iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch/arm64/kernel
History
Coiby Xu 2d97167d5e arm64: kexec_file: use more system keyrings to verify kernel image signature 
commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.

Currently, when loading a kernel image via the kexec_file_load() system
call, arm64 can only use the .builtin_trusted_keys keyring to verify
a signature whereas x86 can use three more keyrings i.e.
.secondary_trusted_keys, .machine and .platform keyrings. For example,
one resulting problem is kexec'ing a kernel image  would be rejected
with the error "Lockdown: kexec: kexec of unsigned images is restricted;
see man kernel_lockdown.7".

This patch set enables arm64 to make use of the same keyrings as x86 to
verify the signature kexec'ed kernel image.

Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
Acked-by: Baoquan He <bhe@redhat.com>
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Co-developed-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-21 15:20:08 +02:00
..
probes
arm64: Treat ESR_ELx as a 64-bit register
2022-04-29 19:26:27 +01:00
vdso
kernel-hardening updates for v5.19-rc1
2022-05-24 12:27:09 -07:00
vdso32
arm64: vdso: fix makefile dependency on vdso.so
2022-05-10 12:08:40 +01:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
acpi_numa.c
arm64, numa: Change the numa init functions name to be generic
2021-01-14 15:08:54 -08:00
acpi_parking_protocol.c
arm64: use function_nocfi with __pa_symbol
2021-04-08 16:04:22 -07:00
acpi.c
arm64: Simplify checking for populated DT
2021-12-06 16:12:53 +00:00
alternative.c
arm64: alternatives: mark patch_alternative() as noinstr
2022-04-06 11:23:48 +01:00
armv8_deprecated.c
arm64: fix oops in concurrently setting insn_emulation sysctls
2022-08-17 15:14:00 +02:00
asm-offsets.c
KVM: arm64: Drop unused workaround_flags vcpu field
2021-12-08 14:54:07 +00:00
cacheinfo.c
drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
2021-09-01 10:29:10 +02:00
cpu_errata.c
arm64: errata: Remove AES hwcap for COMPAT tasks
2022-08-17 15:14:00 +02:00
cpu_ops.c
arm64: Introduce get_cpu_ops() helper function
2020-03-24 17:24:19 +00:00
cpu-reset.S
arm64: kexec: remove cpu-reset.h
2021-10-01 13:31:00 +01:00
cpufeature.c
arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
2022-08-17 15:14:10 +02:00
cpuidle.c
cpuidle: PSCI: Move the has_lpi check to the beginning of the function
2022-03-03 20:20:06 +01:00
cpuinfo.c
Merge branch kvm-arm64/wfxt into kvmarm-master/next
2022-05-04 09:42:16 +01:00
crash_core.c
arm64: crash_core: Export MODULES, VMALLOC, and VMEMMAP ranges
2022-03-07 21:25:47 +00:00
crash_dump.c
vmcore: convert copy_oldmem_page() to take an iov_iter
2022-04-29 14:37:59 -07:00
debug-monitors.c
arm64: Treat ESR_ELx as a 64-bit register
2022-04-29 19:26:27 +01:00
efi-entry.S
arm64: Rename arm64-internal cache maintenance functions
2021-05-25 19:27:49 +01:00
efi-header.S
arm64: head: tidy up the Image header definition
2020-11-17 16:14:20 +00:00
efi-rt-wrapper.S
Merge branch 'for-next/scs' into for-next/core
2020-05-28 18:03:40 +01:00
efi.c
arm64: efi: Export screen_info
2021-08-04 16:54:36 +00:00
elfcore.c
elf: Fix the arm64 MTE ELF segment name and value
2022-04-28 11:37:06 +01:00
entry-common.c
Locking changes in this cycle were:
2022-05-24 10:18:23 -07:00
entry-fpsimd.S
arm64/sme: Implement ZA context switching
2022-04-22 18:51:02 +01:00
entry-ftrace.S
arm64: ftrace: remove redundant label
2022-06-15 16:14:47 +01:00
entry.S
arm64: entry: use stackleak_erase_on_task_stack()
2022-05-08 01:33:09 -07:00
fpsimd.c
arm64/sme: Fix EFI save/restore
2022-06-10 17:29:23 +01:00
ftrace.c
arm64: ftrace: consistently handle PLTs.
2022-06-15 16:14:47 +01:00
head.S
arm64: set UXN on swapper page tables
2022-08-11 13:22:03 +02:00
hibernate-asm.S
arm64: kexec: install a copy of the linear-map
2021-10-01 13:31:00 +01:00
hibernate.c
arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"
2022-08-17 15:14:00 +02:00
hw_breakpoint.c
arm64: Treat ESR_ELx as a 64-bit register
2022-04-29 19:26:27 +01:00
hyp-stub.S
Merge remote-tracking branch 'arm64/for-next/vhe-only' into kvmarm-master/next
2021-04-13 15:42:40 +01:00
idle.c
Merge branch 'for-next/entry' into for-next/core
2021-06-24 14:01:55 +01:00
idreg-override.c
arm64: Add support of PAuth QARMA3 architected algorithm
2022-02-25 13:38:52 +00:00
