Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4544013img;
        Tue, 26 Mar 2019 11:29:13 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyhuER40bk/TKuQsTH/B37EZLw7oyZ+qHhMOqFhHGEJ40un+20taI4/tjjuXMdT2zPUVCo0
X-Received: by 2002:a17:902:f094:: with SMTP id go20mr9824934plb.159.1553624952928;
        Tue, 26 Mar 2019 11:29:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553624952; cv=none;
        d=google.com; s=arc-20160816;
        b=JR64RHvq3Jl2UMZ5UoMCGq3PZYA8+MdexouNXQNPKFbAkgyIhlzA7VIzhpIVNHGlSI
         BF4pNcwuwxsxZuJmLRe0fugBoayepgSUp8Fk1paI6r+6WGS2RQ/zcracppg5WAogZCnO
         bG+2mOdZe0Orr7a1wDU1MH3T86U1CYv1cIIE2dkkoc/ja+fPwQsjtjZsL2luFJJKPln2
         +uPkzL0lWzOHOGFcIXLx/ewIZhP6MUAqNsB2ABI4Qi/qIMcHR8WV0plCQTkdrMgXvz+9
         +x5s/CrLwkUZzA8Ug1oWIyQC3LFy+X/U8qlPCBZdcGx6hWXJueEz+Tf9U6rSf0+/r/+G
         n/zQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=ZxYq8cG2sFhGgbw0k3aUDfwIzpbQidarvZYq7w9bkW0=;
        b=y+u/nHhZBYQJlBuiMRiMH7ijCAKicLjzqaAA0E4PSVTPU80kB3eQxExOOVMDHOobaK
         i5JDozsd5CXbIpoGOoE10CEX3lmev8CyG8nPGkmsLX0oZDtdqmbdnrVhpNHHph8rxUXX
         PDjhboOShKliOVRYqIlsPopd6F0qH6JigAmsEnuc05YLpVOcBtvKLUCovW2D+XzrabcJ
         iHtK6a997yVTfOi8mRa/Ia69mwaGk8ncgAjrcAs6B34BapqKH1JLYHXNDXnS8ALt9igE
         ju2z7Ik/Vi5KKTeC0zg9AXE7oN0IjZUv3jLKPac8WC9LWTE5741MtMNBXCwcq3YgdRhW
         118A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=XKxuTIw9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s5si257334plr.307.2019.03.26.11.28.57;
        Tue, 26 Mar 2019 11:29:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=XKxuTIw9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732621AbfCZS2J (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Tue, 26 Mar 2019 14:28:09 -0400
Received: from mail-vk1-f202.google.com ([209.85.221.202]:41719 "EHLO
        mail-vk1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732610AbfCZS2J (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Mar 2019 14:28:09 -0400
Received: by mail-vk1-f202.google.com with SMTP id g9so5836366vke.8
        for <linux-kernel@vger.kernel.org>; Tue, 26 Mar 2019 11:28:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=ZxYq8cG2sFhGgbw0k3aUDfwIzpbQidarvZYq7w9bkW0=;
        b=XKxuTIw96/3+PO2e8Ya9M0C6H/BRKjbA7yCgb6ScDY71OKQu5O1qKynqYWdRZD1PkT
         6X/9B1zYux3mu1aFjig8XS7q3DMLwHqMmXUvoGtAgZTiVqAXOPlB39jvB0b2LcsukNoL
         pPWqayoIdW9Nge+E83siRCq3NRELl3ui1CHNEgvGTxCphitA1+OlZJQrBFj2IxpBsuI7
         OqL6q+lDn6kFhRlnMVUGjoMx6N8teAVHCUvVXD+VM8jpkzW3SOP0RUjD2LSxBoRDE4M5
         OP99Uwtyx2pNjnZ+DqkkO4GZpT9A9MLxfN2L8AWVWnyv+Fsq/32fW8wpw4Kzu4Khwxel
         8K+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=ZxYq8cG2sFhGgbw0k3aUDfwIzpbQidarvZYq7w9bkW0=;
        b=QB3FE3Q1NkmRyNl8I01q4Ka3T1dAGgoad8JMFjR64hf3b2bObonLKMb/Mdu8Q9E7R+
         OfJ0chCfJZetHuX7YD5BS0yw2Kk/V3hwXQeWanikOX2oHTZmZzk93Z5Iiz/gJ+FS+Q76
         +VIy58kM77g1LIUKEj6sC1Jpvkq0gXxFLLGJmtnU/TYzoeNVfo4JKJa6n0scqJw2AfNL
         uKTSo9pNZg23Xqn8npHBd0VdRaUEnQ7+U/un7tZiJzJqDBrMRH6BEbRuCPxgIHAJE/CX
         ox6viZ7bg4Nw7JHfdGvBxwsV286EVYkH8pjqRM7WkIxSoauk4D6vELw/u2kk2ymF7Poz
         LzWA==
X-Gm-Message-State: APjAAAVepL+DkG7NoJK/S+Lh+l5bdaigOepEvI3DrprXtJyxFM3sH9nX
        VDl5C4Zy5at8Kx7ayoVPbvhFQ+pgEkx6aEpLdiEffA==
X-Received: by 2002:a67:f3c3:: with SMTP id j3mr10831580vsn.206.1553624888095;
 Tue, 26 Mar 2019 11:28:08 -0700 (PDT)
Date:   Tue, 26 Mar 2019 11:27:21 -0700
In-Reply-To: <20190326182742.16950-1-matthewgarrett@google.com>
Message-Id: <20190326182742.16950-6-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190326182742.16950-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog
Subject: [PATCH V31 05/25] Copy secure_boot flag in boot params across kexec reboot
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, dhowells@redhat.com,
        linux-api@vger.kernel.org, luto@kernel.org,
        Dave Young <dyoung@redhat.com>,
        Matthew Garrett <mjg59@google.com>, kexec@lists.infradead.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Dave Young <dyoung@redhat.com>

Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load.  In this state, the system is missing the protections provided
by secure boot.

Adding a patch to fix this by retain the secure_boot flag in original
kernel.

secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub.  Fixing this issue by copying secure_boot flag across kexec reboot.

Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
cc: kexec@lists.infradead.org
---
 arch/x86/kernel/kexec-bzimage64.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
index 278cd07228dd..d49554b948fd 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -179,6 +179,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr,
 	if (efi_enabled(EFI_OLD_MEMMAP))
 		return 0;
 
+	params->secure_boot = boot_params.secure_boot;
 	ei->efi_loader_signature = current_ei->efi_loader_signature;
 	ei->efi_systab = current_ei->efi_systab;
 	ei->efi_systab_hi = current_ei->efi_systab_hi;
-- 
2.21.0.392.gf8f6787159e-goog