Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp440524ybm; Tue, 26 May 2020 22:24:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzq4sDF+DaB9MeI0AtNAnbT6lxtiU9Mn9YfGypyAv8EG0UKuFVng7x0840MjijyClmKi/CD X-Received: by 2002:aa7:d1ce:: with SMTP id g14mr21966118edp.146.1590557070071; Tue, 26 May 2020 22:24:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590557070; cv=none; d=google.com; s=arc-20160816; b=WVRct1SAUmAvqH9gShdy70C/ZrURGFCYVOOB8fc3GYSzUmfLRrJHsT2Ym5/hwfpIs2 2Vp/QFRj7vDjTjIRSdoiQj9xw8p32zAICuqdJmZCtBxGZAnXil6/jAGql07jYiBAkri+ L1ys5rmz7NnN8M9nnkpf92U6X+bT5d/XJFmtL0KV7vcG2QsZNf1t5XQhSY/6jiR7Jp6g uhsOWyp0JugvjRaz947DxBTxbvZPpdKLg8I29QerqrQr6G62+jjq0UPQI/v8lOs4S7cp lHmxkB465zAalkJgc/bP4hxBroQo1UWBf52A6q4tngcrmCwFdzwttKNjNdPrWPXZxwS9 tuyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=D/U30jq60+l+qSoKQaysERZKm3+QDoP2KNzgEBqE3b8=; b=a6LYV5RDZrlSr5MvbstHaIRMqK1J8vLuUbeD8JRy84iETfeSFh5CWCy6Rqy/vHwGRx kGbUA7CnF1jDLH0oJLXWF9zcWGu8qskh5FUvMCtTdOrYscmSEcp415w8aAUT9Z/wCMhW IJPOeEbGovWiiVn+NaEkNaNIOWahk1jj7rNRw6D79TKvDb7FMLriMJgMHr9djLmnu8sC l0SnwXKNRPO+xhGo8/qe9B+IayptWnhIb+gKPqnz24gLmIjUMqfL/eiRmKtWFXwkuR04 /i7RruLRrDJkjBmXnjqL5OBMAx9QLrZH7TppOwwI94G2hIEaE09fPOM8jTz5Oxl/B7UN Lsmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=O05Q0HMd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u21si1017653edx.269.2020.05.26.22.24.06; Tue, 26 May 2020 22:24:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=O05Q0HMd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728474AbgE0DQG (ORCPT + 99 others); Tue, 26 May 2020 23:16:06 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:53518 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725893AbgE0DQG (ORCPT ); Tue, 26 May 2020 23:16:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590549364; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=D/U30jq60+l+qSoKQaysERZKm3+QDoP2KNzgEBqE3b8=; b=O05Q0HMdncPqAo5ZQD7XVR5LYJr8MYBVSPLZ/JMexyBNpYUqwBbrAroywGyzA3aXeHzRBC +JtWXIZ0/0c2jdSxWzYDAmVHU+XWif/bkE9YDhFe9VeQ/IkqTxmmZ5hAdpYx0c1s05s7dH BYlDlKdJ821gqFNlt0nwUh+kqVry8Qk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-370-kriTgT6fMYigScKrfzBEzQ-1; Tue, 26 May 2020 23:16:01 -0400 X-MC-Unique: kriTgT6fMYigScKrfzBEzQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5331F835B42; Wed, 27 May 2020 03:16:00 +0000 (UTC) Received: from [10.72.12.206] (ovpn-12-206.pek2.redhat.com [10.72.12.206]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C941F5C1B0; Wed, 27 May 2020 03:15:53 +0000 (UTC) Subject: Re: [PATCH] kexec: Do not verify the signature without the lockdown or mandatory signature To: Jiri Bohac Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org, ebiederm@xmission.com, jmorris@namei.org, mjg59@google.com, dyoung@redhat.com, bhe@redhat.com References: <20200525052351.24134-1-lijiang@redhat.com> <20200526135935.ffkfulsjf7xrep63@dwarf.suse.cz> From: lijiang Message-ID: <07a65a70-3764-f62f-705c-049b8d409316@redhat.com> Date: Wed, 27 May 2020 11:15:49 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20200526135935.ffkfulsjf7xrep63@dwarf.suse.cz> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2020年05月26日 21:59, Jiri Bohac 写道: > On Mon, May 25, 2020 at 01:23:51PM +0800, Lianbo Jiang wrote: >> So, here, let's simplify the logic to improve code readability. If the >> KEXEC_SIG_FORCE enabled or kexec lockdown enabled, signature verification >> is mandated. Otherwise, we lift the bar for any kernel image. > > I agree completely; in fact that was my intention when > introducing the code, but I got overruled about the return codes: > https://lore.kernel.org/lkml/20180119125425.l72meyyc2qtrriwe@dwarf.suse.cz/ > > I like this simplification very much, except this part: > >> + if (ret) { >> + pr_debug("kernel signature verification failed (%d).\n", ret); > > ... > >> - pr_notice("kernel signature verification failed (%d).\n", ret); > > I think the log level should stay at most PR_NOTICE when the > verification failure results in rejecting the kernel. Perhaps > even lower. > Thank you for the comment, Jiri Bohac. I like the idea of staying at most PR_NOTICE, but the pr_notice() will output some messages that kernel could want to ignore, such as the case you mentioned below. > In case verification is not enforced and the failure is > ignored, KERN_DEBUG seems reasonable. > Yes, good understanding. It seems that the pr_debug() is still a good option here? Any other thoughts? Thanks. Lianbo > Regards, >