Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp198323ybs; Tue, 26 May 2020 07:07:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw+Vo+djcxar7BSB0B8Z0IGzhZBPv01w0T2k+BI1+twM7C/cSeLskspGsaOhCE8QvmS+3q5 X-Received: by 2002:aa7:c5c8:: with SMTP id h8mr19381954eds.222.1590502051058; Tue, 26 May 2020 07:07:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590502051; cv=none; d=google.com; s=arc-20160816; b=SSOtRX0QlymbawGQU1icCbKHAzZgOdfexhQiAYi4YzkoZ81sA5f6WOsv31Y9GDx03U XVKeMlKIPKpCYaFcYt8qWdpmMlzG3JjwPjTCV0a9bWGm1GRfElHoB9WP1yrVugCvkb2Z aUbl/CuvnU1Y09uG611/Hcfvl9pkYVPpENYZEvrxl5DZrKDGuvQ0/3+bKinZK/H4gNrO yXDHxFeWJ12w6zSq23P55R5txt9UOQQ7geLiOkF8QaRVoyuaOLRUMcvfRSO7YKmjLHyn OW4hIw2a4C+Pv0ttbhAtguQE3TJddLn2z0yHNpEuUlcg8rbNbsr9IHE/Mk0Esb+1RxUD UVxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=YKryIEn0k6YbvNUUw5PyJhbxKhAqoYC723QvGpuQWIM=; b=IPnTfF1cYmiqMIia1Yh3ec83E0uI/UsUmx8TQ3dnMnm+72h9P60qwfLY2Y37a5lKJx bWec2e3xXgmpxJMGnK/TNQoTpG8IQBSRTiLYNUc8/KyiVpj4tgVohFwBgPFBb83AIsBt fQpKiJBga0ufR2zFO9D9J/Z6+I0JaPyeRy1Mf/FGtcxD/a8bhuQOylV9sZg2ILbH3vjk E56gTPMmOQ5799c73VFJox8LYPu0qjLy+uaLTLKNAGlnxsq09Zy4FA8ucTygGxrlyikK xfUqeYqRB+2UQJrQtBKDrsq32NNy4a7352jdWeYvtqlKDD/P0d9HNgQ5IBrwbHhZF45g gNdQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c4si9627365ejb.189.2020.05.26.07.07.07; Tue, 26 May 2020 07:07:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731761AbgEZN7i (ORCPT + 99 others); Tue, 26 May 2020 09:59:38 -0400 Received: from mx2.suse.de ([195.135.220.15]:60692 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728558AbgEZN7i (ORCPT ); Tue, 26 May 2020 09:59:38 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 3935DAD83; Tue, 26 May 2020 13:59:39 +0000 (UTC) Date: Tue, 26 May 2020 15:59:35 +0200 From: Jiri Bohac To: Lianbo Jiang Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org, ebiederm@xmission.com, jmorris@namei.org, mjg59@google.com, dyoung@redhat.com, bhe@redhat.com Subject: Re: [PATCH] kexec: Do not verify the signature without the lockdown or mandatory signature Message-ID: <20200526135935.ffkfulsjf7xrep63@dwarf.suse.cz> References: <20200525052351.24134-1-lijiang@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200525052351.24134-1-lijiang@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 25, 2020 at 01:23:51PM +0800, Lianbo Jiang wrote: > So, here, let's simplify the logic to improve code readability. If the > KEXEC_SIG_FORCE enabled or kexec lockdown enabled, signature verification > is mandated. Otherwise, we lift the bar for any kernel image. I agree completely; in fact that was my intention when introducing the code, but I got overruled about the return codes: https://lore.kernel.org/lkml/20180119125425.l72meyyc2qtrriwe@dwarf.suse.cz/ I like this simplification very much, except this part: > + if (ret) { > + pr_debug("kernel signature verification failed (%d).\n", ret); ... > - pr_notice("kernel signature verification failed (%d).\n", ret); I think the log level should stay at most PR_NOTICE when the verification failure results in rejecting the kernel. Perhaps even lower. In case verification is not enforced and the failure is ignored, KERN_DEBUG seems reasonable. Regards, -- Jiri Bohac SUSE Labs, Prague, Czechia