Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp5825067imd; Wed, 31 Oct 2018 02:37:32 -0700 (PDT) X-Google-Smtp-Source: AJdET5eqkFufWUTGWaW1QQAmCo+FQF9m9fnsesQsuIAETbpFxPUjyKfTwyZeN7CH0hiyLEuiw6fT X-Received: by 2002:a17:902:9f83:: with SMTP id g3-v6mr2606560plq.27.1540978652712; Wed, 31 Oct 2018 02:37:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540978652; cv=none; d=google.com; s=arc-20160816; b=MjJI0e5P4W7TmRQkQFzQ0CUSiHS5EBiqFLBbNvAS8vbBrlAUHqS8dF2cgN/FqY69Zu cepV49TpMVBowp7cFZEfdjoyon2o4ts3auXzr/EHDirI4BPlq4ZtuHEt4ViKO87yy6W5 lSNSOHOwOyKADII3YOeZJt4CXzm6MQrwyAJelW91oc4jhOuosp3kPjV3EAbrQvzM1+6k WYODnGBBjKKIw9JysbDcxYBqqH3GAvArHsM1W+DilqychGX+PoRD8S1LS6JNeBobmOj2 J6pBUL7VHOJ1a+H+EhBDNfrsTjkg2j3+b1Dj0pTHRHEdDXgD/VZ6sS270yC187kaxc13 31sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=RUOLcFyOhGniDKUMLMHTYCIQYY08OfIOWeRK6VScvvA=; b=E108MChXUosNxjCrNeGyU1OW3z/0g3hhtd8Ce0FkQpkYHfhsY+bdq5r5I/S7FoaHlH HQkcP90xQbrSerJBe+JE3w1R3pZAEkJZrW5x+K7owJUWqR+IDUWvmpi4QZ3CLu5AW1qJ kTyII4umreCLABDkT+Clpn27QCfKLEz994Fssyx9uRR9rkaTQ9Y7nIV3MvtF705ooKXI MGgvqNhQWxgPVVzSYdurKG5HNg5QQxWSvGJP7UugharTJbtSUpeopKaVpS+YL8+5Hclh R3zbp8kLskOK+2mC6EigPOgRT9zw+IQcUs6YOzWBfjasX9IVgx4WAu1PXDmK/NNFZsdt KTPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MwE1FG2L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q13-v6si25401791pgq.526.2018.10.31.02.37.17; Wed, 31 Oct 2018 02:37:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MwE1FG2L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727963AbeJaSdn (ORCPT + 99 others); Wed, 31 Oct 2018 14:33:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:48878 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727436AbeJaSdn (ORCPT ); Wed, 31 Oct 2018 14:33:43 -0400 Received: from linux-8ccs (charybdis-ext.suse.de [195.135.221.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5017720821; Wed, 31 Oct 2018 09:36:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1540978582; bh=PYler+rAWyH0W0qkyr5hZotNA98+xj4xT61RZhdqpuU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=MwE1FG2L3/0Q9yD6LZXX+uCRmUNhJdYO0Gd+tNuDAxYp+TBrLP2IzYHoS8Q5WMH3F PcCNa57kyWga/kQtASAHdLukToEykCBIbv/W3wWelAkcxXOvWH8fsF8ZQJ3+8TJ+R3 JF1Dl2T+a72ohcTe5Qe1LBuJDOogAgSqmRxe8QC4= Date: Wed, 31 Oct 2018 10:36:19 +0100 From: Jessica Yu To: Ke Wu Cc: David Howells , linux-kernel@vger.kernel.org Subject: Re: [PATCH] modsign: use all trusted keys to verify module signature Message-ID: <20181031093619.24n53lfeink3qsk6@linux-8ccs> References: <20181022222614.41016-1-mikewu@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20181022222614.41016-1-mikewu@google.com> X-OS: Linux linux-8ccs 4.12.14-lp150.12.16-default x86_64 User-Agent: NeoMutt/20170912 (1.9.0) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Ke Wu [22/10/18 15:26 -0700]: >Make mod_verify_sig to use all trusted keys. This allows keys in >secondary_trusted_keys to be used to verify PKCS#7 signature on a >kernel module. > >Signed-off-by: Ke Wu Thanks for the ping, I had missed this patch. David, could I get an ACK please? Thanks! Jessica >--- > kernel/module_signing.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/kernel/module_signing.c b/kernel/module_signing.c >index f2075ce8e4b3..a8b923ba1a39 100644 >--- a/kernel/module_signing.c >+++ b/kernel/module_signing.c >@@ -83,6 +83,6 @@ int mod_verify_sig(const void *mod, struct load_info *info) > } > > return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, >- NULL, VERIFYING_MODULE_SIGNATURE, >+ (void *)1UL, VERIFYING_MODULE_SIGNATURE, > NULL, NULL); > } >-- >2.19.1.568.g152ad8e336-goog >