Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2726670imi; Mon, 25 Jul 2022 06:47:23 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sg9+amgG3UM13JZzRMgi0QuxaKrDl+Dp4zyH0eDyZp3WKvsJvhx2mNpWfOMYVggFfcf8Oq X-Received: by 2002:a63:4404:0:b0:415:aacf:d394 with SMTP id r4-20020a634404000000b00415aacfd394mr11308735pga.437.1658756843135; Mon, 25 Jul 2022 06:47:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658756843; cv=none; d=google.com; s=arc-20160816; b=K4TKKfZ2i0F1Gg1XQ+zpQazN1Us67eXqbFoUCeg5NljHH+/w81yRpwwTMdEBxIiIZH 5F97FpM8oHeMJD2p2q8JIjUoha7he77Mj04gDUm29nLtSoRl+kGfnW6TKwrOpoDwX9DW /L6QPN7UMZ/9zyNUkZ0YijudtxjWemlftkf7mWM38cJxvLdsdaRTe9NV05dX/ye2uTkn c/jVqnUL5LGpN3ypIzOelx9kVqxMpmCLnfKDz7e0lnGdKNNamVhGslKd2aCWyKchGzqe Z8OS7ivsR1MES3DRcjGQjRcHsvmwkFZ4HJbvYYBnxKiTk8vooK0yTApuugFzCli8OC6D WU0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=UI2/nxfk1QNcmFQVdYqpL42RDFh7hqRmtHgOiz0UFAE=; b=bAoC/m+IUNSHJ6Ami45FqvmuZWZdpViqLdfnEXy+wDaGKc1fl4pqTTO4NfcZFbY5+9 RmzpQoUN+1mas4OSQb1pbcNE3dUqGq057kzuPXjx7XlCDWRb8sjvmVn29B+rSOo5/TwJ tUQ0mUhs03iBrxGqEvCDxZJh7pT6BQZNkQjjSFR/+zqWdU2GZV6WMm7OrWjbnxQrLIp4 xfgRGUaDiHu+lm+GRkh7nD7yvS5idGyTsRiU/dmCJl/Ga/RKKLcwTq28hB2RNmDnmmjg wLwWsHsBUppALaMYjDGGQc3WKdbrW0jscgvtHnD09MfS5PDANsAt/aka+T8un1a+Ugkd As/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=pKE5ac07; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w1-20020a170902d10100b0016bedb87daasi12948918plw.437.2022.07.25.06.47.08; Mon, 25 Jul 2022 06:47:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=pKE5ac07; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235049AbiGYNd1 (ORCPT + 99 others); Mon, 25 Jul 2022 09:33:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235560AbiGYNdR (ORCPT ); Mon, 25 Jul 2022 09:33:17 -0400 Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEA4A13D09 for ; Mon, 25 Jul 2022 06:33:11 -0700 (PDT) Received: by mail-io1-xd2c.google.com with SMTP id z132so8805932iof.0 for ; Mon, 25 Jul 2022 06:33:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=UI2/nxfk1QNcmFQVdYqpL42RDFh7hqRmtHgOiz0UFAE=; b=pKE5ac071R6Pb3RRecZCZJIoq81DrpZBqMcjudyYrNlHT+FblM7h1cLSJhjMU04hOC 4/KSTkTwMdb6u4Vl0kYNayVP6351sf8pHJfF0BK6xYWcoFNHKe0VvjiuimjrGPQKyLbi eTh9XY6XGpZW+JPB88tsV3Mkl7EER7lAp/WC7fnq77elUyERjeeQsBPs/bOJRapjZd4P uud2yhv+lZu+4zSGaQbtbWTr0FrgWlG1FDRde0zVuGd9lNc45+3WM2Pz9uGGck8GxZQ1 fMpK6ySfy4CuKwp3/DvvptSXLKpX/oEj8fBvJQnvXA1b5s6wN+88QFfPeX2um/xZthHL on9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=UI2/nxfk1QNcmFQVdYqpL42RDFh7hqRmtHgOiz0UFAE=; b=tihLttWIPg/QEWBtGJ6CwBHx63SJk86kBxnWETXJD4eCevY3jlwLL8N2v47Li8xIWi Ltm/cQAVQf4mnkb95SKmhux4Wfx2oi9X5Q+wvljJeryLhkzsTwr+/E7nMbfYIPBDEpjW gSR7asnrLAArHeg31Z7gnySnz9QEsmmEKHg7ACT7YR8Tc0wrfjWzVu9mJnt07U7VZMm1 fmVkiTRQSbh8valAZyaK7YQ6LCmSmxsLkNoxyxBO5m6UP0Bkg3tW6Yrnw/z2hCULmzYl iMhYNaV5NpQQ8kNp+8/M9fhwfMBwahHECRyXC27QZUmTwEzeo5ZBgGDtSORxoMVpAMf1 qLfw== X-Gm-Message-State: AJIora/4QqOI/0ujgM5BP9IZk3cCBIwUQ5qxUre8fKFkK4PiUKhxyfQe hrPE1OCJ4V9uHqS9Gkq9G10TtjsWVua4I+xzJJjn5w== X-Received: by 2002:a02:c722:0:b0:33f:393d:d198 with SMTP id h2-20020a02c722000000b0033f393dd198mr5025831jao.22.1658755990616; Mon, 25 Jul 2022 06:33:10 -0700 (PDT) MIME-Version: 1.0 References: <20220725083904.56552-1-huangjie.albert@bytedance.com> <20220725083904.56552-3-huangjie.albert@bytedance.com> In-Reply-To: From: =?UTF-8?B?6buE5p2w?= Date: Mon, 25 Jul 2022 21:32:59 +0800 Message-ID: Subject: Re: [External] Re: [PATCH 2/4] kexec: add CONFING_KEXEC_PURGATORY_SKIP_SIG To: "Jason A. Donenfeld" Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Eric Biederman , Masahiro Yamada , Michal Marek , Nick Desaulniers , "Kirill A. Shutemov" , Brijesh Singh , Michael Roth , Nathan Chancellor , Kuppuswamy Sathyanarayanan , Ard Biesheuvel , Peter Zijlstra , Sean Christopherson , Joerg Roedel , Mark Rutland , Kees Cook , linux-kernel@vger.kernel.org, kexec@lists.infradead.org, linux-kbuild@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org maybe a boot parameter ? Jason A. Donenfeld =E4=BA=8E2022=E5=B9=B47=E6=9C=8825=E6= =97=A5=E5=91=A8=E4=B8=80 20:15=E5=86=99=E9=81=93=EF=BC=9A > > Hi Albert, > > On Mon, Jul 25, 2022 at 04:38:54PM +0800, Albert Huang wrote: > > +config KEXEC_PURGATORY_SKIP_SIG > > + bool "skip kexec purgatory signature verification" > > + depends on ARCH_HAS_KEXEC_PURGATORY > > + help > > + this options makes the kexec purgatory do not signature verifi= cation > > + which would get hundreds of milliseconds saved during kexec boo= t. If we can > > + confirm that the data of each segment loaded by kexec will not = change we may > > + enable this option > > + > > Some grammar nits here, but actually, wouldn't it be better to make this > depend on some other signature things instead? Like if the parent kernel > actually did a big signature computation, then maybe the purgatory step > is needed, but if it didn't bother, then maybe you can skip it. This > way, you don't need a compile-time option that might change some aspect > of signature verification people might otherwise be relying on. > > Jason