public inbox for kexec@lists.infradead.org
 help / color / mirror / Atom feed
From: Vivek Goyal <vgoyal@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: mjg59@srcf.ucam.org, bhe@redhat.com, greg@kroah.com,
	kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
	bp@alien8.de, ebiederm@xmission.com, hpa@zytor.com,
	dyoung@redhat.com, chaowang@redhat.com
Subject: Re: [PATCH 00/15][V4] kexec: A new system call to allow in kernel loading
Date: Fri, 27 Jun 2014 07:33:13 -0400	[thread overview]
Message-ID: <20140627113313.GB13337@redhat.com> (raw)
In-Reply-To: <20140626135811.37c10ff327bea8a9d2e3894e@linux-foundation.org>

On Thu, Jun 26, 2014 at 01:58:11PM -0700, Andrew Morton wrote:
> On Thu, 26 Jun 2014 16:33:29 -0400 Vivek Goyal <vgoyal@redhat.com> wrote:
> 
> > This patch series does not do kernel signature verification yet. I plan
> > to post another patch series for that. Now distributions are already signing
> > PE/COFF bzImage with PKCS7 signature I plan to parse and verify those
> > signatures.
> > 
> > Primary goal of this patchset is to prepare groundwork so that kernel
> > image can be signed and signatures be verified during kexec load. This
> > should help with two things.
> > 
> > - It should allow kexec/kdump on secureboot enabled machines.
> > 
> > - In general it can help even without secureboot. By being able to verify
> >   kernel image signature in kexec, it should help with avoiding module
> >   signing restrictions. Matthew Garret showed how to boot into a custom
> >   kernel, modify first kernel's memory and then jump back to old kernel and
> >   bypass any policy one wants to.
> > 
> > I hope these patches can be queued up for 3.17. Even without signature
> > verification support, they provide new syscall functionality. But I
> > wil leave it to maintainers to decide if they want signature verification
> > support also be ready to merge before they merge this patchset.
> 
> Well, this is an absolute ton of new code, much of it pretty complex. 
> And I believe the entire point of this work is to enable image
> signature checking, but that hasn't been implemented yet?

I have a patchset which works. But it requires more work. I will do
remaining work and clean it up and post for review.

> 
> In which case I'm thinking it would be unwise to merge these parts into
> mainline - if signature checking doesn't work or fails review or if you
> get hit by a bus then we'd be left with a large lump of rather useless
> code?
> 
> In which case I'm inclined to put this series into -next and keep it
> there pending completion of the signature checking part.

Agreed. Primary purpose of this patch series is to be able to do signature
verification of kernel during kexec. So it will make sense to first have
some sort of consensus on signature verification patches. Otherwise we
might be stuck with this 3.5K lines of code if things go south w.r.t
signature verification.

Thanks
Vivek

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

  parent reply	other threads:[~2014-06-27 11:33 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-26 20:33 [PATCH 00/15][V4] kexec: A new system call to allow in kernel loading Vivek Goyal
2014-06-26 20:33 ` [PATCH 01/15] bin2c: Move bin2c in scripts/basic Vivek Goyal
2014-06-26 20:33 ` [PATCH 02/15] kernel: Build bin2c based on config option CONFIG_BUILD_BIN2C Vivek Goyal
2014-06-26 20:33 ` [PATCH 03/15] kexec: rename unusebale_pages to unusable_pages Vivek Goyal
2014-06-26 20:33 ` [PATCH 04/15] kexec: Move segment verification code in a separate function Vivek Goyal
2014-06-26 20:33 ` [PATCH 05/15] kexec: Use common function for kimage_normal_alloc() and kimage_crash_alloc() Vivek Goyal
2014-06-26 20:33 ` [PATCH 06/15] resource: Provide new functions to walk through resources Vivek Goyal
2014-06-26 20:33 ` [PATCH 07/15] kexec: Make kexec_segment user buffer pointer a union Vivek Goyal
2014-06-26 20:33 ` [PATCH 08/15] kexec: New syscall kexec_file_load() declaration Vivek Goyal
2014-06-26 20:43   ` Vivek Goyal
2014-06-26 21:03     ` Andy Lutomirski
2014-06-27 11:50       ` Vivek Goyal
2014-06-27 12:20         ` Michael Kerrisk (man-pages)
2014-06-26 20:33 ` [PATCH 09/15] kexec: Implementation of new syscall kexec_file_load Vivek Goyal
2014-06-26 20:58   ` Andrew Morton
2014-06-27 16:31     ` Vivek Goyal
2014-07-01 20:25       ` Vivek Goyal
2014-06-26 20:33 ` [PATCH 10/15] purgatory/sha256: Provide implementation of sha256 in purgaotory context Vivek Goyal
2014-06-26 20:33 ` [PATCH 11/15] purgatory: Core purgatory functionality Vivek Goyal
2014-08-11 17:40   ` Shaun Ruffell
2014-08-11 17:51     ` H. Peter Anvin
2014-08-11 18:02       ` Vivek Goyal
2014-08-11 18:08         ` H. Peter Anvin
2014-08-11 18:15           ` Vivek Goyal
2014-08-11 20:23           ` Vivek Goyal
2014-06-26 20:33 ` [PATCH 12/15] kexec: Load and Relocate purgatory at kernel load time Vivek Goyal
2014-06-26 20:33 ` [PATCH 13/15] kexec-bzImage64: Support for loading bzImage using 64bit entry Vivek Goyal
2014-06-26 20:33 ` [PATCH 14/15] kexec: Support for kexec on panic using new system call Vivek Goyal
2014-06-26 20:33 ` [PATCH 15/15] kexec: Support kexec/kdump on EFI systems Vivek Goyal
2014-07-01 19:46   ` Matt Fleming
2014-07-01 20:14     ` Andrew Morton
2014-07-01 20:21       ` Vivek Goyal
2014-07-01 21:23       ` Matt Fleming
2014-07-01 20:09   ` [PATCH 17/15] kexec-bzimage: Change EFI helper function names Vivek Goyal
2014-06-26 20:39 ` [PATCH 00/15][V4] kexec: A new system call to allow in kernel loading Vivek Goyal
2014-06-26 20:58 ` Andrew Morton
2014-06-26 21:21   ` Borislav Petkov
2014-06-27 11:33   ` Vivek Goyal [this message]
2014-06-27 16:34 ` [PATCH 16/15] kexec: Fix freeing up for image loader data loading Vivek Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140627113313.GB13337@redhat.com \
    --to=vgoyal@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=bhe@redhat.com \
    --cc=bp@alien8.de \
    --cc=chaowang@redhat.com \
    --cc=dyoung@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=greg@kroah.com \
    --cc=hpa@zytor.com \
    --cc=kexec@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mjg59@srcf.ucam.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox