Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F8F3C433F5 for ; Wed, 1 Dec 2021 02:38:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241412AbhLACl1 (ORCPT ); Tue, 30 Nov 2021 21:41:27 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:43166 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346227AbhLACl0 (ORCPT ); Tue, 30 Nov 2021 21:41:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1638326285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=W0n5k4sl9AYBphe6cujkRUTAtSAAGA+Ca8Fn1jgb3kw=; b=ftSNleJ4Ougk5TtZ5J/CnGL63PXW9YBWBSMxPrr+txy22bq39uKHba8tlZSZsfhHgXut+n eQZilrDxPXLQ7H+vdp/KLt+2DNUEZPXR98m4V+8OlcHjCDv95ERMOJjZQ07iMOcaIXaFdz znzyrTO7ujtyExp56ZDAN1r4dABDwXQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-420-PtZgyoLZM6iWg_vjmPTmng-1; Tue, 30 Nov 2021 21:38:04 -0500 X-MC-Unique: PtZgyoLZM6iWg_vjmPTmng-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 133C5102C7EB; Wed, 1 Dec 2021 02:37:59 +0000 (UTC) Received: from localhost (ovpn-12-42.pek2.redhat.com [10.72.12.42]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3ADC560C13; Wed, 1 Dec 2021 02:37:50 +0000 (UTC) Date: Wed, 1 Dec 2021 10:37:47 +0800 From: Baoquan He To: Michal Suchanek Cc: keyrings@vger.kernel.org, kexec@lists.infradead.org, Philipp Rudo , Mimi Zohar , Nayna , Rob Herring , linux-s390@vger.kernel.org, Vasily Gorbik , Lakshmi Ramasubramanian , Heiko Carstens , Jessica Yu , linux-kernel@vger.kernel.org, David Howells , Christian Borntraeger , Luis Chamberlain , Paul Mackerras , Hari Bathini , Alexander Gordeev , linuxppc-dev@lists.ozlabs.org, Frank van der Linden , Thiago Jung Bauermann , Daniel Axtens , buendgen@de.ibm.com, Michael Ellerman , Benjamin Herrenschmidt , Christian Borntraeger , Herbert Xu , "David S. Miller" , Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , Sven Schnelle , linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH v2 0/6] KEXEC_SIG with appended signature Message-ID: <20211201023747.GN21646@MiWiFi-R3L-srv> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, On 11/25/21 at 07:02pm, Michal Suchanek wrote: > Hello, > > This is resend of the KEXEC_SIG patchset. > > The first patch is new because it'a a cleanup that does not require any > change to the module verification code. > > The second patch is the only one that is intended to change any > functionality. > > The rest only deduplicates code but I did not receive any review on that > part so I don't know if it's desirable as implemented. Do you have the link of your 1st version? And after going through the whole series, it doesn't tell what this patch series intends to do in cover-letter or patch log. Thanks Baoquan > > The first two patches can be applied separately without the rest. > > Thanks > > Michal > > Michal Suchanek (6): > s390/kexec_file: Don't opencode appended signature check. > powerpc/kexec_file: Add KEXEC_SIG support. > kexec_file: Don't opencode appended signature verification. > module: strip the signature marker in the verification function. > module: Use key_being_used_for for log messages in > verify_appended_signature > module: Move duplicate mod_check_sig users code to mod_parse_sig > > arch/powerpc/Kconfig | 11 +++++ > arch/powerpc/kexec/elf_64.c | 14 ++++++ > arch/s390/kernel/machine_kexec_file.c | 42 ++---------------- > crypto/asymmetric_keys/asymmetric_type.c | 1 + > include/linux/module_signature.h | 1 + > include/linux/verification.h | 4 ++ > kernel/module-internal.h | 2 - > kernel/module.c | 12 +++-- > kernel/module_signature.c | 56 +++++++++++++++++++++++- > kernel/module_signing.c | 33 +++++++------- > security/integrity/ima/ima_modsig.c | 22 ++-------- > 11 files changed, 113 insertions(+), 85 deletions(-) > > -- > 2.31.1 > > > _______________________________________________ > kexec mailing list > kexec@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/kexec >