Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754935AbcKYTtG convert rfc822-to-8bit (ORCPT ); Fri, 25 Nov 2016 14:49:06 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:34409 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932266AbcKYTs5 (ORCPT ); Fri, 25 Nov 2016 14:48:57 -0500 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3246\)) Subject: Re: [PATCH 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage From: Mehmet Kayaalp In-Reply-To: <14475.1480064784@warthog.procyon.org.uk> Date: Fri, 25 Nov 2016 14:49:17 -0500 Cc: Mimi Zohar , Stefan Berger , George Wilson , LSM , keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8BIT References: <1479787880-31811-2-git-send-email-mkayaalp@linux.vnet.ibm.com> <1479787880-31811-1-git-send-email-mkayaalp@linux.vnet.ibm.com> <14475.1480064784@warthog.procyon.org.uk> To: David Howells X-Mailer: Apple Mail (2.3246) X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16112519-0024-0000-0000-0000151F1A1C X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00006141; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000193; SDB=6.00785439; UDB=6.00379541; IPR=6.00563015; BA=6.00004914; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00013443; XFM=3.00000011; UTC=2016-11-25 19:48:55 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16112519-0025-0000-0000-000046715686 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-11-25_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1611250340 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1156 Lines: 30 > On Nov 25, 2016, at 4:06 AM, David Howells wrote: > > Mehmet Kayaalp wrote: > >> Include a random filled binary in vmlinux at the space reserved with >> CONFIG_SYSTEM_EXTRA_CERTIFICATE. This results in an uncompressed reserved >> area inside the bzImage as well, so that it can be replaced with an actual >> certificate later (after the bzImage is distributed). > > You haven't said *why* you need an incompressible buffer. I presume it's > something to do with the decompression wrapper. > After you replace zeroes with a certificate and compress again, the image size increases. Then, repackaging the bzImage becomes difficult. >From the commit message of 3/4: > This patch adds the capability of extracting the > vmlinux, inserting the certificate, and repackaging the result into a > bzImage. > > It only works if the resulting compressed vmlinux is smaller than the > original. Otherwise re-linking would be required. To make the reserved > space allocate actual space in bzImage, incompressible bytes are > inserted into the vmlinux as a placeholder for the extra certificate. Mehmet