Received: by 2002:a05:6512:3d0e:0:0:0:0 with SMTP id d14csp15981lfv; Tue, 12 Apr 2022 15:22:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqpYr5/g74RNZ85D1y4s996daTb6cYjN6U0k2C78n4lpf+AfR0AMuwyF2v/OtuykWsqoHA X-Received: by 2002:a17:902:d4c4:b0:158:4bd9:349b with SMTP id o4-20020a170902d4c400b001584bd9349bmr16041278plg.38.1649802150572; Tue, 12 Apr 2022 15:22:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649802150; cv=none; d=google.com; s=arc-20160816; b=vOZ0FMyFQuSXIa6sVwIQc9DERO5jQsSLG6TiS2wRmt8QJ9SFngVa01O/CEDi9ng9k8 WJo85PAtZHW5+GV+hEQv0MEf1dIh7/9Bx86dwKK7wXL0JQ3lyX+8AwpDfwsswo4au6B2 8wm2/ncxoE1FyOU9CgsrjQFidKpdsfzqBlpZIBysA7saE1MFNTKqPUXLu7p/n9ncNoAW 6OCtZ3udp3j7s3F7T9wH3Zxkeo14lOQT4mYy8kuySYA6mH7cYmbMv1l3W+iXTZuoasrk Qu8e+dsm5waHhmCnI9RlIR+gEtf+/kMTuVn5NTtP1dCrHbMg3cL9mpuPTmIf01TYWlTZ x/mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:dkim-signature; bh=z3DynAgenAnKaL+njjN/VfMLQujLKBaeaS8Zr6cqcsY=; b=BYvBj6XQ6CQ+NlSIwW+wxPy4rzMmvepHdCOeyNI8/HvQxHLpfJqWKV6EJNvIFessdj 0LM4F3TFv+4w1oXSXEGTCvmL89CG28bp1tAEBzaNUOGFYv4ilZa7oApmpIluRfTfXRFZ WMG4nrnM5zOfe49+tp/4aGqokFHzXYPKKTIzpeeS2XBmumKqV5qs4wiGKnP3K1+VmuWy UkbQEQsLNcPin96gKqq+qK/Dh7wjiUHfOnHhFQS6vZpbj/UZkY4G5nqzGwXw0E9Ru5as vDB+Xn8yQm7UuoI/ugM9qN1mClbqptYovZrpOVfj9HyBRxB6EboW63WAas2jjeqHpJ5d 9i6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=F3S6Cs0j; dkim=neutral (no key) header.i=@suse.de header.b=Z63FYo3O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id o23-20020a63fb17000000b0039d74ad4055si4096784pgh.760.2022.04.12.15.22.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 15:22:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=F3S6Cs0j; dkim=neutral (no key) header.i=@suse.de header.b=Z63FYo3O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 59DDB1788C9; Tue, 12 Apr 2022 14:03:12 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245386AbiDKI4b (ORCPT + 99 others); Mon, 11 Apr 2022 04:56:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343958AbiDKI43 (ORCPT ); Mon, 11 Apr 2022 04:56:29 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD87CDD for ; Mon, 11 Apr 2022 01:54:14 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 8D963210E5; Mon, 11 Apr 2022 08:54:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1649667253; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=z3DynAgenAnKaL+njjN/VfMLQujLKBaeaS8Zr6cqcsY=; b=F3S6Cs0jvF2qE/dmCLrwah/1u8VOjvexN9lhICmWPnOG4elSNPAPkFsyYtvR3TRYBflgYg 9+tJpbdI6SYLCmwC3FL1fOd2nT9uOlkX8XF6EG0hijuee3qse63BbYIaQpWCa1zoXQ01nK NTikNrWe1m0NvgA/ixDC3B3d73q1D1E= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1649667253; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=z3DynAgenAnKaL+njjN/VfMLQujLKBaeaS8Zr6cqcsY=; b=Z63FYo3ONTeO4T2tikzY1J7ttYxVpibHVDtl4E7hScgrL8ARUH9W2o9h66/5nnCYYZDKJb aHj4cdT+i8kjwdCA== Received: from kunlun.suse.cz (unknown [10.100.128.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 14937A3BFE; Mon, 11 Apr 2022 08:54:13 +0000 (UTC) Date: Mon, 11 Apr 2022 10:54:11 +0200 From: Michal =?iso-8859-1?Q?Such=E1nek?= To: Coiby Xu Cc: kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org, Baoquan He , Dave Young , Will Deacon , "Eric W . Biederman" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" Subject: Re: [PATCH v5 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic Message-ID: <20220411085411.GZ163591@kunlun.suse.cz> References: <20220401013118.348084-1-coxu@redhat.com> <20220401013118.348084-3-coxu@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220401013118.348084-3-coxu@redhat.