kexec, KEYS: make the code in bzImage64_verify_sig generic
commit 278311e417 ("kexec, KEYS: Make use of platform keyring for
signature verify") adds platform keyring support on x86 kexec but not
arm64.
The code in bzImage64_verify_sig uses the keys on the
.builtin_trusted_keys, .machine, if configured and enabled,
.secondary_trusted_keys, also if configured, and .platform keyrings
to verify the signed kernel image as PE file.
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Reviewed-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Coiby Xu
Mimi Zohar
parent
689a71493b
commit
c903dae894
3 changed files with 25 additions and 19 deletions
|
|
@ -19,6 +19,7 @@
|
|||
#include <asm/io.h>
|
||||
|
||||
#include <uapi/linux/kexec.h>
|
||||
#include <linux/verification.h>
|
||||
|
||||
/* Location of a reserved region to hold the crash kernel.
|
||||
*/
|
||||
|
|
@ -212,6 +213,12 @@ static inline void *arch_kexec_kernel_image_load(struct kimage *image)
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_KEXEC_SIG
|
||||
#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
|
||||
int kexec_kernel_verify_pe_sig(const char *kernel, unsigned long kernel_len);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
extern int kexec_add_buffer(struct kexec_buf *kbuf);
|
||||
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue