Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp949630imu; Mon, 5 Nov 2018 11:15:25 -0800 (PST) X-Google-Smtp-Source: AJdET5f+ZyhJ1FtyEQMyzqCz1SdGbS6uytKeUZ8r2EQbx87/KksYMEwS4WgGtBip3lVz1qCyZ1W4 X-Received: by 2002:a17:902:31a4:: with SMTP id x33-v6mr19061919plb.105.1541445325162; Mon, 05 Nov 2018 11:15:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541445325; cv=none; d=google.com; s=arc-20160816; b=H4EpW0v26PGypbtcOZxLAA9ALAUeX7X9aF71hFlQdy8YasEEAeUOAveRROpiicORJS raiPHuY5mLNRsFn9HpDHofXj6I4M+fmsRbN92pOIxVQncn2s/t8QWhEUeBNoigqz/nVz pdjFMUAIqh/poiMBNwTQzbSxQcyQX6ZTtCBoGA13gLjGt3n16s6dNEXZHvga+5/nigwi tpdEWlTbxfCg0M64tAb+kGKfphuGifRwhLezzORff2twlmcjzWp0tU/g5mFVQqvRZBFp /xzpXZoVM+MRsZ89iGDYCnVafqvenZNrUJ6e+zc8/ItpflLPerHD4YyZOqfkJBUe1eXX 9U+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=IZnWVjgh+r1IbD81wlrwZxXe9WdHN1e3MpPXEAup0nc=; b=hJLUovfUZ7Jfp6QK3AfgE596pi9ZKrlmK7evdTYrUztTKuy9pDvb9dxBA5LJ6f370S txIYK/iXOl26B2AkhbMJsPYi9fTALx2MdtQneMz5K16Bwzi5x5pmLuC/JXuZ80W8Cg9V BYndOHCf+83n1j6bDGuX9RDqbt7AMbKFUqa7mQFZjwFRZyKWcNcUXHAC6vnWGzisOVaV 0A4IrTZessMbUBvkIhDBn/1+0sj2V2KsMlESGXagTvA44Qog4U4fjiOCddUYWysHxPIC dePS5PeuGQiJVAbMZpF7UrnBwbe8z0GQFUswbz0IYHntOVsIWJzKvLuGy67HlC3YO5Cf +WSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=odG5f5cM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u34si938326pgk.24.2018.11.05.11.15.09; Mon, 05 Nov 2018 11:15:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=odG5f5cM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388024AbeKFEef (ORCPT + 99 others); Mon, 5 Nov 2018 23:34:35 -0500 Received: from mail-qk1-f195.google.com ([209.85.222.195]:38427 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387441AbeKFEef (ORCPT ); Mon, 5 Nov 2018 23:34:35 -0500 Received: by mail-qk1-f195.google.com with SMTP id d19so16805544qkg.5 for ; Mon, 05 Nov 2018 11:13:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IZnWVjgh+r1IbD81wlrwZxXe9WdHN1e3MpPXEAup0nc=; b=odG5f5cMI3FkUo50hOsKuTPzKJkvgAt0ffJQZAV2k3QirKsBC8DblSIBzFIRySR7ER /JaS2v43Zv9byEX6siIOQllRiT2svJyKznMmdWKYB9I9cgVgmr6sI4DD96lVpK6qf3aS chB0zPsz32tKY+0YetWY805RF7WELlrUlfJzBwrg0R9jjz2WbgIpcuZYYqkSeV4YpLtr /5uSPe8SX8HfBwnZ9qL8n8MokDsUnPWCpRu/fIM0YrTKd8DnW6/HLHIFwt3Q59DmEMIl r8/wVnj62/xSFnjuQJn8q7bLP6+E3xPgoES8Y92FpRAATD66CW0FK7YE8UtqQVyE+a5l /w8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IZnWVjgh+r1IbD81wlrwZxXe9WdHN1e3MpPXEAup0nc=; b=EIzM+VZlfhMG2GcMKLY6aUQlCfUG2q584LCi7zD7OxuIHKefoxsv5jgCmTdtFK6lTf ELhPwraOhExcHdRVpv+TwIdsPgJlbrxnJmu45T8mAUqmI3h3P13NdJTZc/DwgkxrwAo6 9cpp9Oq8be0kZ8oZ0dAU9QFckKN5hrBOyF3D7oAviPMHv1z6/Qs8EkyDwjb3DkOpCnQw KSiebKutgMrQ/HJMV0Z3xCd9x2n6VMdfzbeVSpyhb5DgT17Kf3V2+esijjJMV4S8Y5XN 3R3gXrhDtaspowTNGevTNFmQUJ9kCRHc6cA1LGe8TEW8XJNrrlAqXo9yGg9TyFDDdKXI 7AmQ== X-Gm-Message-State: AGRZ1gJCwZSsrwmgzoxA2gkv47ilWbobGFobhd8SJTzmmk0ON4e1b47N hDMycxBdmd5VxxcVHWiypj5+RPcJI22B0uf52K4jKg== X-Received: by 2002:a0c:bfd4:: with SMTP id u20mr22888889qvj.113.1541445208601; Mon, 05 Nov 2018 11:13:28 -0800 (PST) MIME-Version: 1.0 References: <20181022222614.41016-1-mikewu@google.com> <20181031093619.24n53lfeink3qsk6@linux-8ccs> In-Reply-To: <20181031093619.24n53lfeink3qsk6@linux-8ccs> From: Ke Wu Date: Mon, 5 Nov 2018 11:13:17 -0800 Message-ID: Subject: Re: [PATCH] modsign: use all trusted keys to verify module signature To: jeyu@kernel.org Cc: dhowells@redhat.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I'm wondering if there is any update for the patch. Thanks! On Wed, Oct 31, 2018 at 2:36 AM Jessica Yu wrote: > > +++ Ke Wu [22/10/18 15:26 -0700]: > >Make mod_verify_sig to use all trusted keys. This allows keys in > >secondary_trusted_keys to be used to verify PKCS#7 signature on a > >kernel module. > > > >Signed-off-by: Ke Wu > > Thanks for the ping, I had missed this patch. > > David, could I get an ACK please? > > Thanks! > > Jessica > > >--- > > kernel/module_signing.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > >diff --git a/kernel/module_signing.c b/kernel/module_signing.c > >index f2075ce8e4b3..a8b923ba1a39 100644 > >--- a/kernel/module_signing.c > >+++ b/kernel/module_signing.c > >@@ -83,6 +83,6 @@ int mod_verify_sig(const void *mod, struct load_info *info) > > } > > > > return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, > >- NULL, VERIFYING_MODULE_SIGNATURE, > >+ (void *)1UL, VERIFYING_MODULE_SIGNATURE, > > NULL, NULL); > > } > >-- > >2.19.1.568.g152ad8e336-goog > > -- Ke Wu | Software Engineer | mikewu@google.com | Google Inc.