From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2A9CAC54734 for ; Tue, 27 Aug 2024 12:44:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=V2eO/bM1meWQxHu1K1LtAe4EM9utE7kGQonbUWt9Zio=; b=v4s9ULw907o0Irg2LAza80H2dK F9R4ZTmCp36nJcYpL7YG0Gy6mQRFFNdr1k+9pzEGi2M+0jI1RJFeWyYFxwVV8U5W520JFx98VzJgt IB+w0m1aVzvXrUojNefqK04kDLtzHWHe3r1maduTLnih6dNz73GWiLfaQ45OlNhioCZnibmkWdMH+ kxem8PqN/KiJ78byh476qy5K+7U5ouw7fVbY4LrajbuJOxV/0m/gYRNOuWiBy8tEPOGiz5MRj8oEx rMO8m4W4vbtEPASCkRGRx/QO3ptaep+FPPJgGPBYa9YR7CWDzWRmOzf7HbayXmz2pV0tHpnCrZ57y yTPqxCwA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sivYn-0000000BIS4-2kCt; Tue, 27 Aug 2024 12:44:33 +0000 Received: from nyc.source.kernel.org ([2604:1380:45d1:ec00::3]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sivXz-0000000BII4-35my for linux-arm-kernel@lists.infradead.org; Tue, 27 Aug 2024 12:43:44 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id E24FDA41978; Tue, 27 Aug 2024 12:43:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4CD13C4FF55; Tue, 27 Aug 2024 12:43:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724762622; bh=2ZqQrzeYqI5Yy5NFyuU1piLbskRlrRRgZOLUi0g93X0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TXgCUuJcsBdTj5IJ/vDHleb8z/rFD2qJtc9Jvq2tjg3+1DRtGPKQynrgPRTGFuhsJ girD6v73LAxlFv1iHdNWfBdczAwrz+L7ee8H6PtuUZVUJOGb4hG79AWgfp0jq9hXaA b7nZjcm7R76qYsEkOvWEck1bSbDztIrygGGR1t1mt7yxnBFkVk36uxl+VCNVrkqYCK uyVaAEEhzo4UNZeeN6IRUj04dy9J6ZkK4fWEfuSRp3EgnzBCfxxZEhR//vO0uMewmr 1AegJcJDe/+pBH9UYKi4dFD2goyATHbwYFNusn4ULw0F3f+d4jVspRJcSQHJwUo5I/ JOaHtx80SyU0Q== Date: Tue, 27 Aug 2024 13:43:38 +0100 From: Will Deacon To: Li Zetao Cc: catalin.marinas@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, eric.devolder@oracle.com, ebiederm@xmission.com Subject: Re: [PATCH -next] arm64: enable ARCH_SUPPORTS_KEXEC_SIG_FORCE for arm64 Message-ID: <20240827124337.GA4772@willie-the-truck> References: <20240824111234.2216355-1-lizetao1@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240824111234.2216355-1-lizetao1@huawei.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240827_054343_862003_89BC0790 X-CRM114-Status: GOOD ( 22.18 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Sat, Aug 24, 2024 at 07:12:34PM +0800, Li Zetao wrote: > When the CONFIG_KEXEC_SIG is enabled, an illegal image is loaded through > kexec, and the illegal image is successfully loaded. The test example is > as follows: > > # cat /sys/kernel/kexec_loaded > 0 > # kexec -s -l ./Image.illegal_signature > # echo $? > 0 > # dmesg | tail > PEFILE: Digest mismatch > # cat /sys/kernel/kexec_loaded > 1 > > The root cause of this problem is that CONFIG_KEXEC_SIG_FORCE is not > enabled. Solve this problem by enabling the ARCH_SUPPORTS_KEXEC_SIG_FORCE > feature. I'm not sure this is a problem as such -- it seems to be working as intended if you look at the Kconfig help text: // Kconfig.kexec :: KEXEC_SIG | The image can still be loaded without a valid signature unless you | also enable KEXEC_SIG_FORCE, though if there's a signature that we | can check, then it must be valid. > Signed-off-by: Li Zetao > --- > arch/arm64/Kconfig | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a2f8ff354ca6..9952c40a2bd8 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1549,6 +1549,9 @@ config ARCH_SELECTS_KEXEC_FILE > config ARCH_SUPPORTS_KEXEC_SIG > def_bool y > > +config ARCH_SUPPORTS_KEXEC_SIG_FORCE > + def_bool y I think the real question is why on Earth does KEXEC_SIG_FORCE depend on this arch option? Can't we just remove ARCH_SUPPORTS_KEXEC_SIG_FORCE, seeing as it doesn't appear to do anything? Will