Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1302206imm; Wed, 15 Aug 2018 15:16:06 -0700 (PDT) X-Google-Smtp-Source: AA+uWPxzHZWV1iEyWT9aH8biIkEsqeuSRiazCadCsBeewP6zm3lDIf3mNg2hAQ9ZT7Y+CHhJP5MY X-Received: by 2002:a65:4849:: with SMTP id i9-v6mr26761806pgs.350.1534371366049; Wed, 15 Aug 2018 15:16:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534371366; cv=none; d=google.com; s=arc-20160816; b=Es4LjEScSVaYR9m81Gas4CFJ6nkYVRUXXSUC5QMKA+vxl3tlHXsLWAtvSjFheB0Roc 8q3SuonIhYa3N9K+0/KRHnQKkV/pX3cLGlXSII5aQFnd2JrP5kRL2jStmmepyVFtcYNB +bNSVGItCOUfixJD3CFK0wXnaJ6h4Drsr7xh5bialUL52T8DE/R/Aoog6VjawY0Li8qn q2igS8mbJ9VHwSQu4FTSQwEEVLX5oTxupZxQuPSyfIQUBfxwZAPB+uoecJUVHOnK4sFj Y39kFPtYMYYKOre32YFYIyYK0hYyLSYeeJiAnK2dIA/u/lskNyDSmDO8IuIvTqiwvfEC SE4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject :arc-authentication-results; bh=J1/PrJ3rsaQ9ag/U9WdZyvPvkL9iP1kF36icCDybKzs=; b=lRKafOZkNIM4CyJeWLd63E7tKRdIO7JjSytliOxaz8VKi/WwwfenIjzXOI0yekYWiZ LxGkoGClaP78xI/8gt+c6IEE3m1I4W2Jo/xBW1hAv0jzn02S9KNOSvqq8ugarLMzkH8d ii/Xsua7NUhdYL8Mn4YnDDTLWOhwG/ERaMAjkfNmf3R4H9O9EbG1P6m1j/jczJ9BEp6v VYaERk8ct6NWV2IYp9MXgF2u1ulpJnu5hLFoQwA0geBPBYLLCXhPzwvAmsRpL5qPpC15 ktGlN+mVwCypcsyCj6hL1eTOkJ5HWYEDogo22aU272QDuNZlfknOVr/+aSYTa8DNcDxD WimA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3-v6si19088335pld.146.2018.08.15.15.15.49; Wed, 15 Aug 2018 15:16:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727709AbeHPBI7 (ORCPT + 99 others); Wed, 15 Aug 2018 21:08:59 -0400 Received: from mail.sembritzki.me ([5.45.101.249]:60852 "EHLO mail.sembritzki.me" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726957AbeHPBI7 (ORCPT ); Wed, 15 Aug 2018 21:08:59 -0400 Received: from [192.168.1.22] (xd52789ea.dyn.telefonica.de [213.39.137.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.sembritzki.me (Postfix) with ESMTPSA id BE194A7ABA; Thu, 16 Aug 2018 00:14:51 +0200 (CEST) Subject: Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot To: Vivek Goyal Cc: James Bottomley , Linus Torvalds , David Howells , Thomas Gleixner , Ingo Molnar , Peter Anvin , the arch/x86 maintainers , Linux Kernel Mailing List , Dave Young , Baoquan He , Justin Forbes , Peter Jones , Matthew Garrett References: <654fbafb-69da-cd9a-b176-7b03401e71c5@sembritzki.me> <20180815174247.GB29541@redhat.com> <20180815185812.GC29541@redhat.com> <20180815194932.GD29541@redhat.com> <1ca6772b-46e0-9d93-0e15-7cf73a0b7b3f@sembritzki.me> <1534367597.4049.21.camel@HansenPartnership.com> <2872b945-60e7-b5d1-1f20-1ae6ecfd3967@sembritzki.me> <20180815215718.GB15952@redhat.com> From: Yannik Sembritzki Openpgp: preference=signencrypt Autocrypt: addr=yannik@sembritzki.me; prefer-encrypt=mutual; keydata= xsFNBFLQZToBEADD7mghnzDjt9mG5rD4QG1vNuqbSnqkr9j8ONNdAnSP5fAYHDWqVVGWMxJF Sc7qu5Z1GUd5l0jvd+pM9oWoIFkcr6a9ZjsYZLTe+YN612KLSpqdEbssKQlembHFzX8qOzr5 bta/g5VtZmzf22HynDwNF8hfIzrfdE0PZUCEtIfwE7aeg8JBb0yHz2Gknd90s3DRcx9Ba4Zl GmB4hYqzpNQedZU0W8Tp/ISI2osQIc81qxur4XF23jfYVOygE3pxkAMB5y0goATeGE5JSCll 6i7XXHN/Qbh7+8u/ZFbNTVONy3VrA+/1AXx41zDUrbc7v11F/+vN5vZcDjlFXc8cR1kwPV5P xGTtdDfJ6Ko0lN+8xoe3CLhnzQRPtZAvulKxiVknILl6l8yI8zwKXJxqzcg/d34PQMs1UxYY 2FW0j+tXSUHRpGUFpBUO44tLUWdTz3+lscEAYnnHSFpl9N5ExaUtfO+P7uIoY56lhd/zkuSw zudsv5qNMHLTH9k4gM9Gofp0jXGRc4Swumt/hF3BzmvvwMASci4kkFVgk4sxLlp+xzj51Oc+ WFIRSRkcx6xyWZKWeFcaPGd6+E0IR+7hkL2lQPta8+ypnn8AhYH2h17OiXOjs4ACLkZdoA+j JiPv6r+kWdLw3NNKDrdWewVfscSRooAZqm4+45u8VnbMuqgxfwARAQABzShZYW5uaWsgU2Vt YnJpdHpraSA8eWFubmlrQHNlbWJyaXR6a2kubWU+wsGWBBMBAgBAAhsjBwsJCAcDAgEGFQgC CQoLBBYCAwECHgECF4AWIQRni0pjVV8jkbaA6/4plgq9sKUg5QUCWgjAyQUJCRmPDwAKCRAp lgq9sKUg5RzMEACw1nDkJ2tM/VP0TWmcCD243CyqyxMA50M2JDhoh+Vlnwev7VBX+/mr9AgP EQKjDha3/cXXvWm5ve/LDJ+SjmijGuUsCLhuiymOxfFXZ3F9f6f8/kwgXhmcVHE91iY+ikAa G+di05rrHjQVKPNGTApVjsXyY4RC53mSZcu1MSQkq34zhZdYHAnQOHD5k4D3AINgQKQ4BIY1 AEnAWXuxOFITF2F2BWDm8GyQaF1Z9kDgyQUairXl6fyM5xnUC/rIeT52Cj5Q7S3czFwYX9dg QK+3yg45aZOapc+MOEDIlwEyHBv2vTLGb4EcbtD4iKB9yhbIjt9c9aFKcCDS/bTWT0HA23CF irM9zPOP+217XK3aXfsQ+nTOkWaLtSvakmSg4Pg+tLitd89cSMWM69DjecT30h7aNtUKZljR G+gShD/2oz9gUQkLOAmSqhhOwebHnux4WhLhFaWGOI71+6yUkqQ3+RCl9VTxDZ7Fta7lgrBv K30sNA9xsWEzgFCOj6/sxBRLPg35PpKGAqCRkDsbJviq/C4FBAKdJVZx6+yR2B7WA7WdYkZo OvvxitOAh5AuR9yjk5g2iv99umVpfA3giNiKo1peaqIsEXWjEr5GJciGTRrK79NXkWrW0dLr vertgg9/6yu2Fu9ufqhAdXhWD1lvGnpkb1gGGJCBXi2vn0zUec7BTQRS0GU6ARAAtN27We2e 01W1AsFolLDJOVcmze9AT2KWYn9RmvKHMQjfx4TH8i2U63jBRjWU4imlC+rmFHyeV4S4DVEf IV4xztsc8bsVuwtvyL8oTiUcXvJaeHgk5zyExorDeHE3ho7VJHmrxGSM6am9jD1Hprl9hJJ3 8JISlAG8kSm/0vRpJulv4MbKNYldRlqPjklcLnn3VUtR+mQKFWlEVrIBxwjv2mV9u34w0n37 