> > > > this?
> > >
> > > Not sure, really.
> > >
> > > The final patch was repeatedly backported to stable and failed to build
> > > because the prerequisites were missing.
> >
> > That's because it was tagged, but now that you show the full set of
> > requirements, it's pretty obvious to me that this is not relevant for
> > going this far back.
>
> That also works.
>
> Thanks
>
> Michal
WARNING: multiple messages have this Message-ID (diff)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Michal Such??nek <msuchanek@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Philipp Rudo <prudo@redhat.com>, Sasha Levin <sashal@kernel.org>,
Baoquan He <bhe@redhat.com>,
Alexander Egorenkov <egorenar@linux.ibm.com>,
"open list:S390" <linux-s390@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Eric Biederman <ebiederm@xmission.com>,
Mimi Zohar <zohar@linux.ibm.com>,
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
"moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)"
<linux-arm-kernel@lists.infradead.org>,
"open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)"
<linuxppc-dev@lists.ozlabs.org>,
"open list:KEXEC" <kexec@lists.infradead.org>,
Coiby Xu <coxu@redhat.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
James Morse <james.morse@arm.com>
Subject: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
Date: Tue, 27 Sep 2022 11:39:52 +0900 [thread overview]
Message-ID: <20220927023952.GB34139@laputa> (raw)
In-Reply-To: <20220926074024.GD28810@kitsune.suse.cz>
On Mon, Sep 26, 2022 at 09:40:25AM +0200, Michal Such??nek wrote:
> On Mon, Sep 26, 2022 at 08:47:32AM +0200, Greg Kroah-Hartman wrote:
> > On Sat, Sep 24, 2022 at 01:55:23PM +0200, Michal Suchánek wrote:
> > > On Sat, Sep 24, 2022 at 12:13:34PM +0200, Greg Kroah-Hartman wrote:
> > > > On Sat, Sep 24, 2022 at 11:45:21AM +0200, Michal Suchánek wrote:
> > > > > On Sat, Sep 24, 2022 at 11:19:19AM +0200, Greg Kroah-Hartman wrote:
> > > > > > On Fri, Sep 23, 2022 at 07:10:28PM +0200, Michal Suchanek wrote:
> > > > > > > Hello,
> > > > > > >
> > > > > > > this is backport of commit 0d519cadf751
> > > > > > > ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
> > > > > > > to table 5.15 tree including the preparatory patches.
> > > > > >
> > > > > > This feels to me like a new feature for arm64, one that has never worked
> > > > > > before and you are just making it feature-parity with x86, right?
> > > > > >
> > > > > > Or is this a regression fix somewhere? Why is this needed in 5.15.y and
> > > > > > why can't people who need this new feature just use a newer kernel
> > > > > > version (5.19?)
> > > > >
> > > > > It's half-broken implementation of the kexec kernel verification. At the time
> > > > > it was implemented for arm64 we had the platform and secondary keyrings
> > > > > and x86 was using them but on arm64 the initial implementation ignores
> > > > > them.
> > > >
> > > > Ok, so it's something that never worked. Adding support to get it to
> > > > work doesn't really fall into the stable kernel rules, right?
> > >
> > > Not sure. It was defective, not using the facilities available at the
> > > time correctly. Which translates to kernels that can be kexec'd on x86
> > > failing to kexec on arm64 without any explanation (signed with same key,
> > > built for the appropriate arch).
> >
> > Feature parity across architectures is not a "regression", but rather a
> > "this feature is not implemented for this architecture yet" type of
> > thing.
>
> That depends on the view - before kexec verification you could boot any
> kernel, now you can boot some kernels signed with a valid key, but not
> others - the initial implementation is buggy, probably because it
> is based on an old version of the x86 code.
Buggy?
The feature of supporting platform ring had been slipped in just before
I submitted the latest patch series which was eventually merged.
(I should have noticed it though.)
Looking at changes in the commit 278311e417be ("kexec, KEYS: Make use of platform
keyring for signature verify"), it seems to be obvious that it is a new feature
because it introduced a new Kconfig option, CONFIG_INTEGRITY_PLATFORM_KEYRING,
which allows for enabling/disabling platform ring support.
