From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from us-smtp-1.mimecast.com ([205.139.110.61] helo=us-smtp-delivery-1.mimecast.com) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jlrJZ-0001Uu-En for kexec@lists.infradead.org; Thu, 18 Jun 2020 09:58:34 +0000 Subject: Re: [PATCH v2] kexec: Do not verify the signature without the lockdown or mandatory signature References: <20200602045952.27487-1-lijiang@redhat.com> <20200617123731.0dbb039a053a2ef610af59fb@linux-foundation.org> From: lijiang Message-ID: Date: Thu, 18 Jun 2020 17:58:14 +0800 MIME-Version: 1.0 In-Reply-To: <20200617123731.0dbb039a053a2ef610af59fb@linux-foundation.org> Content-Language: en-US List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Andrew Morton Cc: jbohac@suse.cz, bhe@redhat.com, kexec@lists.infradead.org, jmorris@namei.org, mjg59@google.com, linux-kernel@vger.kernel.org, ebiederm@xmission.com, dyoung@redhat.com 5ZyoIDIwMjDlubQwNuaciDE45pelIDAzOjM3LCBBbmRyZXcgTW9ydG9uIOWGmemBkzoKPiBPbiBU dWUsICAyIEp1biAyMDIwIDEyOjU5OjUyICswODAwIExpYW5ibyBKaWFuZyA8bGlqaWFuZ0ByZWRo YXQuY29tPiB3cm90ZToKPiAKPj4gU2lnbmF0dXJlIHZlcmlmaWNhdGlvbiBpcyBhbiBpbXBvcnRh bnQgc2VjdXJpdHkgZmVhdHVyZSwgdG8gcHJvdGVjdAo+PiBzeXN0ZW0gZnJvbSBiZWluZyBhdHRh Y2tlZCB3aXRoIGEga2VybmVsIG9mIHVua25vd24gb3JpZ2luLiBLZXhlYwo+PiByZWJvb3Rpbmcg aXMgYSB3YXkgdG8gcmVwbGFjZSB0aGUgcnVubmluZyBrZXJuZWwsIGhlbmNlIG5lZWQgYmUKPj4g c2VjdXJlZCBjYXJlZnVsbHkuCj4gCj4gSSdtIGZpbmRpbmcgdGhpcyBjaGFuZ2Vsb2cgcXVpdGUg aGFyZCB0byB1bmRlcnN0YW5kLAo+IApUaGFua3MgZm9yIHlvdXIgY29tbWVudC4KCkkgd2lsbCBp bXByb3ZlIHRoZSBwYXRjaCBsb2cgYW5kIHRyeSB0byBtYWtlIGl0IGVhc2lseSB1bmRlcnN0YW5k LgoKPj4gSW4gdGhlIGN1cnJlbnQgY29kZSBvZiBoYW5kbGluZyBzaWduYXR1cmUgdmVyaWZpY2F0 aW9uIG9mIGtleGVjIGtlcm5lbCwKPj4gdGhlIGxvZ2ljIGlzIHZlcnkgdHdpc3RlZC4gSXQgbWl4 ZXMgc2lnbmF0dXJlIHZlcmlmaWNhdGlvbiwgSU1BIHNpZ25hdHVyZQo+PiBhcHByYWlzaW5nIGFu ZCBrZXhlYyBsb2NrZG93bi4KPj4KPj4gSWYgdGhlcmUgaXMgbm8gS0VYRUNfU0lHX0ZPUkNFLCBr ZXhlYyBrZXJuZWwgaW1hZ2UgZG9lc24ndCBoYXZlIG9uZSBvZgo+PiBzaWduYXR1cmUsIHRoZSBz