Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp449880pxb; Tue, 15 Feb 2022 18:11:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJxtXwjOwGhJfRReCpCNql/4caQnvcstTSvEV6Cj/S9PM/hugRSJsBpKqqDWEnQdHJKTTvyC X-Received: by 2002:a50:c048:0:b0:410:a2e6:eb66 with SMTP id u8-20020a50c048000000b00410a2e6eb66mr719725edd.156.1644977466176; Tue, 15 Feb 2022 18:11:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644977466; cv=none; d=google.com; s=arc-20160816; b=Xp7LHBTSUzgBBp/RaKxh683e8l1zMy01OOufJEYuLntHpr+54hb1X6VhduwqMC2Uvt nduAulSqnryLnvovMIZfwFS/dh7htv3dTOZttTJxeefnelt0AU+9urtyGgVua+yyZ3lb 6sIevcpd4LX5Qjetz5IcnOWBmOiLn7IvxLHrk3rb7UufH47Yz8DupeXvwZkusRykIemQ 3uCQkQBakGB+oxHuJz1LNBZROOHC8yLjPIrFvW5JzepJ1TBsweowkvzXpf5IO+yU8AGb hxjcoGdFMBNMI3GN9x0c+oyUE7PA8/nVY1eFC1NzOTh3vgClLj/zDpOojuKs9VBrghe1 SmRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:from :dkim-signature:dkim-signature; bh=/Xag/tiYIWZjYv+wxtYhQ+mbygAAZdHDwq6nPQfuZzo=; b=SEy7mnqdTMntcfUSHgNBg+1hULoSSd7sEtoJnpGP2g+4pWd8dkQtQltI5/pfkGUjI5 hjau40au5vgMT8kNp9MOYNOBjMl7kuwsep9sDHBGEt9SmLlecFIO8lzHfmNEBJZmRjKL soIx68N8YobgTiAsGlkTPV4Ui0VHQ7n2LXO9PHWqRKP718A56cJQ+Ia+QOGPAj1kJvul yuxw9cBTaMvdi2nCALx8aS7kvYc7Y7voTN3pdoPxHPXM4Iv2+7l8po4nIhu+59dWKsmw lJpESUA4tG+wUq//ULQAsPSx3/2HsZmoPQW0OtbSsoCG+ZNdZxgDF9mkQPvtqmUJn2nr +9rg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@suse.de header.s=susede2_rsa header.b=Fjdwzsux; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=f86nJeBF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 7si21405587ejh.105.2022.02.15.18.10.43; Tue, 15 Feb 2022 18:11:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@suse.de header.s=susede2_rsa header.b=Fjdwzsux; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=f86nJeBF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243764AbiBOTk3 (ORCPT + 99 others); Tue, 15 Feb 2022 14:40:29 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:44740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243757AbiBOTk1 (ORCPT ); Tue, 15 Feb 2022 14:40:27 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12284DEB6; Tue, 15 Feb 2022 11:40:15 -0800 (PST) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 204E42112A; Tue, 15 Feb 2022 19:40:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1644954014; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Xag/tiYIWZjYv+wxtYhQ+mbygAAZdHDwq6nPQfuZzo=; b=Fjdwzsuxb9ZxQn/KzDhNEM1i3t8Jg1CLxu4AXw4xy8OCPM6Z5b7DevDOj5kfhMEGo+vRUD zjmIIjGVbOvcRnkjy1Mk5+oEZocOyZBi/e5u5l2CFNssckXTQOWkRfq5S13zn6LSQZnh6h NZU/J/MyJFptCBTVmv3F+NK+9ccFgvg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1644954014; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Xag/tiYIWZjYv+wxtYhQ+mbygAAZdHDwq6nPQfuZzo=; b=f86nJeBFiwa8nt/hv1OO6lAbHJRRZ7eOgXRZxhJhheKW1mRwObnmFtHwvqdvv9Uj/2QAF8 dSFa6e5gxSq2ZCCQ== Received: from kitsune.suse.cz (kitsune.suse.cz [10.100.12.127]) by relay2.suse.de (Postfix) with ESMTP id DD1BDA3B81; Tue, 15 Feb 2022 19:40:13 +0000 (UTC) From: Michal Suchanek Cc: Michal Suchanek , Catalin Marinas , Will Deacon , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Philipp Rudo , Baoquan He , Alexander Egorenkov , AKASHI Takahiro , James Morse , Dave Young , Mimi Zohar , Kairui Song , Martin Schwidefsky , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, kexec@lists.infradead.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, stable@kernel.org Subject: [PATCH 1/4] Fix arm64 kexec forbidding kernels signed with keys in the secondary keyring to boot Date: Tue, 15 Feb 2022 20:39:38 +0100 Message-Id: <83b3583f35c50c609739a8d857d14e8410293373.1644953683.git.msuchanek@suse.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org commit d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd. Fix this by passing VERIFY_USE_SECONDARY_KEYRING to verify_pefile_signature(). Cherry-picked from commit ea93102f3224 ("Fix kexec forbidding kernels signed with keys in the secondary keyring to boot") Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support") Cc: kexec@lists.infradead.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: stable@kernel.org Signed-off-by: Michal Suchanek --- arch/arm64/kernel/kexec_image.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..1fbf2ee7c005 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -133,7 +133,8 @@ static void *image_load(struct kimage *image, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG static int image_verify_sig(const char *kernel, unsigned long kernel_len) { - return verify_pefile_signature(kernel, kernel_len, NULL, + return verify_pefile_signature(kernel, kernel_len, + VERIFY_USE_SECONDARY_KEYRING, VERIFYING_KEXEC_PE_SIGNATURE); } #endif -- 2.31.1