[PATCH v2 0/6] KEXEC_SIG with appended signature
Michal Suchánek
msuchanek at suse.de
Wed Dec 1 11:48:36 UTC 2021
Hello,
On Wed, Dec 01, 2021 at 10:37:47AM +0800, Baoquan He wrote:
> Hi,
>
> On 11/25/21 at 07:02pm, Michal Suchanek wrote:
> > Hello,
> >
> > This is resend of the KEXEC_SIG patchset.
> >
> > The first patch is new because it'a a cleanup that does not require any
> > change to the module verification code.
> >
> > The second patch is the only one that is intended to change any
> > functionality.
> >
> > The rest only deduplicates code but I did not receive any review on that
> > part so I don't know if it's desirable as implemented.
>
> Do you have the link of your 1st version?
This is the previous version:
https://lore.kernel.org/lkml/cover.1635948742.git.msuchanek@suse.de/
Thanks
Michal
> And after going through the whole series, it doesn't tell what this
> patch series intends to do in cover-letter or patch log.
>
> Thanks
> Baoquan
>
> >
> > The first two patches can be applied separately without the rest.
> >
> > Thanks
> >
> > Michal
> >
> > Michal Suchanek (6):
> > s390/kexec_file: Don't opencode appended signature check.
> > powerpc/kexec_file: Add KEXEC_SIG support.
> > kexec_file: Don't opencode appended signature verification.
> > module: strip the signature marker in the verification function.
> > module: Use key_being_used_for for log messages in
> > verify_appended_signature
> > module: Move duplicate mod_check_sig users code to mod_parse_sig
> >
> > arch/powerpc/Kconfig | 11 +++++
> > arch/powerpc/kexec/elf_64.c | 14 ++++++
> > arch/s390/kernel/machine_kexec_file.c | 42 ++----------------
> > crypto/asymmetric_keys/asymmetric_type.c | 1 +
> > include/linux/module_signature.h | 1 +
> > include/linux/verification.h | 4 ++
> > kernel/module-internal.h | 2 -
> > kernel/module.c | 12 +++--
> > kernel/module_signature.c | 56 +++++++++++++++++++++++-
> > kernel/module_signing.c | 33 +++++++-------
> > security/integrity/ima/ima_modsig.c | 22 ++--------
> > 11 files changed, 113 insertions(+), 85 deletions(-)
> >
> > --
> > 2.31.1
> >
> >
> > _______________________________________________
> > kexec mailing list
> > kexec at lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/kexec
> >
>
More information about the Linux-security-module-archive
mailing list