From: Baoquan He <bhe@redhat.com>
To: Coiby Xu <coxu@redhat.com>
Cc: kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org,
Dave Young <dyoung@redhat.com>, Will Deacon <will@kernel.org>,
"Eric W . Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v4 0/3] use more system keyrings to verify arm64 kdump kernel image signature
Date: Mon, 21 Mar 2022 16:35:08 +0800 [thread overview]
Message-ID: <Yjg4vGYnN2kpSDK8@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20220321082807.eq7g3qgkbtdw6sre@Rk>
On 03/21/22 at 04:28pm, Coiby Xu wrote:
> Hi Baoquan,
>
> On Mon, Mar 21, 2022 at 12:24:59PM +0800, Baoquan He wrote:
> > Hi Coiby,
> >
> > On 03/18/22 at 05:40pm, Coiby Xu wrote:
> > > This patch set allows arm64 to use more system keyrings to verify kdump
> > > kernel image signature by making the existing code in x64 public.
> >
> > Could you tell more about why arm64 need use more system keyrings to
> > verify kdump kernel iamge signature?
> >
> > What problem have you encountered to make you want to do this?
>
> Thanks for raising this question! Currently, a problem faced by arm64 is
> if a kernel image is signed by a MOK key, this kernel image would be
> rejected with the error "Lockdown: kexec: kexec of unsigned images is
> restricted; see man kernel_lockdown.7". I'll improve the cover letter
> and the 3rd commit message to have this info.
Thanks for the effort, Coiby.
Usually, when we post patch to solve issues, or improve, we had better
tell
1) what problem we encounter;
2) why the problem happened, what is the root cause after investigation and analysis;
3) how you fix it;
The 1) and 2) are very important to help reviewer understand what's
going on, and why this patch is needed. As you can see, in this
patchset, only 3) is presented.
Cheers
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
prev parent reply other threads:[~2022-03-21 8:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-18 9:40 [PATCH v4 0/3] use more system keyrings to verify arm64 kdump kernel image signature Coiby Xu
2022-03-18 9:40 ` [PATCH v4 1/3] kexec: clean up arch_kexec_kernel_verify_sig Coiby Xu
2022-03-21 4:21 ` Baoquan He
2022-03-22 2:59 ` Coiby Xu
2022-03-22 3:13 ` Baoquan He
2022-03-22 6:57 ` Coiby Xu
2022-03-18 9:41 ` [PATCH v4 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic Coiby Xu
2022-03-18 9:41 ` [PATCH v4 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature Coiby Xu
2022-03-21 4:24 ` [PATCH v4 0/3] use more system keyrings to verify arm64 kdump " Baoquan He
2022-03-21 8:28 ` Coiby Xu
2022-03-21 8:35 ` Baoquan He [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yjg4vGYnN2kpSDK8@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=coxu@redhat.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=kexec@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).