Received: by 2002:a19:f614:0:0:0:0:0 with SMTP id x20csp63944lfe; Fri, 15 Apr 2022 19:41:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyPQbVnbw4DhawCc8t4pkxY+eWNTgg8zU2RTXVFioZB5SMhRj+JKDCXo3MeBbX7wUjG+vmx X-Received: by 2002:a17:902:8698:b0:158:99d4:6256 with SMTP id g24-20020a170902869800b0015899d46256mr1866118plo.104.1650076895373; Fri, 15 Apr 2022 19:41:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650076895; cv=none; d=google.com; s=arc-20160816; b=QJuu53jaGqZyf/v/qDATMdT+bdUgK+1xwECZw/99xg9GVtJE6aAQx1+AeyKoTTzuoA 72CZjf63ySQl4LUEwsZxT96RXc+3lpn+2FgOb7Z3puV+DeoASk7h+C4VF2XO1msT8+JM 8GYKPPy8gblEBvHDD7TBLPi73VgYKC1sQgcK6UEhqQrfOJGMpVyuy4cgEq8gMLJTx1/5 lCipyoUdaw1h/Em9qd1UDfvLmyVzjtBnTaZSbJRv9JPDHWG/hutR1UMkMWcn0/Cqa4kC hzt9kv05e+NmTZ019FYKbZp0aleCZP7ZQVqrymGS4Ck8+r0rAyAF779tv3nXwQspUZYg cpZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=LbIFt/hLvdmgH3emaym9nt7Eav8nywDFZBlv3s8K7FA=; b=mMe/Vr0plzFU+PmVNeLwU5nzKn1bjhQZKDxK38TS8WS8n+TkEW9vkc9NK2a4LS7URj 2q651Impquy24lBUaUfDTsrQfRTHZQeoglZEGIspDoVS0esezps+KObOAHkaKRYP+4gH MkV4rlWJJTGDbkrI20oJLZo9e6wI5CJW/VGbd0lTikxSnF6wX2GG5qD+PN5XL34YwW2k fCh/pF9Q3qircsBbE5ZyiEubLtUUBwD6gVyO1VAXo0Lj8NoouNFGSAgFVYS+x5YtFGYW gKeDB8ciS0BQatvK5/01/rOwdB20RMT9EIh+q+Jn8gkDYh4zTYtvY9n7jqaFCwfx+L02 j3Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=B0U81MKW; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id u190-20020a6279c7000000b00505fa6023fasi2934017pfc.154.2022.04.15.19.41.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Apr 2022 19:41:35 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=B0U81MKW; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9B08F1834F1; Fri, 15 Apr 2022 18:48:47 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229972AbiDNBwp (ORCPT + 99 others); Wed, 13 Apr 2022 21:52:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239541AbiDNBwj (ORCPT ); Wed, 13 Apr 2022 21:52:39 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 927BA220FD for ; Wed, 13 Apr 2022 18:50:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1649901015; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LbIFt/hLvdmgH3emaym9nt7Eav8nywDFZBlv3s8K7FA=; b=B0U81MKWdYdR+ct83RL0WXqDgaCf3o3037cTqkwHl9lRhgyYEHHMJMVpLtTycYNrdbq99Y BaOSlCOUYG/Ikvqq5FADb6G0QFHR03JuFhgswvZwl/VqMEQ75uIfemiPY3Xg+FZyZLpXfU IKhnV1PH5UPlGA9IyURKE2ATsgq0x8c= Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-515-m4fYUIkbOkilLK99beb6bA-1; Wed, 13 Apr 2022 21:50:14 -0400 X-MC-Unique: m4fYUIkbOkilLK99beb6bA-1 Received: by mail-pg1-f200.google.com with SMTP id b18-20020a63d812000000b0037e1aa59c0bso1974431pgh.12 for ; Wed, 13 Apr 2022 18:50:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=LbIFt/hLvdmgH3emaym9nt7Eav8nywDFZBlv3s8K7FA=; b=oRZ6SByWI+J7oAgpJCaKOdQv0sGhgU+Pk/VkgyB+uMCY218Jht62TyW9+OncmCV/5n kCx9OB8Y6Yi0ucv+ExCg46wsQul2lGrA6Joh1rYTKHd4er5UpUHWZGEuaPwZsNhxzl2G KQMaQPyF1SVatvv8PK/9eAOrLL54icbptuK8mLx+FBwecagrK2bzisIi1ETyZ8OEjiNo yMmx1pDND25971xqzBSAp+BlRU/wAVT/StxO2E9QSZzPH7DceEo6NhwBpBXlpctBS0JF /JFnuf76EWYXsnShIG5B8awpKEGYRq+GoeSYxlrZ7BIFyY95f1YNc8Myn6GQFWzJ8Pw5 JulQ== X-Gm-Message-State: AOAM531Lq5mYBgtqngZT+WCeR9WQLkph4ms/B/83jKM4Ep5E0k35aAoD 9PdN+v16/QpqH1c3ScFiBIDxnBUSxERey2Xx/OVQkyyY2NKccsWLwcsLUnsycHLdnHU2nzVNg6k TvTLLNM2lQatNolOWIKQ7aBnZ X-Received: by 2002:a63:1725:0:b0:39d:7957:7396 with SMTP id x37-20020a631725000000b0039d79577396mr391339pgl.156.1649901013275; Wed, 13 Apr 2022 18:50:13 -0700 (PDT) X-Received: by 2002:a63:1725:0:b0:39d:7957:7396 with SMTP id x37-20020a631725000000b0039d79577396mr391315pgl.156.1649901012971; Wed, 13 Apr 2022 18:50:12 -0700 (PDT) Received: from localhost ([240e:3a1:31c:360:52fc:c968:cb41:efbc]) by smtp.gmail.com with ESMTPSA id y3-20020a056a00190300b004fa2411bb92sm345861pfi.93.2022.04.13.18.50.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Apr 2022 18:50:12 -0700 (PDT) Date: Thu, 14 Apr 2022 09:46:05 +0800 From: Coiby Xu To: Michal =?utf-8?B?U3VjaMOhbmVr?