Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp3509645pxb;
        Sun, 26 Sep 2021 17:53:19 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxll3kdKfVx92ub6bBLsS7FL6DfjRtzS3klAyblLCOfKRAvFMFNV0OaSDcleR9+w41ZZZbV
X-Received: by 2002:a05:6402:142a:: with SMTP id c10mr15263534edx.106.1632703999091;
        Sun, 26 Sep 2021 17:53:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1632703999; cv=none;
        d=google.com; s=arc-20160816;
        b=gbAMDgEtCT8mDDn2C5p/CiDYpZiApVWsuwQ8qQb5QCiQ0fG88V+NeFhmbW01FMPisr
         m58Lq4EgAU1qub2oofkwNXnAMdcy4rogk+Wa+OQZKV66s+F4PVXVz3wHt/6dSlYHoct9
         YSxcYmQ7jF/nt7SCG8sGLBOtTWpe40upPRu/PGldQSNi+T9Q9BBVQkZhB7QqzFCKjdLX
         1/H1PQ+FqyS2MY3uTmQ+uGY0DbXd0NO1jAhhD1mI/wUp5v0cQVcP0f/yPHjx/RqBkn7j
         WESSZD4f/GgIhot8iQBCFKkghgjxY3x3kg2eRAYGJCmGrRxNik76e6KWufDfSkI2kzI3
         iDjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=wRlSrRWN8ZeQosEp+WXYy+zsVZFnR5I4rS0SZN/3GUk=;
        b=X87+2YrjCOuFwpYOJrRnirjPIYR/kwqGCOiDmh9YkBWIEiNIc4wE0I0xYxUh9HydB7
         +2xH9dCAw8vzvu6sxrpEh2ucfJ9kXl1vMhIdUd7C94Cxbc3TwGLAvUdL4UXOX5H5IbWk
         wvGQWykAjrQByWs+n3cr8MW/puR3Q9woYJmALrxg9C+FxEK1wEsDjnBrJKXGIkB86EvN
         08qUQMTJezzBZEoLGf5KPMVH4tJ/EyHfuCbwX5oR/OfTNsxTR4ihme8xGbErqazXtGoJ
         dOU4bz1q/vilZyf5dNm1uMwrzPplnBhhab6XWY5kZ1Jfn++jmzz4uMmcpuXgeGSbLH/W
         cyGA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=SRoWUSJ1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e8si21267624edm.144.2021.09.26.17.52.56;
        Sun, 26 Sep 2021 17:53:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=SRoWUSJ1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232326AbhI0Awv (ORCPT <rfc822;lonelydragon1988@gmail.com>
        + 99 others); Sun, 26 Sep 2021 20:52:51 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43018 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232304AbhI0Aws (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 26 Sep 2021 20:52:48 -0400
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7ECE9C061570
        for <linux-kernel@vger.kernel.org>; Sun, 26 Sep 2021 17:51:11 -0700 (PDT)
Received: by mail-pj1-x102a.google.com with SMTP id d4-20020a17090ad98400b0019ece228690so2414597pjv.5
        for <linux-kernel@vger.kernel.org>; Sun, 26 Sep 2021 17:51:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=wRlSrRWN8ZeQosEp+WXYy+zsVZFnR5I4rS0SZN/3GUk=;
        b=SRoWUSJ1fjtUuizmYMmEwXSiT3KtKaU+3ub480ffovEAog18NdgJLFYjPWywXncKwT
         3aDhNli7LfWuJB9JvntfTb2dDRJlrq+wFbsD7liqiSYAwLt4GzyD0dT9oK1zdv0G82fA
         IoUD7d5Ua5jm+ECKkMlPQI1lRbWEzbeBaAfa0IKQDG75BvSsLIlBbYG0BJAJhiYcJ6t7
         DwLAeosqhgHNcCxHkJl+Jzc0Prxp0lXrF4Ng7h9wZ7wm3IRxCiv3e+J+EPAxZnHXNwGl
         e5JLBdP1hPD+MQ5ZZpCQKojybJY+2FXGHu9GeLhAWLw4RGScyi7l9ps/csobjfQEcL1C
         4omA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=wRlSrRWN8ZeQosEp+WXYy+zsVZFnR5I4rS0SZN/3GUk=;
        b=mnRJ5mzQPFEpi671nNglx8JMh9kMe87GCUByLh6blRZ5lcvMWqYfdXfXclLF/iSkMM
         7Ykb9GaRtz75sqsdHWnxFZd4hO2y3vJRcfM+9JEn7E9rItjgn4l+BJK0tKC5r8STElPt
         eWh7SfBQVZt9T5c1QrNR3DZhdJM5lcQvl0DwFW9hBVtmNpuH+ScQKRrneW0Vvfhse6MP
         lAd0EH4Fi8NuArOfeaY+CBm6O2uCbcDom3aifbnRw3c+040xretXRt1scZGTTvDi5FuS
         xOQElNvIabF4/B8/6R3xSK/ZdZd/8E6BnF5RAwwxBXsmcQk6+gT0w3243M6ebCEG+o6j
         5ubw==
X-Gm-Message-State: AOAM531nGATm2DUfcA1XDf8spS4GCb96e4ocScCW847TfZGK49Nu+Qpw
        9Qrl197wiT0ZALVoA3RpON7MkmCbCoLTNg==
X-Received: by 2002:a17:90a:514e:: with SMTP id k14mr16790467pjm.154.1632703871119;
        Sun, 26 Sep 2021 17:51:11 -0700 (PDT)
Received: from localhost ([209.132.188.80])
        by smtp.gmail.com with ESMTPSA id h16sm13980124pjt.30.2021.09.26.17.51.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 26 Sep 2021 17:51:10 -0700 (PDT)
From:   Coiby Xu <coiby.xu@gmail.com>
To:     kexec@lists.infradead.org
Cc:     linux-arm-kernel@lists.infradead.org, Coiby Xu <coxu@redhat.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        linux-kernel@vger.kernel.org (open list)
Subject: [PATCH 2/2] arm64: kexec_file: use more system keyrings to verify kernel image signature
Date:   Mon, 27 Sep 2021 08:50:04 +0800
Message-Id: <20210927005004.36367-3-coiby.xu@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210927005004.36367-1-coiby.xu@gmail.com>
References: <20210927005004.36367-1-coiby.xu@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Coiby Xu <coxu@redhat.com>

This allows to verify arm64 kernel image signature using not only
.builtin_trusted_keys but also .secondary_trusted_keys and .platform keyring.

Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
---
 arch/arm64/kernel/kexec_image.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c
index 9ec34690e255..2357ee2f229a 100644
--- a/arch/arm64/kernel/kexec_image.c
+++ b/arch/arm64/kernel/kexec_image.c
@@ -14,7 +14,6 @@
 #include <linux/kexec.h>
 #include <linux/pe.h>
 #include <linux/string.h>
-#include <linux/verification.h>
 #include <asm/byteorder.h>
 #include <asm/cpufeature.h>
 #include <asm/image.h>
@@ -133,8 +132,7 @@ static void *image_load(struct kimage *image,
 #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
 static int image_verify_sig(const char *kernel, unsigned long kernel_len)
 {
-	return verify_pefile_signature(kernel, kernel_len, NULL,
-				       VERIFYING_KEXEC_PE_SIGNATURE);
+	return arch_kexec_kernel_verify_pe_sig(kernel, kernel_len);
 }
 #endif
 
-- 
2.33.0