Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot

[Yannik Sembritzki]

I'm sorry, the sign-off was missing again (this is my first submission
to linux).

Signed-off-by: Yannik Sembritzki <yannik@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
Âarch/x86/kernel/kexec-bzimage64.c | 5 ++++-
Â1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/kexec-bzimage64.c
b/arch/x86/kernel/kexec-bzimage64.c
index 7326078e..2ba47e24 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -41,6 +41,9 @@
Â#define MIN_KERNEL_LOAD_ADDRÂÂÂ 0x100000
Â#define MIN_INITRD_LOAD_ADDRÂÂÂ 0x1000000
Â
+// Allow both builtin trusted keys and secondary trusted keys
+#define TRUST_FULL_KEYRINGÂÂÂ (void *)1UL
+
Â/*
 * This is a place holder for all boot loader specific data structure which
 * gets allocated in one call but gets freed much later during cleanup
@@ -532,7 +535,7 @@ static int bzImage64_cleanup(void *loader_data)
Âstatic int bzImage64_verify_sig(const char *kernel, unsigned long
kernel_len)
Â{
ÂÂÂÂ return verify_pefile_signature(kernel, kernel_len,
-ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂÂÂÂ NULL,
+ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂÂÂÂ TRUST_FULL_KEYRING,
ÂÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂÂÂÂ VERIFYING_KEXEC_PE_SIGNATURE);
Â}
Â#endif
-- 
2.17.1

On 15.08.2018 19:27, Yannik Sembritzki wrote:
> Would this be okay?
>
> diff --git a/arch/x86/kernel/kexec-bzimage64.c
> b/arch/x86/kernel/kexec-bzimage64.c
> index 7326078e..2ba47e24 100644
> --- a/arch/x86/kernel/kexec-bzimage64.c
> +++ b/arch/x86/kernel/kexec-bzimage64.c
> @@ -41,6 +41,9 @@
> Â#define MIN_KERNEL_LOAD_ADDRÂÂ 0x100000
> Â#define MIN_INITRD_LOAD_ADDRÂÂ 0x1000000
> Â
> +// Allow both builtin trusted keys and secondary trusted keys
> +#define TRUST_FULL_KEYRINGÂÂÂÂ (void *)1UL
> +
> Â/*
> Â * This is a place holder for all boot loader specific data structure which
> Â * gets allocated in one call but gets freed much later during cleanup
> @@ -532,7 +535,7 @@ static int bzImage64_cleanup(void *loader_data)
> Âstatic int bzImage64_verify_sig(const char *kernel, unsigned long
> kernel_len)
> Â{
> ÂÂÂÂÂÂÂ return verify_pefile_signature(kernel, kernel_len,
> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ NULL,
> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ TRUST_FULL_KEYRING,
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ VERIFYING_KEXEC_PE_SIGNATURE);
> Â}
> Â#endif
> --
>
> On 15.08.2018 18:54, Linus Torvalds wrote:
>> This needs more people involved, and at least a sign-off.
>>
>> It looks ok, but I think we need a #define for the magical (void *)1UL
>> thing. I see the use in verify_pkcs7_signature(), but still.
>>
>>               Linus
>>
>>
>>
>> On Wed, Aug 15, 2018 at 3:11 AM Yannik Sembritzki <yannik@xxxxxxxxxxxxx> wrote:
>>> ---
>>>  arch/x86/kernel/kexec-bzimage64.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
>>> index 7326078e..eaaa125d 100644
>>> --- a/arch/x86/kernel/kexec-bzimage64.c
>>> +++ b/arch/x86/kernel/kexec-bzimage64.c
>>> @@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data)
>>>  static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
>>>  {
>>>         return verify_pefile_signature(kernel, kernel_len,
>>> -                                      NULL,
>>> +                                      (void *)1UL,
>>>                                        VERIFYING_KEXEC_PE_SIGNATURE);
>>>  }
>>>  #endif
>>> --
>>> 2.17.1
>>>
>>> The exact scenario under which this issue occurs is described here:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1554113
>>>