From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2A893C433EF for ; Mon, 21 Mar 2022 08:36:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=4NuuU6kb50BOduy53dPhNMAwosED0TtK5/VfYkLkcOw=; b=Bl1FknwRoCzkY6 kw2AXrt6mEPsr0DVP6TyKd4creGXNfM9Ps2OAwDJ9d+OQmuRhAkU3XW/nFa+kODSzaDIWgbQT/6Lq i3XDmSfeGYzRZQ+9gzXD5rNF2jWt+mVWMmwh14vhzsayxnWDBfEzdpZ0C+pJXRUsUUBG+8OGkgBoY bzuJTzoPMplj8x9IQ+2dHGWKUXRtbWExg90vDSci4yjWpWTEcXfJGgeJSdBqoO1YhlhnVwCZ2/OhR mFwaNaewy7amFtK9wOnTty48rA/eG9CvuIRJolO8o7yladI9L4Czm77uCuqxpyfcv/5M14o0KVrUP JpWI7E0pMwlrszpz626Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nWDVf-0072w0-11; Mon, 21 Mar 2022 08:35:27 +0000 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nWDVc-0072uz-Gt for linux-arm-kernel@lists.infradead.org; Mon, 21 Mar 2022 08:35:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647851723; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=xJh29LNEYQs2HazbVeKblF1bqRZlCm/w6uD+WtQd7dQ=; b=K9HxDC+kvJ4du9TYCyMpoiZVVC/dvKBTThIe+Aj3g0oGyd+6OCpFApvSLIhM8lraJF5QQO ztBhx5Vh9xYHEKDydeyAPFsfDSR46qp0scjjAnl/IWBkX6bJdPXhAxWb8k6M5/lvfENJ78 kqJZg/V5Oa5DGxjY0bcGE5nn2Q47SKM= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-454-eYUr1tNXMPm_xxRV2kfl_g-1; Mon, 21 Mar 2022 04:35:17 -0400 X-MC-Unique: eYUr1tNXMPm_xxRV2kfl_g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8F15B85A5BE; Mon, 21 Mar 2022 08:35:17 +0000 (UTC) Received: from localhost (ovpn-12-54.pek2.redhat.com [10.72.12.54]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 853022026D6B; Mon, 21 Mar 2022 08:35:12 +0000 (UTC) Date: Mon, 21 Mar 2022 16:35:08 +0800 From: Baoquan He To: Coiby Xu Cc: kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org, Dave Young , Will Deacon , "Eric W . Biederman" Subject: Re: [PATCH v4 0/3] use more system keyrings to verify arm64 kdump kernel image signature Message-ID: References: <20220318094101.274950-1-coxu@redhat.com> <20220321082807.eq7g3qgkbtdw6sre@Rk> MIME-Version: 1.0 In-Reply-To: <20220321082807.eq7g3qgkbtdw6sre@Rk> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=bhe@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220321_013524_664926_E1B16ED4 X-CRM114-Status: GOOD ( 20.39 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 03/21/22 at 04:28pm, Coiby Xu wrote: > Hi Baoquan, > > On Mon, Mar 21, 2022 at 12:24:59PM +0800, Baoquan He wrote: > > Hi Coiby, > > > > On 03/18/22 at 05:40pm, Coiby Xu wrote: > > > This patch set allows arm64 to use more system keyrings to verify kdump > > > kernel image signature by making the existing code in x64 public. > > > > Could you tell more about why arm64 need use more system keyrings to > > verify kdump kernel iamge signature? > > > > What problem have you encountered to make you want to do this? > > Thanks for raising this question! Currently, a problem faced by arm64 is > if a kernel image is signed by a MOK key, this kernel image would be > rejected with the error "Lockdown: kexec: kexec of unsigned images is > restricted; see man kernel_lockdown.7". I'll improve the cover letter > and the 3rd commit message to have this info. Thanks for the effort, Coiby. Usually, when we post patch to solve issues, or improve, we had better tell 1) what problem we encounter; 2) why the problem happened, what is the root cause after investigation and analysis; 3) how you fix it; The 1) and 2) are very important to help reviewer understand what's going on, and why this patch is needed. As you can see, in this patchset, only 3) is presented. Cheers _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel