Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp485313pxb; Wed, 3 Nov 2021 07:28:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzM4iievR19dEA2LD2EWAUggAzzHiU2Uoq8SrW9u1hWvw9I+wjQfy8ZTo3kKWPvMf1k+6IU X-Received: by 2002:a05:6602:3350:: with SMTP id c16mr3107100ioz.43.1635949704091; Wed, 03 Nov 2021 07:28:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635949704; cv=none; d=google.com; s=arc-20160816; b=Ow1k5ssoOltkI/BQONwvVNLFh8IEXaHXwZqwz6YIRxKkucIomHX7mzOX7XPOYes80N W3NJIRpzA+Yo6/nVuXym/vHWSs+1wyhY223DOJ0sbh7JFnHm7h5LLXCXk6Ss082rxYst j4lWBvBIZL4ipa7RDq8M5i06RtfVongMCnXE+5rkFRAK62KbmQverO8VJ16lIRNZZP/H NMIFqFgCVV6hIyFgUv+vewA73MjPVVDtvfzEsr6nPck9XM5B7Bluk+rAoE1Gq6prLrAy Qvr2eUFwPXHnZWkAzIHy2HMPqDNTwHG921VqmavQEK/SDtEkkLgHlcmKvRTy6A/5dixe 9HXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-signature; bh=Dog1kS0Nm8BT5xToDrdeBUJVtPUNFmm5wWj5SRd7+2I=; b=K7eH5rnpiw6+IOGoBc9hCT41FfnMOdOKCIGZO2KufXjuLQz9LymBvyYJYhTEkCqXcH n9dWPstSFJaYVBuZDKBKH4WvlVUBFrLubyrbu5k/P7v3ReA5KxtUAhlNwzsMozBjX2Gg y8rZv0rrtLaT3Cbv/TJYNF5CbPcoOUJLPxMBgtupzm00Ni/GYhytKi9MjmFN6FLMJwaP hhjm5WeR312HtkgpEA25spC9VqwCHVk/mxZdwVTZDC+v24KwjsG4C0sGSmGkpSRV0GOU FNw+EAByQv9Ji+rh7wkm0cFBnfJiysh6oUC1mEo64BzqFJnZ6SYEaGhp5nH+4D+H2Uws 3HrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=BORuspiw; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=FTgDDkPG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v13si5217701ilu.63.2021.11.03.07.28.11; Wed, 03 Nov 2021 07:28:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=BORuspiw; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=FTgDDkPG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232004AbhKCO3u (ORCPT + 99 others); Wed, 3 Nov 2021 10:29:50 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:56740 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230527AbhKCO3t (ORCPT ); Wed, 3 Nov 2021 10:29:49 -0400 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 6FCE5218D9; Wed, 3 Nov 2021 14:27:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1635949632; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Dog1kS0Nm8BT5xToDrdeBUJVtPUNFmm5wWj5SRd7+2I=; b=BORuspiw5Z2g1pJmzhS/Mn/w26i3SRVFn4yIidQgmvBEwaNrAoDYRkIsdA1J7ZtN8oUtx8 /m/9RbtrEeXQNjK/UZyI0IkzAkQWSeNrBkGMWK3WLWwzXhx80V04K9Q+i1p/2b8Bc5IJu7 aTVOKIZI7QIiWwdudr4Z694kUKcYpiU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1635949632; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Dog1kS0Nm8BT5xToDrdeBUJVtPUNFmm5wWj5SRd7+2I=; b=FTgDDkPGlsImvWmFW+/Zw3OfT/3JwHgMG85BIekvkJkkoZVThpg3GQtPj8HmbLxg9F/bCi t/ooTeugcRuWZkDw== Received: from kitsune.suse.cz (kitsune.suse.cz [10.100.12.127]) by relay2.suse.de (Postfix) with ESMTP id 3C1A9A3B84; Wed, 3 Nov 2021 14:27:11 +0000 (UTC) From: Michal Suchanek To: keyrings@vger.kernel.org Cc: Michal Suchanek , Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Alexander Gordeev , David Howells , Luis Chamberlain , Jessica Yu , Rob Herring , Lakshmi Ramasubramanian , Thiago Jung Bauermann , Hari Bathini , Frank van der Linden , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org Subject: [PATCH 0/3] KEXEC_SIG with appended signature Date: Wed, 3 Nov 2021 15:27:05 +0100 Message-Id: X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org S390 uses appended signature for kernel but implements the check separately from module loader. Support for secure boot on powerpc with appended signature is planned - grub patches submitted upstream but not yet merged. This is an attempt at unified appended signature verification. Thanks Michal Michal Suchanek (3): s390/kexec_file: Don't opencode appended signature verification. module: strip the signature marker in the verification function. powerpc/kexec_file: Add KEXEC_SIG support. arch/powerpc/Kconfig | 11 +++++++ arch/powerpc/kexec/elf_64.c | 14 +++++++++ arch/s390/kernel/machine_kexec_file.c | 42 +++------------------------ include/linux/verification.h | 3 ++ kernel/module-internal.h | 2 -- kernel/module.c | 11 +++---- kernel/module_signing.c | 32 ++++++++++++++------ 7 files changed, 59 insertions(+), 56 deletions(-) -- 2.31.1