Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1174253imm; Wed, 15 Aug 2018 12:44:49 -0700 (PDT) X-Google-Smtp-Source: AA+uWPypjW0NOz8eAaNK0P3x8vjetPZjXtDm8AdMJgIxWKPnba0vgKTRH+ZfkQ4ZhsLnxf2FkQBB X-Received: by 2002:a17:902:b486:: with SMTP id y6-v6mr25483353plr.27.1534362289182; Wed, 15 Aug 2018 12:44:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534362289; cv=none; d=google.com; s=arc-20160816; b=OzN0fXUVM1bINgmF9YuN2qsfPpxFOZ9MzFFldIRsW2E80WYjPLRibAJGIxZW7dkQuJ ihQL/kvPEFlRT8aTIxBbKOYFHMRi6sl+Wknv2qNz23TqVgW/xEKRY2ddNKWjFxrMm8M9 oIOMglQsvYYZofYYoJmYuTmejuxuIPsFxg4fla7kNJSwkKt7OlFswjtIRfWkOxDhb2zV tbkPRpYaHJ0CP0flNMJujeb+64aQE6dnv4ow7eSGQY4/nhwqSqYdd248k+Qn3S0qDb1S AB3SdyMStaCx0E+LEQyYM7+XcCmeDBKkjL/UIuR6Y3s40jVl6/AGf630uLsO7YYF9c4n w2sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=NtPFrLixhk+vCeNFDlX1O64wvQL7dPpUl8M0Ui8r8s0=; b=Mq8vt69WMEQsa4N700aQhf+7KLM/jmz1RYlxqrcqYX8zjk7cyTz2F/uR2uTDyW4FPn CR2i5k3bjyq1hYDcZWt1KMB326gzWymhfz/CgH4Y9R+sByqNTvX2eRMspXsW4Wipg4ZK q+vrGvT9TqBj9yDGHorGl39qUtOzwAiXHasX0dH/NP8PGkHpUghLIqbAax3g2uWVuEGx 7zWeL2abU1oExqjf9yo0RSVrBxMqgz8T8i2xyFRWt6ypweRsGPvDDLdGSZLZKiGI2EfT y1j0QgMN55qvlo1zfdgX8shysA1O9IO54aHiP6GtjhYQ43Qs6XiibAg+llDXs8+2hG/L 0j7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d4-v6si19071502pla.299.2018.08.15.12.44.34; Wed, 15 Aug 2018 12:44:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727948AbeHOWg1 (ORCPT + 99 others); Wed, 15 Aug 2018 18:36:27 -0400 Received: from mail.sembritzki.me ([5.45.101.249]:60524 "EHLO mail.sembritzki.me" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727660AbeHOWg1 (ORCPT ); Wed, 15 Aug 2018 18:36:27 -0400 Received: from yannik-laptop.fritz.box (x4dbb4132.dyn.telefonica.de [77.187.65.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.sembritzki.me (Postfix) with ESMTPSA id 2BE5FA7AAD; Wed, 15 Aug 2018 21:42:54 +0200 (CEST) From: Yannik Sembritzki To: Linus Torvalds , David Howells , Thomas Gleixner , Ingo Molnar , Peter Anvin , the arch/x86 maintainers , Linux Kernel Mailing List , Dave Young , Baoquan He , "Justin M. Forbes" , Peter Jones , James Bottomley , Matthew Garrett , Vivek Goyal Cc: Yannik Sembritzki Subject: [PATCH 0/2] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot Date: Wed, 15 Aug 2018 21:42:42 +0200 Message-Id: <20180815194244.29564-1-yannik@sembritzki.me> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I've written two patches for (a) the logical change of allowing kernels signed with keys in the secondary keyring to be kexec'd (b) the refactoring of the magic 1UL Linus requested. Yannik Sembritzki (2): Fix kexec forbidding kernels signed with keys in the secondary keyring to boot Replace magic for trusting the secondary keyring with #define arch/x86/kernel/kexec-bzimage64.c | 2 +- certs/system_keyring.c | 3 ++- crypto/asymmetric_keys/pkcs7_key_type.c | 2 +- include/linux/verification.h | 4 ++++ 4 files changed, 8 insertions(+), 3 deletions(-) -- 2.17.1