-Takahiro Akashi
> >
> > > > Again, what's wrong with 5.19 for anyone who wants this? Who does want
> > > > this?
> > >
> > > Not sure, really.
> > >
> > > The final patch was repeatedly backported to stable and failed to build
> > > because the prerequisites were missing.
> >
> > That's because it was tagged, but now that you show the full set of
> > requirements, it's pretty obvious to me that this is not relevant for
> > going this far back.
>
> That also works.
>
> Thanks
>
> Michal
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-09-27 2:40 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-23 17:10 [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` [PATCH 5.15 1/6] s390/kexec_file: move kernel image size check Michal Suchanek
2022-09-23 17:10 ` [PATCH 5.15 2/6] kexec_file: drop weak attribute from functions Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` [PATCH 5.15 3/6] kexec: " Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` [PATCH 5.15 4/6] kexec: clean up arch_kexec_kernel_verify_sig Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` [PATCH 5.15 5/6] kexec, KEYS: make the code in bzImage64_verify_sig generic Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` [PATCH 5.15 6/6] arm64: kexec_file: use more system keyrings to verify kernel image signature Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 17:10 ` Michal Suchanek
2022-09-23 19:03 ` [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies Mimi Zohar
2022-09-23 19:03 ` Mimi Zohar
2022-09-23 19:03 ` Mimi Zohar
2022-09-23 19:03 ` Mimi Zohar
2022-09-23 19:16 ` Michal Suchánek
2022-09-23 19:16 ` Michal Suchánek
2022-09-23 19:16 ` Michal Suchánek
2022-09-23 19:16 ` Michal Suchánek
2022-09-24 14:44 ` Michal Suchánek
2022-09-24 14:44 ` Michal Suchánek
2022-09-24 14:44 ` Michal Suchánek
2022-09-24 14:44 ` Michal Suchánek
2022-09-24 9:19 ` Greg Kroah-Hartman
2022-09-24 9:19 ` Greg Kroah-Hartman
2022-09-24 9:19 ` Greg Kroah-Hartman
2022-09-24 9:19 ` Greg Kroah-Hartman
2022-09-24 9:45 ` Michal Suchánek
2022-09-24 9:45 ` Michal Suchánek
2022-09-24 9:45 ` Michal Suchánek
2022-09-24 9:45 ` Michal Suchánek
2022-09-24 10:13 ` Greg Kroah-Hartman
2022-09-24 10:13 ` Greg Kroah-Hartman
2022-09-24 10:13 ` Greg Kroah-Hartman
2022-09-24 10:13 ` Greg Kroah-Hartman
2022-09-24 11:55 ` Michal Suchánek
2022-09-24 11:55 ` Michal Suchánek
2022-09-24 11:55 ` Michal Suchánek
2022-09-24 11:55 ` Michal Suchánek
2022-09-26 6:47 ` Greg Kroah-Hartman
2022-09-26 6:47 ` Greg Kroah-Hartman
2022-09-26 6:47 ` Greg Kroah-Hartman
2022-09-26 6:47 ` Greg Kroah-Hartman
2022-09-26 7:40 ` Michal Suchánek
2022-09-26 7:40 ` Michal Suchánek
2022-09-26 7:40 ` Michal Suchánek
2022-09-26 7:40 ` Michal Suchánek
2022-09-27 2:39 ` AKASHI Takahiro [this message]
2022-09-27 2:39 ` AKASHI Takahiro
2022-09-27 2:39 ` AKASHI Takahiro
2022-09-27 2:39 ` AKASHI Takahiro
2022-09-27 7:49 ` Michal Suchánek
2022-09-27 7:49 ` Michal Suchánek
2022-09-27 7:49 ` Michal Suchánek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220927023952.GB34139@laputa \
--to=takahiro.akashi@linaro.org \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=bhe@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=coxu@redhat.com \
--cc=dave.hansen@linux.intel.com \
--cc=ebiederm@xmission.com \
--cc=egorenar@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=kexec@lists.infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=msuchanek@suse.de \
--cc=naveen.n.rao@linux.vnet.ibm.com \
--cc=paulus@samba.org \
--cc=prudo@redhat.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.