DuuvkeEXp0et2gm9kwiWWFb/MaTx7uagJCEiZKABSZyHaDNqNohs9zNva4BxTemC9liXkpWV JTLsGD8Fls2GsxMzeUTUOLjWQmaWTFnXGl9uso+xZfyLUdI/bCk5TowSbwdl2LgbMWPQ6dHC uT62gNJyzYZispENGJVrclts5NfTZtxbYPFqtq7Zg65R8DiR/97kErA9+RKa6eJxIDGrZl0L 1ZUsvKMtqZmr32Uilma89rvzK6Xb2LEg3sdvIU1k6XBotVQwVpUEnEyW7zDj3yR6lybCOCZC NWz7ydfD8yYcVcpaUFpe9fGR9/ogu7guXPDEB9oVmkPA4UzXT8djV01+4bn2wCq2qrDwihpc Z+wE1CjGdlcyTPKIWqTVKZBeOJZ6QQdQ4Mf/EFGtk+Al8k/V9Wf8jskaScpoq2to9OUxXi3x ednXTOffXTn/jHBeFrAgHIHzxl0AEQEAAcLBfAQYAQIAJgIbDBYhBGeLSmNVXyORtoDr/imW Cr2wpSDlBQJaCMDMBQkJGY8SAAoJECmWCr2wpSDltkcQALvt01s8+bWJky9vK+Bforkjo9kN xlx+P4iYQ4O1GC3l7beZgBn6XCHXgv4fxPjY8bcTBamD9EKPgd3L2qMneAuR8quBlT1+/7Ys PiNmWjDSGjk9pJ+civRLwmrrEfOS2h5vBK87afuXxVriwpKxTRn//vzfsCT7E0W5BcmlvjT1 rMdPaESGKURSlhmMHN/+UfMpEzBdz2Xk52F5FL8vAX3aL4hCpw0VANq07ZujTFD9wsQ1KbOu kTGWoS2HPZy4Fkna9LWyvq6Hsi2oOV2sdMthpDlp6n+sWzJAQbgVde+BGGyzOzPYcm1a4Yo5 XAbVTkBmRHlLDM0ODi+aL/T4ecgPRfWiKt+iwiph7SvvQVVeB60JV6y48+VHnM6y0jHr70rz 4EP3uVthtKTeAs4jrPrayXVOuDfFp9m8WsefoXy/llWe9F/2PPXAQbrNeLPQxyhCkNpmbqCd pz34mj88o+7V4BsiU+q6nqs9bsU/9Oc6d6fsaXpzMUMXKJxKndlSAnyjbdsw+WLYlT1VrmMK QM0ulk0PSn8u1L2TNLx+3nhY+IfGuWZqD7xXmI7ujh0UrqwIjMDd7+Ewfr2RdTrvtuSq5BYb U8vMWqT95t3jNocATQaWbKgHK9udONAFx1CZrLdHQFtEnrz+1illZG7oHaZyQBotCDrgu8QN YfNfIPB+ Message-ID: <1070be1f-1edf-a2cb-22d7-e39ee334b13e@sembritzki.me> Date: Thu, 16 Aug 2018 00:14:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180815215718.GB15952@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: de-DE Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15.08.2018 23:57, Vivek Goyal wrote: > Aha.., so that's your real problem. You are trying to load VirtualBox > module and that will not load even if you take ownership of platform > by adding your key and sign module with that key. > > So this patch still will not fix the problem you are facing. It is still > good to fix the case of kexec/kdump broken on Fedora on secureboot > machines. No, I wrote this patch specifically because because of the kexec issue and would like to seem them merged to fix exactly that :-) I only replied to the module signing discussion as there were some ongoing arguments with regard to that. IMO this is resolved with the patches by Mehmet Kayaalp mentioned by James anyway. Thanks Yannik