Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1002831imu; Wed, 16 Jan 2019 11:01:51 -0800 (PST) X-Google-Smtp-Source: ALg8bN53MHoIgWXTou2FH1M69jCSwMYFuI2PYTCOgJKjBssgs+H9Qz5BsHAnfoKBMOtC1H/fEuAX X-Received: by 2002:a17:902:209:: with SMTP id 9mr11579118plc.288.1547665311073; Wed, 16 Jan 2019 11:01:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547665311; cv=none; d=google.com; s=arc-20160816; b=Dwdq0D31aTP6V9fOKBdApUtqGU6owxg9Yz9NdJsCUK4MovtwEf3lTyUWplHkg7oBha HPWJXx94phtn++ZIv46iv0JG4tx37fL+5Wnv0I02xz6mQXxSjzw6YwNFrgBzuhztXlMU MPN7+JOEi2a+AOw2AqxR0kd6/WJrDLgKQUAAzE2e5/j3z1ttSgFRmSjx2yedLBqTieID ZnQ6b3rk7xER3Rnk1w4/JUp3qFSlORV0tCzpuAZQi4fQpUfENN0xHGfpXJM7bT7z5yLj kb0ei8Eg1aNvWddaH5o1fckg1I9k7gc+ILx7jDeiZzLHwiyaAmljkIvvCRRFoToOP0yT 2QgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=S5rMLwuf7XBJqEylXLyNLdGRqsZnc3MnjTHuUwtTx3g=; b=uUHculmeku1sfTzHWeX6jJ1dzyTMdrkSI5lG9WkTKOXwtmrPbC9YGBweGV/kzjlp9W AeuoWidHKMF1JCehMrrg00h8LJCLXMJh5zjy4WNjYVAfwVv5gpXpUCh8dl4zROqWW/dq 1+5trXASJizaT0Uo+rfxiBQIn0jtHAHX9P1WKlCNIBb+MGx+qdtp0xx/YyC1a7NLEM23 va2EVeebAG6nFxBPIxnfCPmtFP9e2oVaP2l5jILNRx6fAsaRQ3fcNh1or8UdjJu93qOZ Dm9QLImYyp/FdA32RZ2dGcUn3zeMd6QmfaT1F5JErrCKhsWJiszr5VX4jEiXA+vDc3g9 vDkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l129si7814866pfl.284.2019.01.16.11.01.34; Wed, 16 Jan 2019 11:01:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389521AbfAPKRd (ORCPT + 99 others); Wed, 16 Jan 2019 05:17:33 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50224 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732053AbfAPKRc (ORCPT ); Wed, 16 Jan 2019 05:17:32 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5AF296445E; Wed, 16 Jan 2019 10:17:31 +0000 (UTC) Received: from kasong-desktop-nay-redhat-com.nay.redhat.com (unknown [10.66.128.41]) by smtp.corp.redhat.com (Postfix) with ESMTP id 33E4D6107F; Wed, 16 Jan 2019 10:17:22 +0000 (UTC) From: Kairui Song To: linux-kernel@vger.kernel.org Cc: dhowells@redhat.com, dwmw2@infradead.org, jwboyer@fedoraproject.org, keyrings@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, bauerman@linux.ibm.com, ebiggers@google.com, nayna@linux.ibm.com, dyoung@redhat.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, Kairui Song Subject: [PATCH v3 0/2] let kexec_file_load use platform keyring to verify the kernel image Date: Wed, 16 Jan 2019 18:16:52 +0800 Message-Id: <20190116101654.7288-1-kasong@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 16 Jan 2019 10:17:32 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch series adds a .platform_trusted_keys in system_keyring as the reference to .platform keyring in integrity subsystem, when platform keyring is being initialized it will be updated. So other component could use this keyring as well. This patch series also let kexec_file_load use platform keyring as fall back if it failed to verify the image against secondary keyring, make it possible to load kernel signed by third part key if third party key is imported in the firmware. After this patch kexec_file_load will be able to verify a signed PE bzImage using keys in platform keyring. Tested in a VM with locally signed kernel with pesign and imported the cert to EFI's MokList variable. Kairui Song (2): integrity, KEYS: add a reference to platform keyring kexec, KEYS: Make use of platform keyring for signature verify Update from V2: - Use IS_ENABLED in kexec_file_load to judge if platform_trusted_keys should be used for verifying image as suggested by Mimi Zohar Update from V1: - Make platform_trusted_keys static, and update commit message as suggested by Mimi Zohar - Always check if platform keyring is initialized before use it Kairui Song (2): integrity, KEYS: add a reference to platform keyring kexec, KEYS: Make use of platform keyring for signature verify arch/x86/kernel/kexec-bzimage64.c | 13 ++++++++++--- certs/system_keyring.c | 22 +++++++++++++++++++++- include/keys/system_keyring.h | 5 +++++ include/linux/verification.h | 1 + security/integrity/digsig.c | 6 ++++++ 5 files changed, 43 insertions(+), 4 deletions(-) -- 2.20.1