Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1656018iob; Thu, 19 May 2022 11:13:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyQWqclhYUmsvKk/a5U/K6wr47O5lvT4wnwmDnmQMIld90X9RTpKdqeKFBtzhFW6TjHuQnr X-Received: by 2002:a17:902:7897:b0:15d:318d:706b with SMTP id q23-20020a170902789700b0015d318d706bmr5818800pll.16.1652984008213; Thu, 19 May 2022 11:13:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652984008; cv=none; d=google.com; s=arc-20160816; b=GbNSWrsGSKxjgeS5Ag6eBPUEqQcqkIxZBPD4RguCOQVlORAFCyRahFa9QAGPKBil5/ IhWQ89qd2quply1OUcXfbQkhTMJqacL/GDp3e3jfRciB1CrNLyU/WF16qhQUoP12pESM nY7E/Oe8WDP6A20bq2enU66ZIuEG+pFXJWoMgSkWCI9gmDsTqkAJ0STkR6x8M0JO1+pO GjO14SZuByWbt4b+XYnec8I5q6hY5mm/gHYcANvk9jhZKc9sg2XhPJuasynHQALGQHU9 8tkM+1aGQZRmIureVSq5DH60YIqLHVOQKvUDMpjxvVAQjoI9zOayKFg5BVlgLe2Tajl5 1iOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=7ukxmzai3Of0C2DKPzah5+6xoHT5hdoRomBqRrlp/Yg=; b=ADG2zI+fW3QCsn8V2faeNb3Qi2niiLIGHAsiY3myzC6Mugm5kzdhyZjeVnh7auwOcm rrJmB5Zmn+qVGHeOtprOzl05wdEbjlukf4RllDr3qDux+OqVwCp3kx3pkhzD2EbZKUOn 1qirO/BllkKaX8zW09jvWXsnmRI1yXGILqSkoQgctuLejf9UNc5QHMsv2VmJHYLQxRfQ VOgs/47qL+SnrLCNU95KMMdED3a+yDQTJ9n8lVTVftyVBHR6SB7IQ5TYwnYjAJCHuNQk mpiP7TXAx2JQFb3tyMTDgLnwW0t/hyh975zEq38lcziZ+O5M/hemAgpYKWJBmuLmkDV6 GjHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PhQ7vRDp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f13-20020a170902ce8d00b0015d2e44c194si8073542plg.556.2022.05.19.11.13.13; Thu, 19 May 2022 11:13:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PhQ7vRDp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237646AbiESL5F (ORCPT + 99 others); Thu, 19 May 2022 07:57:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237593AbiESL4v (ORCPT ); Thu, 19 May 2022 07:56:51 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EF2266AF5; Thu, 19 May 2022 04:56:50 -0700 (PDT) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 24J9njiB014680; Thu, 19 May 2022 11:56:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=7ukxmzai3Of0C2DKPzah5+6xoHT5hdoRomBqRrlp/Yg=; b=PhQ7vRDp1w9gdhXqZp8KaLNKu8CUDQ4sgwM+7+27tw1fJ/N35+ENPvK/RoCw0s3SQ//i W8T84CWAlVoiEJPHngpb2wsCMzJGOzRUaa59j+MipsTNHEqQmxtPsjGgC2SvlUioP4H/ 94P8F/u+S0s09OG9M7c26PY2PJpGYOfRUeMjyd/ODkoRxakc4gPGIZCuoXeMpw2coiPt ZeqfEzLEebdIbR5fX0bvcHcZO2YUbtUbJQ28PePEMAzgzH8dVznT/CZ002iO2mQ4Td4+ UvHdTfJVT6VQAlzB6cp/XulprAJNCe10ilIv16GSquIvqLvvRevdfEDT/HQz0KuxG8Kv +g== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3g5kkw2st2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 May 2022 11:56:35 +0000 Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 24JBlm1O018178; Thu, 19 May 2022 11:56:34 GMT Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3g5kkw2ssb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 May 2022 11:56:34 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 24JBqir1021062; Thu, 19 May 2022 11:56:31 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma04fra.de.ibm.com with ESMTP id 3g2428wv05-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 May 2022 11:56:31 +0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 24JBgYo238273382 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 May 2022 11:42:34 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6C5914203F; Thu, 19 May 2022 11:56:28 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D6D3B42041; Thu, 19 May 2022 11:56:25 +0000 (GMT) Received: from sig-9-65-82-167.ibm.com (unknown [9.65.82.167]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 19 May 2022 11:56:25 +0000 (GMT) Message-ID: Subject: Re: [PATCH v8 4/4] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification From: Mimi Zohar To: Baoquan He , Heiko Carstens , akpm@linux-foundation.org Cc: Coiby Xu , kexec@lists.infradead.org, keyrings@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Michal Suchanek , Dave Young , Will Deacon , "Eric W . Biederman" , Chun-Yi Lee , stable@vger.kernel.org, Philipp Rudo , linux-security-module@vger.kernel.org, Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Martin Schwidefsky , "open list:S390" , open list , linux-integrity , Jarkko Sakkinen Date: Thu, 19 May 2022 07:56:25 -0400 In-Reply-To: <20220519003902.GE156677@MiWiFi-R3L-srv> References: <20220512070123.29486-1-coxu@redhat.com> <20220512070123.29486-5-coxu@redhat.com> <20220519003902.GE156677@MiWiFi-R3L-srv> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-18.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: pODijiS05G_BlMkECJ3lUiCw2rg3g4l4 X-Proofpoint-GUID: oUjdCxRT26f3yTIYGuFU7UbYqUR4xUcJ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-05-19_03,2022-05-19_02,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 mlxscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 clxscore=1011 malwarescore=0 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2205190065 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [Cc'ing Jarkko, linux-integrity] On Thu, 2022-05-19 at 08:39 +0800, Baoquan He wrote: > On 05/18/22 at 01:29pm, Heiko Carstens wrote: > > On Thu, May 12, 2022 at 03:01:23PM +0800, Coiby Xu wrote: > > > From: Michal Suchanek > > > > > > commit e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > adds support for KEXEC_SIG verification with keys from platform keyring > > > but the built-in keys and secondary keyring are not used. > > > > > > Add support for the built-in keys and secondary keyring as x86 does. > > > > > > Fixes: e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > > > Cc: stable@vger.kernel.org > > > Cc: Philipp Rudo > > > Cc: kexec@lists.infradead.org > > > Cc: keyrings@vger.kernel.org > > > Cc: linux-security-module@vger.kernel.org > > > Signed-off-by: Michal Suchanek > > > Reviewed-by: "Lee, Chun-Yi" > > > Acked-by: Baoquan He > > > Signed-off-by: Coiby Xu > > > --- > > > arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++----- > > > 1 file changed, 13 insertions(+), 5 deletions(-) > > > > As far as I can tell this doesn't have any dependency to the other > > patches in this series, so should I pick this up for the s390 tree, or > > how will this go upstream? > > Thanks, Heiko. > > I want to ask Mimi if this can be taken into KEYS-ENCRYPTED tree. > Otherwise I will ask Andrew to help pick this whole series. > > Surely, this patch 4 can be taken into s390 seperately since it's > independent, both looks good. KEYS-ENCRYTPED is a type of key, unrelated to using the .platform, .builtin, .machine, or .secondary keyrings. One of the main reasons for this patch set is to use the new ".machine" keyring, which, if enabled, is linked to the "secondary" keyring. However, the only reference to the ".machine" keyring is in the cover letter, not any of the patch descriptions. Since this is the basis for the system's integrity, this seems like a pretty big omission. From patch 2/4: "The code in bzImage64_verify_sig makes use of system keyrings including .buitin_trusted_keys, .secondary_trusted_keys and .platform keyring to verify signed kernel image as PE file..." From patch 3/4: "This patch allows to verify arm64 kernel image signature using not only .builtin_trusted_keys but also .platform and .secondary_trusted_keys keyring." From patch 4/4: "... with keys from platform keyring but the built-in keys and secondary keyring are not used." This patch set could probably go through KEYS/KEYRINGS_INTEGRITY, but it's kind of late to be asking. Has it been in linux-next? Should I assume this patch set has been fully tested or can we get some "tags"? thanks, Mimi