Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6038094imu; Mon, 21 Jan 2019 02:01:32 -0800 (PST) X-Google-Smtp-Source: ALg8bN43ltuX+F6zIQogPe7el2vQ1zXoRqXys8x+bvzjBBUy7yqNDoMl5VNToLUJFxhKZ8jJ1nvJ X-Received: by 2002:a62:9419:: with SMTP id m25mr30331703pfe.147.1548064892177; Mon, 21 Jan 2019 02:01:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548064892; cv=none; d=google.com; s=arc-20160816; b=cYmHz9ZZh8HRAyLPa37j5+Pza3i0o2Pp3zVBLRy+MQ+TapCeMyxOVTA3wHDTX5cNko 7+RdgG6c3H16Qza7pDPQQyBtUxw/JHywpZFdiYLOh7LGrjy/fZPuAGpEdFbAsT7WtdIT ezI/am46MVZVVxXQtQIDEFVLt3+W3lLhYDdJ5lsSjo00j7uRT08EwA3pC+711Ela84Pc allr7fRH9y7x/6mbL97a2By9k09uD3l4ozXrSsMjuhFIw4nqrnrjOaZTM3CZLr/dQv1P w23gRgFJGgWMbd+4fQHdNSM0y6i9+x806X4d42Ocadp0vke2ISgLwQkDGgt9XIYutj5C tYdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=pX1M4BH/lNsGgQ2UiecqlQ2Ux7gktQD87VVdjRA8eks=; b=IKmAvyHmV60vjh96Vr0QEp5kRFQxBdB9S+iKjDrg8bPBASpKdbUhB7hZS4nIf3tKXH NqdMfkjBcM/sqCr8WNv9V2h1TlzW2kCnkdekVMD/8YXSbmXbdn+WMr6ZxqAREDzCuvEJ HZbs9Ii/M0SEJbDhJQSLjCic21HnXl0hSs0IG+5uLjji0SGpq55mmxI82KAE2wzAOdwX ybQYuhTXnOfqBx7ADlITFJ/dtZaTFNXYxaMj0QyuhH6u8eI/DRtDLQrxbip5aCuY+1BL Rf1HxNEopg/AybDcHn4IPVxcTIPcfaWxHsdpEEN2XJ0d+BY8AYyjhy37Xk9Weene4PQ6 yymg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3si5911223pgs.8.2019.01.21.02.01.16; Mon, 21 Jan 2019 02:01:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727995AbfAUKAH (ORCPT + 99 others); Mon, 21 Jan 2019 05:00:07 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42810 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725977AbfAUKAH (ORCPT ); Mon, 21 Jan 2019 05:00:07 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 444D9811DE; Mon, 21 Jan 2019 10:00:04 +0000 (UTC) Received: from kasong-desktop-nay-redhat-com.nay.redhat.com (unknown [10.66.128.41]) by smtp.corp.redhat.com (Postfix) with ESMTP id 006D260123; Mon, 21 Jan 2019 09:59:55 +0000 (UTC) From: Kairui Song To: linux-kernel@vger.kernel.org Cc: dhowells@redhat.com, dwmw2@infradead.org, jwboyer@fedoraproject.org, keyrings@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, bauerman@linux.ibm.com, ebiggers@google.com, nayna@linux.ibm.com, dyoung@redhat.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, Kairui Song Subject: [PATCH v5 0/2] let kexec_file_load use platform keyring to verify the kernel image Date: Mon, 21 Jan 2019 17:59:27 +0800 Message-Id: <20190121095929.26915-1-kasong@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 21 Jan 2019 10:00:06 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch series adds a .platform_trusted_keys in system_keyring as the reference to .platform keyring in integrity subsystem, when platform keyring is being initialized it will be updated, so it will be accessable for verifying PE signed kernel image. This patch series let kexec_file_load use platform keyring as fall back if it failed to verify the image against secondary keyring, so the actually PE signature verify process will use keys provides by firmware. After this patch kexec_file_load will be able to verify a signed PE bzImage using keys in platform keyring. Tested in a VM with locally signed kernel with pesign and imported the cert to EFI's MokList variable. To test this patch series on latest kernel, you need to ensure this commit is applied as there is an regression bug in sanity_check_segment_list(): https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=993a110319a4a60aadbd02f6defdebe048f7773b Update from V4: - Drop ifdef in security/integrity/digsig.c to make code clearer - Fix a potential issue, set_platform_trusted_keys should not be called when keyring initialization failed Update from V3: - Tweak and simplify commit message as suggested by Mimi Zohar Update from V2: - Use IS_ENABLED in kexec_file_load to judge if platform_trusted_keys should be used for verifying image as suggested by Mimi Zohar Update from V1: - Make platform_trusted_keys static, and update commit message as suggested by Mimi Zohar - Always check if platform keyring is initialized before use it Kairui Song (2): integrity, KEYS: add a reference to platform keyring kexec, KEYS: Make use of platform keyring for signature verify arch/x86/kernel/kexec-bzimage64.c | 13 ++++++++++--- certs/system_keyring.c | 22 +++++++++++++++++++++- include/keys/system_keyring.h | 9 +++++++++ include/linux/verification.h | 1 + security/integrity/digsig.c | 3 +++ 5 files changed, 44 insertions(+), 4 deletions(-) -- 2.20.1