Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2915067imu; Fri, 18 Jan 2019 01:21:16 -0800 (PST) X-Google-Smtp-Source: ALg8bN7kRvUX7oSvnuRpykMgoii7VmzcKIP7HM/fIlc6lz9h19lrKZ40po4SvveRzSHTssOSHF5O X-Received: by 2002:a63:194f:: with SMTP id 15mr17002884pgz.192.1547803276340; Fri, 18 Jan 2019 01:21:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547803276; cv=none; d=google.com; s=arc-20160816; b=vm6JyGkABddz6VJJ6fSTHbqI0iSB0EWGA5+pxeS51cP2IU0L+20llIjjqxd+YwOMAT V48owjuMd6xMJPycGkirl1fUGE7tT/F4QvQntTpM9DArEHUntA8RJqe4YHlGuE1jEexN gGORUaa+3uVxTQSsVKeHSN5f6qYQGsjl8Ct4MsyNuR7QlY6my9yLJXOVqkOMSgUF9Klh l5MhZR99aIqkQPbBXS0LNmfzh5hxiNMCrBWm5RyLWLBpg4UK8OZZuTp9DJN40MSbZ9as 6cABBUUmQ2P6C1kZ2oF66KTF1UOz/sPwpQzlchm4wreLq5c9oyBgriUffC8ViJrSOOTv 9Czg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=nbAj2Jr5FRRCh6eR6mNf38cL7krvv5eIRmU0OdkqC0o=; b=kjnehimK+4Vs3sdrUOt+rlOKGfXJ+Pzc7Q7Bde95h435WRfQm5OXbD8nxjxJmV08v0 MpxxiTdXqkOzekE1wF8oBpL28jCTSKu+VAQiGTI2lZ57raIJjg6vkXOr39Vo62uC0xjc 4y8q6i9lsZDmvRQndU9gAK5DpwBoiP8Bnlk0UE48BnSHjf3ehnVlSvp1SUsWRdmlp18M xSZkwhyAaqE+keEsKIesbEPKKO0zOVaEsNcMW36JMeZNtY0yIVurCkm96UGQ7tA7xiLP mVzgfBT+nTY7UrbRkcL4jiCKG9ozY76x5u2fJP17fCd9FnKIOy+pU9wDTG1j9Qhjtrex yuCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y10si3560925pgp.348.2019.01.18.01.21.01; Fri, 18 Jan 2019 01:21:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726983AbfARJTI (ORCPT + 99 others); Fri, 18 Jan 2019 04:19:08 -0500 Received: from mx1.redhat.com ([209.132.183.28]:57312 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725924AbfARJTH (ORCPT ); Fri, 18 Jan 2019 04:19:07 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9778AC0C115D; Fri, 18 Jan 2019 09:19:06 +0000 (UTC) Received: from kasong-desktop-nay-redhat-com.nay.redhat.com (unknown [10.66.128.41]) by smtp.corp.redhat.com (Postfix) with ESMTP id 54CA2600C0; Fri, 18 Jan 2019 09:18:58 +0000 (UTC) From: Kairui Song To: linux-kernel@vger.kernel.org Cc: dhowells@redhat.com, dwmw2@infradead.org, jwboyer@fedoraproject.org, keyrings@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, bauerman@linux.ibm.com, ebiggers@google.com, nayna@linux.ibm.com, dyoung@redhat.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, Kairui Song Subject: [PATCH v4 0/2] let kexec_file_load use platform keyring to verify the kernel image Date: Fri, 18 Jan 2019 17:17:31 +0800 Message-Id: <20190118091733.29940-1-kasong@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 18 Jan 2019 09:19:07 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch series adds a .platform_trusted_keys in system_keyring as the reference to .platform keyring in integrity subsystem, when platform keyring is being initialized it will be updated. So other component could use this keyring as well. This patch series also let kexec_file_load use platform keyring as fall back if it failed to verify the image against secondary keyring, make it possible to load kernel signed by keys provides by firmware. After this patch kexec_file_load will be able to verify a signed PE bzImage using keys in platform keyring. Tested in a VM with locally signed kernel with pesign and imported the cert to EFI's MokList variable. To test this patch series on latest kernel, you need to ensure this commit is applied as there is an regression bug in sanity_check_segment_list(): https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=993a110319a4a60aadbd02f6defdebe048f7773b Update from V3: - Tweak and simplify commit message as suggested by Mimi Zohar Update from V2: - Use IS_ENABLED in kexec_file_load to judge if platform_trusted_keys should be used for verifying image as suggested by Mimi Zohar Update from V1: - Make platform_trusted_keys static, and update commit message as suggested by Mimi Zohar - Always check if platform keyring is initialized before use it Kairui Song (2): integrity, KEYS: add a reference to platform keyring kexec, KEYS: Make use of platform keyring for signature verify arch/x86/kernel/kexec-bzimage64.c | 13 ++++++++++--- certs/system_keyring.c | 22 +++++++++++++++++++++- include/keys/system_keyring.h | 5 +++++ include/linux/verification.h | 1 + security/integrity/digsig.c | 6 ++++++ 5 files changed, 43 insertions(+), 4 deletions(-) -- 2.20.1