dXBwb3J0ZWQgY3J5cHRvLCBhbmQga2V5LCB3ZSBkb24ndCB0aGluayB0aGlzIGlzIHdyb25nLAo+ IAo+IEkgdGhpbmsgdGhpcyBpcyBzYXlpbmcgdGhhdCBpbiB0aGUgYWJzZW5jZSBvZiBLRVhFQ19T SUdfRk9SQ0UgYW5kIGlmCj4gdGhlIHNpZ25hdHVyZS9jcnlwdG8va2V5IGFyZSBhbGwgaW5jb3Jy ZWN0LCB0aGUga2V4ZWMgc3RpbGwgc3VjY2VlZHMsCj4gYnV0IGl0IHNob3VsZCBub3QuCj4gCldo ZW4gdGhlIEtFWEVDX1NJR19GT1JDRSBpcyBub3QgZW5hYmxlZCwgZXZlbiBpZiBrZXhlYyBrZXJu ZWwgaW1hZ2UgZG9lc24ndApoYXZlIHRoZSBzaWduYXR1cmUsIG9yIHRoZSBrZXksIGV0Yywga2V4 ZWMgc2hvdWxkIGJlIHN0aWxsIGFsbG93ZWQgdG8gbG9hZGVkLAp1bmxlc3Mga2V4ZWMgbG9ja2Rv d24gaXMgZXhlY3V0ZWQuCgo+PiBVbmxlc3Mga2V4ZWMgbG9ja2Rvd24gaXMgZXhlY3V0ZWQuIElN QSBpcyBjb25zaWRlcmVkIGFzIGFub3RoZXIga2luZCBvZgo+PiBzaWduYXR1cmUgYXBwcmFpc2lu ZyBtZXRob2QuCj4+Cj4+IElmIGtleGVjIGtlcm5lbCBpbWFnZSBoYXMgc2lnbmF0dXJlL2NyeXB0 by9rZXksIGl0IGhhcyB0byBnbyB0aHJvdWdoIHRoZQo+PiBzaWduYXR1cmUgdmVyaWZpY2F0aW9u IGFuZCBwYXNzLiBPdGhlcndpc2UgaXQncyBzZWVuIGFzIHZlcmlmaWNhdGlvbgo+PiBmYWlsdXJl LCBhbmQgd29uJ3QgYmUgbG9hZGVkLgo+IAo+IEkgZG9uJ3Qga25vdyBpZiB0aGlzIGlzIGRlc2Ny aWJpbmcgdGhlIGN1cnJlbnQgc2l0dWF0aW9uIG9yIHRoZQo+IHBvc3QtcGF0Y2ggc2l0dWF0aW9u Lgo+IApUaGlzIGlzIHRoZSBjdXJyZW50IHNpdHVhdGlvbiwgYW5kIHdlJ2QgbGlrZSB0byBjaGFu Z2UgaXQgc28gdGhhdCBrZXhlYyBhbGxvd3MKdGhlIGtlcm5lbCBhbmQgaW5pdHJkIGltYWdlcyB0 byBiZSBsb2FkZWQgd2hlbiB0aGV5IGFyZSBub3QgdGhlIGxvY2tkb3duIG9yIAptYW5kYXRvcnkg c2lnbmF0dXJlLgoKPj4gU2VlbXMga2V4ZWMga2VybmVsIGltYWdlIHdpdGggYW4gdW5xdWFsaWZp ZWQgc2lnbmF0dXJlIGlzIGV2ZW4gd29yc2UgdGhhbgo+PiB0aG9zZSB3L28gc2lnbmF0dXJlIGF0 IGFsbCwgdGhpcyBzb3VuZHMgdmVyeSB1bnJlYXNvbmFibGUuIEUuZy4gSWYgcGVvcGxlCj4+IGdl dCBhIHVuc2lnbmVkIGtlcm5lbCB0byBsb2FkLCBvciBhIGtlcm5lbCBzaWduZWQgd2l0aCBleHBp cmVkIGtleSwgd2hpY2gKPj4gb25lIGlzIG1vcmUgZGFuZ2Vyb3VzPwo+Pgo+PiBTbywgaGVyZSwg bGV0J3Mgc2ltcGxpZnkgdGhlIGxvZ2ljIHRvIGltcHJvdmUgY29kZSByZWFkYWJpbGl0eS4gSWYg dGhlCj4+IEtFWEVDX1NJR19GT1JDRSBlbmFibGVkIG9yIGtleGVjIGxvY2tkb3duIGVuYWJsZWQs IHNpZ25hdHVyZSB2ZXJpZmljYXRpb24KPj4gaXMgbWFuZGF0ZWQuIE90aGVyd2lzZSwgd2UgbGlm dCB0aGUgYmFyIGZvciBhbnkga2VybmVsIGltYWdlLgo+IAo+IEkgdGhpbmsgdGhlIHdob2xlIHRo