Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp811666ybm;
        Wed, 27 May 2020 08:35:00 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzk+IsA9iiS7RwFbVc4G/q4RiM3JWzATRASrQFXHDRvCfQpe6YC09bNmpSvG7yGgU9Wm2EM
X-Received: by 2002:a50:d490:: with SMTP id s16mr23620204edi.242.1590593700658;
        Wed, 27 May 2020 08:35:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1590593700; cv=none;
        d=google.com; s=arc-20160816;
        b=sv8SZm5lHZKfTMHNEdvdJsGYJheGxwX1BRIWcn8aQB88Yo5gxqSo7vie9fnL8+qMLB
         m1c3lCxY0eL+WbJI3TTgNcZiPlJ7NEzdEvsoo8HgXgHX6bk9O+0bYeEZ/7TCQHLtETcF
         /r6JD14vh88WRy0lQE63T129R8BMCFnJZPcJMxZY89oetxxRzbwWd5uhgfwbXZHHoPKG
         jGN2WEdYfSajrq+fB8rsDycaAw9ePVO0uiB8OWTtSvWwS3vi/rQRK8q4MwSXHm83d+vA
         g4GfFMzoRjNlKTbKC7cXdyjreRXcnZmH+7FuetmUp79HYX43llaY7ys+AzwTUEiEbrsh
         +dZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=ccF9fUXuhrwj0PmoJVWK4QbHWPnY2OR/Xk266wuwd5M=;
        b=D7+I9puu9Hr+p7jLZNLHQns87ORBOVljKB1ow1zu/HVd+T1kF2xAmLLDHbWKtVR7Zy
         xQiwnFA2G4eD3YECTHhKMxTbixkWzTlEHmNdkANviy8pcAEGU9X8qAyglMPLAza9bG1D
         esVt1sS8/PZWScLAVHsYRnRtP6aNBAc0FlQ544hVy3UKvzv7jk57KwN1leloHmm+KFWW
         VhnQhwzr/KJOEmbWrMxK4Xfeo6bp9OHPg0O+BiFSmUQ5FRwqTwqC8GgXISV5EbA2sk+0
         xs8ATS7UNuZ4BQiVQiewQHP3ndZ+KT+rtiaGcDuio7iXSFs/0xtNdL1HsONZSEyyespo
         V2eg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e12si1906208edy.210.2020.05.27.08.34.37;
        Wed, 27 May 2020 08:35:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387931AbgE0KQW (ORCPT <rfc822;epopevad@gmail.com> + 99 others);
        Wed, 27 May 2020 06:16:22 -0400
Received: from mx2.suse.de ([195.135.220.15]:35324 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2387899AbgE0KQV (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 May 2020 06:16:21 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 27984ABC7;
        Wed, 27 May 2020 10:16:22 +0000 (UTC)
Date:   Wed, 27 May 2020 12:16:18 +0200
From:   Jiri Bohac <jbohac@suse.cz>
To:     lijiang <lijiang@redhat.com>
Cc:     linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
        ebiederm@xmission.com, jmorris@namei.org, mjg59@google.com,
        dyoung@redhat.com, bhe@redhat.com
Subject: Re: [PATCH] kexec: Do not verify the signature without the lockdown
 or mandatory signature
Message-ID: <20200527101618.jgbxbk5ooiaett43@dwarf.suse.cz>
References: <20200525052351.24134-1-lijiang@redhat.com>
 <20200526135935.ffkfulsjf7xrep63@dwarf.suse.cz>
 <07a65a70-3764-f62f-705c-049b8d409316@redhat.com>
 <4da44e94-a839-2033-29d2-90bebd4ee1e2@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4da44e94-a839-2033-29d2-90bebd4ee1e2@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 27, 2020 at 12:08:12PM +0800, lijiang wrote:
> Or the following change looks better? What's your opinion?
> 
> static int
> kimage_validate_signature(struct kimage *image)
> {
>         int ret;
> 
>         ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
>                                            image->kernel_buf_len);
>         if (ret) {
> 
>                 if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
>                         pr_notice("Enforced kernel signature verification failed (%d).\n", ret);
>                         return ret;
>                 }
> 
>                 /*
>                  * If IMA is guaranteed to appraise a signature on the kexec
>                  * image, permit it even if the kernel is otherwise locked
>                  * down.
>                  */
>                 if (!ima_appraise_signature(READING_KEXEC_IMAGE) &&
>                     security_locked_down(LOCKDOWN_KEXEC))
>                         return -EPERM;
> 
>                 pr_debug("kernel signature verification failed (%d).\n", ret);
>         }
> 
>         return 0;
> }

Looks good to me, thanks!

-- 
Jiri Bohac <jbohac@suse.cz>
SUSE Labs, Prague, Czechia