[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20181105175549.10506-1-cascardo@canonical.com>
Date: Mon, 5 Nov 2018 15:55:49 -0200
From: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
To: David Howells <dhowells@...hat.com>
Cc: linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
Subject: [PATCH v2] lockdown: allow kexec_file of unsigned images when not under lockdown
If CONFIG_KEXEC_VERIFY_SIG is enabled, kexec -s with an unsigned image will
fail requiring an image signed with a trusted key. However, that same
kernel will allow kexec to load and boot a kernel, if kexec_file_load is
not used.
Now, lockdown brings a solution to this inconsistency. However, as it is,
it will still prevent an unsigned image to be loaded with kexec -s when the
system is not under lockdown, while still allowing kexec to work.
At the same time, with lockdown, kexec_file_load would still work when
CONFIG_KEXEC_VERIFY_SIG is disabled.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
---
v2:
fixed build failure, s/#elif/#else/
---
kernel/kexec_file.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index e5bcd94c1efb..b1f0373014c1 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -140,10 +140,17 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
image->kernel_buf_len);
if (ret) {
pr_debug("kernel signature verification failed.\n");
- goto out;
+ } else {
+ pr_debug("kernel signature verification successful.\n");
}
- pr_debug("kernel signature verification successful.\n");
+#else
+ ret = -EPERM;
#endif
+ if (ret && kernel_is_locked_down("kexec of unsigned images"))
+ goto out;
+ else
+ ret = 0;
+
/* It is possible that there no initramfs is being loaded */
if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
--
2.19.1
Powered by blists - more mailing lists