image-vars.h
ARM:
2022-03-24 11:58:57 -07:00
image.h
arm64: get rid of TEXT_OFFSET
2020-09-07 15:00:52 +01:00
io.c
irq.c
arm64: irq: allow FIQs to be handled
2021-03-24 20:19:30 +00:00
jump_label.c
arm64: insn: decouple patching from insn code
2021-06-11 11:19:27 +01:00
kaslr.c
arm64: fix the doc of RANDOMIZE_MODULE_REGION_FULL
2021-08-03 10:36:42 +01:00
kexec_image.c
arm64: kexec_file: use more system keyrings to verify kernel image signature
2022-08-21 15:20:08 +02:00
kgdb.c
arm64: Treat ESR_ELx as a 64-bit register
2022-04-29 19:26:27 +01:00
kuser32.S
machine_kexec_file.c
arm64: kdump: Reimplement crashkernel=X
2022-05-07 19:54:33 +01:00
machine_kexec.c
arm64: kdump: Reimplement crashkernel=X
2022-05-07 19:54:33 +01:00
Makefile
arm64: kasan: do not instrument stacktrace.c
2022-08-17 15:13:59 +02:00
module-plts.c
arm64: fix typos in comments
2022-04-04 10:32:50 +01:00
module.c
kasan, arm64: don't tag executable vmalloc allocations
2022-03-24 19:06:48 -07:00
mte.c
arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"
2022-08-17 15:14:00 +02:00
paravirt.c
arm64: paravirt: Use RCU read locks to guard stolen_time
2022-05-17 14:23:37 +01:00
patching.c
arm64: patch_text: Fixup last cpu should be master
2022-04-08 11:43:46 +01:00
pci.c
arm64: PCI: Support root bridge preparation for Hyper-V
2021-08-23 10:59:26 +01:00
perf_callchain.c
Peter Zijlstra says:
2022-01-12 16:26:58 -08:00
perf_event.c
arm64: perf: Expose some Armv9 common events under sysfs
2022-03-08 11:40:44 +00:00
perf_regs.c
perf/arch: Remove perf_sample_data::regs_user_copy
2020-11-09 18:12:34 +01:00
pointer_auth.c
arm64: move preemption disablement to prctl handlers
2021-07-28 18:33:49 +01:00
process.c
This set of changes updates init and user mode helper tasks to be
2022-06-03 16:03:05 -07:00
proton-pack.c
arm64: Add part number for Arm Cortex-A78AE
2022-04-08 11:46:46 +01:00
psci.c
arm64: use function_nocfi with __pa_symbol
2021-04-08 16:04:22 -07:00
ptrace.c
arm64/sme: Remove _EL0 from name of SVCR - FIXME sysreg.h
2022-05-16 19:50:20 +01:00
reloc_test_core.c
reloc_test_syms.S
arm64: kernel: Convert to modern annotations for assembly functions
2020-05-04 12:46:03 +01:00
relocate_kernel.S
arm64: kexec: load from kimage prior to clobbering
2022-05-17 14:25:35 +01:00
return_address.c
arm64: Make return_address() use arch_stack_walk()
2021-12-10 14:06:04 +00:00
sdei.c
arm64: kernel: add helper for booted at EL2 and not VHE
2021-10-01 13:30:59 +01:00
setup.c
Revert "arm64: Initialize jump labels before setup_machine_fdt()"
2022-06-15 16:14:32 +01:00
signal32.c
signal: Deliver SIGTRAP on perf event asynchronously if blocked
2022-04-22 12:14:05 +02:00
signal.c
arm64 fixes for 5.19-rc1:
2022-06-03 14:05:34 -07:00
sigreturn32.S
sleep.S
kasan: remove redundant config option
2021-04-16 16:10:36 -07:00
smccc-call.S
arm64: smccc: Save lr before calling __arm_smccc_sve_check()
2021-07-21 11:23:25 +01:00
smp_spin_table.c
arm64: Rename arm64-internal cache maintenance functions
2021-05-25 19:27:49 +01:00
smp.c
cpufreq: CPPC: Add per_cpu efficiency_class
2022-05-06 21:01:17 +02:00
stacktrace.c
arm64: stacktrace: use non-atomic __set_bit
2022-08-17 15:14:00 +02:00
suspend.c
arm64: fix typos in comments
2022-04-04 10:32:50 +01:00
sys32.c
sys_compat.c
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
2022-04-29 19:26:27 +01:00
sys.c
syscall.c
arm64/sme: Remove _EL0 from name of SVCR - FIXME sysreg.h
2022-05-16 19:50:20 +01:00
time.c
arm64: Make profile_pc() use arch_stack_walk()
2021-12-10 14:06:04 +00:00
topology.c
topology: Represent clusters of CPUs within a die
2021-10-15 11:25:15 +02:00
trace-events-emulation.h
traps.c
Merge branch 'for-next/esr-elx-64-bit' into for-next/core
2022-05-20 18:51:54 +01:00
vdso32-wrap.S
arm64: do not descend to vdso directories twice
2021-01-20 12:18:46 +00:00
vdso-wrap.S
arm64: do not descend to vdso directories twice
2021-01-20 12:18:46 +00:00
vdso.c
Merge branches 'for-next/misc', 'for-next/kselftest', 'for-next/xntable', 'for-next/vdso', 'for-next/fiq', 'for-next/epan', 'for-next/kasan-vmalloc', 'for-next/fgt-boot-init', 'for-next/vhe-only' and 'for-next/neon-softirqs-disabled', remote-tracking branch 'arm64/for-next/perf' into for-next/core
2021-04-15 14:00:38 +01:00
vmlinux.lds.S
arm64: lds: move special code sections out of kernel exec segment
2022-05-17 09:32:38 +01:00