Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1236968ybi;
        Fri, 21 Jun 2019 17:04:55 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwDzZ9iKDZRMrwGtWa8It5AUBY9UpU+mqw73ArfduK0wgclrC4hGYe+gwPZyK44No+NgESl
X-Received: by 2002:a17:90a:d34f:: with SMTP id i15mr9980267pjx.1.1561161895004;
        Fri, 21 Jun 2019 17:04:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561161894; cv=none;
        d=google.com; s=arc-20160816;
        b=lHOFz6S1QFzeHuIZolDphlQuoP503g453cuLy4IdPKU6pk+AyInUC858swjGi3rESJ
         Aqii+rkMlFGskEUjGOuwpOiRgXSF0xwHNMvEqnNLYPJcwuqfx7WY4HavZSN6tSTkzhkz
         zXzKM5hsLo0mqswR6CR9rVPotMi6WIhXwKM75Nup/tVWVoJW3iX9Z082ADdWbRe133Ky
         0D19Zofv49dO+GqDcgzjOZFI9rzsjFIeLD+udnyaCvGRV6AVerrD3JuodrobzBDCKfkF
         mRO5c6mAlQylOxKOTKho37LdcYMWQPX35DfiykpZ0lCrUinCfciGLoxWIa5p6oCY4gSd
         uLww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=YHpf3S+LawhmDVzX+FQxCcCkHwySWAOsiAjcN5bQy70=;
        b=sOAMiaNqdBSfFoIBdQ1jW3+6S+FFOI+xkJ+KZXKTdYSwV5FHsPH3TR/Hcs+APW3/If
         cINCHhRNsxVoVmO3f8WgfXboD+QyeOrU2PTzXILHc9HO/NMZHEry5u6rUUyg5Y6/z/xY
         C9f/UrDvqdoISWeWWzsj3uEpCO+6ns2I89pklsTTS7D+adILuxNntpT9c5fyA45zVgtr
         QEaETy8gk116Th4GEZrk2cbVwc54vB9PhR12nbyLZrUt28jjTurg6XMLvdZtZ8juR060
         ZEmZBw2qrGRjtUtDfjgWklHN2qezD+d9awdPlyZM0izWKvErTBPQGbMrKvqxKRHxIje9
         3tgQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=nnFBb4AQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b6si3781147pgq.465.2019.06.21.17.04.39;
        Fri, 21 Jun 2019 17:04:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=nnFBb4AQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726566AbfFVAEW (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Fri, 21 Jun 2019 20:04:22 -0400
Received: from mail-yb1-f201.google.com ([209.85.219.201]:40747 "EHLO
        mail-yb1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726549AbfFVAEU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Jun 2019 20:04:20 -0400
Received: by mail-yb1-f201.google.com with SMTP id w194so3738587ybe.7
        for <linux-kernel@vger.kernel.org>; Fri, 21 Jun 2019 17:04:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=YHpf3S+LawhmDVzX+FQxCcCkHwySWAOsiAjcN5bQy70=;
        b=nnFBb4AQ6PQC9WUZohXByCAVtnekWaVTdN6oouGZ//0ePIiRvSgodwVR27Dg3omm9o
         xkCtoeLK5m3KZWd7e/iGYtOVqbzDYsB4aZ2F5NPcB//sziR1TMMvpIkfSitcqbtkVVi5
         Nb0tvyoriuxSQMP59mzZTCUPGTMdwDQ3qAROu33b0VcrMw8db4r0brWAD662pfhdcBNz
         Uvcvkp6tM9NNnx559yhcxg577vi7s0VaGv0sSTuClodF7BRnOy4WFaaXk5L/Ok90YO6m
         TZHmORNhD0xEtJ9lXBO1YCLkH/3JYy2WUnNXtmOEQqwEGvOU46Ny5FQOUZI9Fel2PK0u
         d/rQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=YHpf3S+LawhmDVzX+FQxCcCkHwySWAOsiAjcN5bQy70=;
        b=UYeqm1sd4bKCpf0y39UjULZ7/rU1biNV4PGmvd3Z4LwCiPUEPCxULHXEtq/6t3JzYm
         CR42JPueqEp/R6ItpIpFvggNZQQBCIaEyJaLTsvnEF5ArwgNjyPmrVMa8OeqFkgtLhNu
         3CpF3Tvw3Q4DuwvWAYamSYBVJiq/CJp0w+HCVr+5XEn5MmAkWa7S6XmEq35pz3PdCkyl
         eVdcREOfn8tzjJaGz9JBVgzEDbFacERVanwe/tzjT9oYmH0kRVgS09KNg5518Im9q8OF
         lzRCXD4kw9dgjBc1J62nJkAdilX/4UAgjkyPKujVu/9fNI67X98EC7xZromLeFn5vYYZ
         H3vQ==
X-Gm-Message-State: APjAAAUuteVRXk1NNrIduXJb1Mn2cljbqpYa6Vc35Yh878tJVjk4WcD3
        JgUZcQordNWYLOaPjrEIbbWkH88w0GcmQ3w1wQ9Rcw==
X-Received: by 2002:a81:31c5:: with SMTP id x188mr62293902ywx.429.1561161859657;
 Fri, 21 Jun 2019 17:04:19 -0700 (PDT)
Date:   Fri, 21 Jun 2019 17:03:36 -0700
In-Reply-To: <20190622000358.19895-1-matthewgarrett@google.com>
Message-Id: <20190622000358.19895-8-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190622000358.19895-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog
Subject: [PATCH V34 07/29] Copy secure_boot flag in boot params across kexec reboot
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        Dave Young <dyoung@redhat.com>,
        David Howells <dhowells@redhat.com>,
        Matthew Garrett <mjg59@google.com>, kexec@lists.infradead.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Dave Young <dyoung@redhat.com>

Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load.  In this state, the system is missing the protections provided
by secure boot.

Adding a patch to fix this by retain the secure_boot flag in original
kernel.

secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub.  Fixing this issue by copying secure_boot flag across kexec reboot.

Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
cc: kexec@lists.infradead.org
---
 arch/x86/kernel/kexec-bzimage64.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
index 22f60dd26460..4243359ac509 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -182,6 +182,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr,
 	if (efi_enabled(EFI_OLD_MEMMAP))
 		return 0;
 
+	params->secure_boot = boot_params.secure_boot;
 	ei->efi_loader_signature = current_ei->efi_loader_signature;
 	ei->efi_systab = current_ei->efi_systab;
 	ei->efi_systab_hi = current_ei->efi_systab_hi;
-- 
2.22.0.410.gd8fdbe21b5-goog