aW5nIG5lZWRzIGEgcmV3cml0ZS4gIFN0YXJ0IG91dCBieSBmdWxseSBkZXNjcmliaW5nCj4gdGhl IGN1cnJlbnQgc2l0dWF0aW9uLiAgVEhlbiBkZXNjcmliZSB3aGF0IGlzIHdyb25nIHdpdGggaXQs IGFuZCB3aHkuIAo+IFRoZW4gZGVzY3JpYmUgdGhlIHByb3Bvc2VkIGNoYW5nZS4gIE9yIHNvbWV0 aGluZyBhbG9uZyB0aGVzZSBsaW5lcy4KPiAKPiBUaGUgY2hhbmdlbG9nIHNob3VsZCBhbHNvIG1h a2UgY2xlYXIgdGhlIGVuZC11c2VyIGltcGFjdCBvZiB0aGUgcGF0Y2guIAo+IEluIHN1ZmZpY2ll bnQgZGV0YWlsIGZvciBvdGhlcnMgdG8gZGVjaWRlIHdoaWNoIGtlcm5lbCB2ZXJzaW9uKHMpCj4g c2hvdWxkIGJlIHBhdGNoZWQuICBZb3VyIHJlY29tbWVuZGF0aW9ucyB3aWxsIGFsc28gYmUgdmFs dWFibGUgLSB3aGljaAo+IGtlcm5lbCB2ZXJzaW9uKHMpIGRvIHlvdSB0aGluayBzaG91bGQgYmUg cGF0Y2hlZCwgYW5kIHdoeT8KPiAKCkN1cnJlbnRseSwga2VybmVsIHdpbGwgYWx3YXlzIHZlcmlm eSB0aGUgc2lnbmF0dXJlIHdpdGhvdXQgdGhlIGxvY2tkb3duIG9yCm1hbmRhdG9yeSBzaWduYXR1 cmUuIFRoaXMgbWF5IHByZXZlbnQgdGhlIGtlcm5lbCBmcm9tIGxvYWRpbmcgdGhlIGtlcm5lbCBh bmQKaW5pdHJkIGltYWdlcyB2aWEgdGhlIGtleGVjX2ZpbGVfbG9hZCgpIHN5c2NhbGwuIEhvd2V2 ZXIsIHdlJ2QgbGlrZSB0byBhbGxvdwp0byBzdGlsbCBsb2FkIHRoZSBpbWFnZXMgaW4gc3VjaCBj YXNlIHJhdGhlciB0aGFuIGZhaWx1cmUgZHVlIHRvIHRoZSBzaWduYXR1cmUKdmVyaWZpY2F0aW9u IGlzc3VlLgoKRm9yIGV4YW1wbGUsIGF0IHRoZSBzdGFnZSBvZiBkZXZlbG9wbWVudCBhbmQgdGVz dCwgdXN1YWxseSB1c2UgYSBzaWduYXR1cmUKa2V5IHRvIHRlc3Qgd2hldGhlciB0aGUgcHJvY2Vk dXJlIG9mIHNpZ25hdHVyZSBjYW4gd29yayB3ZWxsIGFzIGV4cGVjdGVkLgpTb21ldGltZXMsIHRo ZSBzaWduaW5nIHRpbWUgbWF5IGJlIGV4cGlyZWQsIGJ1dCBzdGlsbCB1c2UgdGhlIGtlcm5lbCB3 aXRoCnRoZSBvbGQgc2lnbmF0dXJlIGtleSB0byByZXByb2R1Y2Ugc29tZSBwcm9ibGVtcyBpbiBz b21lIGF1dG9tYXRpYyB0ZXN0cywKd2hpY2ggYWx3YXlzIGNhdXNlZCB0aGUgZmFpbHVyZSBvZiBs b2FkaW5nIGltYWdlcy4KCkxldCdzIGNsZWFuIHRoZSBsb2dpYyBvZiBrZXJuZWwgY29kZSBhbmQg YWxsb3cgdG8gc3RpbGwgbG9hZCB0aGUga2VybmVsIGFuZAppbml0cmQgaW1hZ2VzIHdpdGhvdXQg dGhlIGxvY2tkb3duIG9yIG1hbmRhdG9yeSBzaWduYXR1cmUuCgoKSG9wZSB0aGlzIGhlbHBzLgoK VGhhbmtzLgpMaWFuYm8KCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXwprZXhlYyBtYWlsaW5nIGxpc3QKa2V4ZWNAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRw Oi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2tleGVjCg==