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 01, 2022 at 09:31:17AM +0800, Coiby Xu wrote: > The code in bzImage64_verify_sig could make use of system keyrings s/could make/makes/ > including .buitin_trusted_keys, .secondary_trusted_keys and .platform > keyring to verify signed kernel image as PE file. Make it generic so > both x86_64 and arm64 can use it. > > Signed-off-by: Coiby Xu > --- > arch/x86/kernel/kexec-bzimage64.c | 13 +------------ > include/linux/kexec.h | 7 +++++++ > kernel/kexec_file.c | 17 +++++++++++++++++ > 3 files changed, 25 insertions(+), 12 deletions(-) > > diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c > index 170d0fd68b1f..f73aab3fde33 100644 > --- a/arch/x86/kernel/kexec-bzimage64.c > +++ b/arch/x86/kernel/kexec-bzimage64.c > @@ -17,7 +17,6 @@ > #include > #include > #include > -#include > > #include > #include > @@ -531,17 +530,7 @@ static int bzImage64_cleanup(void *loader_data) > #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG > static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) > { > - int ret; > - > - ret = verify_pefile_signature(kernel, kernel_len, > - VERIFY_USE_SECONDARY_KEYRING, > - VERIFYING_KEXEC_PE_SIGNATURE); > - if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { > - ret = verify_pefile_signature(kernel, kernel_len, > - VERIFY_USE_PLATFORM_KEYRING, > - VERIFYING_KEXEC_PE_SIGNATURE); > - } > - return ret; > + return kexec_kernel_verify_pe_sig(kernel, kernel_len); > } Maybe you can completely eliminate bzImage64_verify_sig and directly assign kexec_kernel_verify_pe_sig to the fops? Other than that Reviewed-by: Michal Suchanek > #endif > > diff --git a/include/linux/kexec.h b/include/linux/kexec.h > index 755fed183224..2fe39e946988 100644 > --- a/include/linux/kexec.h > +++ b/include/linux/kexec.h > @@ -19,6 +19,7 @@ > #include > > #include > +#include > > #ifdef CONFIG_KEXEC_CORE > #include > @@ -196,6 +197,12 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi, > const Elf_Shdr *relsec, > const Elf_Shdr *symtab); > int arch_kimage_file_post_load_cleanup(struct kimage *image); > +#ifdef CONFIG_KEXEC_SIG > +#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION > +int kexec_kernel_verify_pe_sig(const char *kernel, > + unsigned long kernel_len); > +#endif > +#endif > int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf); > > extern int kexec_add_buffer(struct kexec_buf *kbuf); > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > index 3720435807eb..754885b96aab 100644 > --- a/kernel/kexec_file.c > +++ b/kernel/kexec_file.c > @@ -165,6 +165,23 @@ void kimage_file_post_load_cleanup(struct kimage *image) > } > > #ifdef CONFIG_KEXEC_SIG > +#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION > +int kexec_kernel_verify_pe_sig(const char *kernel, unsigned long kernel_len) > +{ > + int ret; > + > + ret = verify_pefile_signature(kernel, kernel_len, > + VERIFY_USE_SECONDARY_KEYRING, > + VERIFYING_KEXEC_PE_SIGNATURE); > + if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { > + ret = verify_pefile_signature(kernel, kernel_len, > + VERIFY_USE_PLATFORM_KEYRING, > + VERIFYING_KEXEC_PE_SIGNATURE); > + } > + return ret; > +} > +#endif > + > static int kexec_image_verify_sig(struct kimage *image, void *buf, > unsigned long buf_len) > { > -- > 2.34.1 >