= Cc: kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org, Baoquan He , Dave Young , Will Deacon , "Eric W . Biederman" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" Subject: Re: [PATCH v5 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic Message-ID: <20220414014605.etdihzqs764v74gf@Rk> References: <20220401013118.348084-1-coxu@redhat.com> <20220401013118.348084-3-coxu@redhat.com> <20220411085411.GZ163591@kunlun.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20220411085411.GZ163591@kunlun.suse.cz> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 11, 2022 at 10:54:11AM +0200, Michal Such?nek wrote: >On Fri, Apr 01, 2022 at 09:31:17AM +0800, Coiby Xu wrote: >> The code in bzImage64_verify_sig could make use of system keyrings >s/could make/makes/ >> including .buitin_trusted_keys, .secondary_trusted_keys and .platform >> keyring to verify signed kernel image as PE file. Make it generic so >> both x86_64 and arm64 can use it. >> >> Signed-off-by: Coiby Xu >> --- >> arch/x86/kernel/kexec-bzimage64.c | 13 +------------ >> include/linux/kexec.h | 7 +++++++ >> kernel/kexec_file.c | 17 +++++++++++++++++ >> 3 files changed, 25 insertions(+), 12 deletions(-) >> >> diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c >> index 170d0fd68b1f..f73aab3fde33 100644 >> --- a/arch/x86/kernel/kexec-bzimage64.c >> +++ b/arch/x86/kernel/kexec-bzimage64.c >> @@ -17,7 +17,6 @@ >> #include >> #include >> #include >> -#include >> >> #include >> #include >> @@ -531,17 +530,7 @@ static int bzImage64_cleanup(void *loader_data) >> #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG >> static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) >> { >> - int ret; >> - >> - ret = verify_pefile_signature(kernel, kernel_len, >> - VERIFY_USE_SECONDARY_KEYRING, >> - VERIFYING_KEXEC_PE_SIGNATURE); >> - if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { >> - ret = verify_pefile_signature(kernel, kernel_len, >> - VERIFY_USE_PLATFORM_KEYRING, >> - VERIFYING_KEXEC_PE_SIGNATURE); >> - } >> - return ret; >> + return kexec_kernel_verify_pe_sig(kernel, kernel_len); >> } > >Maybe you can completely eliminate bzImage64_verify_sig and directly >assign kexec_kernel_verify_pe_sig to the fops? > >Other than that > >Reviewed-by: Michal Suchanek Applied, thanks for the suggestion and reviewing the patch! > >> #endif >> >> diff --git a/include/linux/kexec.h b/include/linux/kexec.h >> index 755fed183224..2fe39e946988 100644 >> --- a/include/linux/kexec.h >> +++ b/include/linux/kexec.h >> @@ -19,6 +19,7 @@ >> #include >> >> #include >> +#include >> >> #ifdef CONFIG_KEXEC_CORE >> #include >> @@ -196,6 +197,12 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi, >> const Elf_Shdr *relsec, >> const Elf_Shdr *symtab); >> int arch_kimage_file_post_load_cleanup(struct kimage *image); >> +#ifdef CONFIG_KEXEC_SIG >> +#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION >> +int kexec_kernel_verify_pe_sig(const char *kernel, >> + unsigned long kernel_len); >> +#endif >> +#endif >> int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf); >> >> extern int kexec_add_buffer(struct kexec_buf *kbuf); >> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c >> index 3720435807eb..754885b96aab 100644 >> --- a/kernel/kexec_file.c >> +++ b/kernel/kexec_file.c >> @@ -165,6 +165,23 @@ void kimage_file_post_load_cleanup(struct kimage *image) >> } >> >> #ifdef CONFIG_KEXEC_SIG >> +#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION >> +int kexec_kernel_verify_pe_sig(const char *kernel, unsigned long kernel_len) >> +{ >> + int ret; >> + >> + ret = verify_pefile_signature(kernel, kernel_len, >> + VERIFY_USE_SECONDARY_KEYRING, >> + VERIFYING_KEXEC_PE_SIGNATURE); >> + if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { >> + ret = verify_pefile_signature(kernel, kernel_len, >> + VERIFY_USE_PLATFORM_KEYRING, >> + VERIFYING_KEXEC_PE_SIGNATURE); >> + } >> + return ret; >> +} >> +#endif >> + >> static int kexec_image_verify_sig(struct kimage *image, void *buf, >> unsigned long buf_len) >> { >> -- >> 2.34.1 >> > -- Best regards, Coiby