| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Dec 2021 12:48:36 +0100
From: Michal Suchánek <msuchanek@...e.de>
To: Baoquan He <bhe@...hat.com>
Cc: Nayna <nayna@...ux.vnet.ibm.com>, Mimi Zohar <zohar@...ux.ibm.com>,
David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org,
Paul Mackerras <paulus@...ba.org>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
Rob Herring <robh@...nel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Christian Borntraeger <borntraeger@...ibm.com>,
James Morris <jmorris@...ei.org>,
Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
"Serge E. Hallyn" <serge@...lyn.com>,
Vasily Gorbik <gor@...ux.ibm.com>, linux-s390@...r.kernel.org,
Heiko Carstens <hca@...ux.ibm.com>,
linux-crypto@...r.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
Hari Bathini <hbathini@...ux.ibm.com>,
Daniel Axtens <dja@...ens.net>,
Philipp Rudo <prudo@...hat.com>,
Frank van der Linden <fllinden@...zon.com>,
kexec@...ts.infradead.org, linux-kernel@...r.kernel.org,
Luis Chamberlain <mcgrof@...nel.org>,
Sven Schnelle <svens@...ux.ibm.com>,
linux-security-module@...r.kernel.org,
Jessica Yu <jeyu@...nel.org>, linux-integrity@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org,
"David S. Miller" <davem@...emloft.net>,
Thiago Jung Bauermann <bauerman@...ux.ibm.com>,
buendgen@...ibm.com
Subject: Re: [PATCH v2 0/6] KEXEC_SIG with appended signature
Hello,
On Wed, Dec 01, 2021 at 10:37:47AM +0800, Baoquan He wrote:
> Hi,
>
> On 11/25/21 at 07:02pm, Michal Suchanek wrote:
> > Hello,
> >
> > This is resend of the KEXEC_SIG patchset.
> >
> > The first patch is new because it'a a cleanup that does not require any
> > change to the module verification code.
> >
> > The second patch is the only one that is intended to change any
> > functionality.
> >
> > The rest only deduplicates code but I did not receive any review on that
> > part so I don't know if it's desirable as implemented.
>
> Do you have the link of your 1st version?
This is the previous version:
https://lore.kernel.org/lkml/cover.1635948742.git.msuchanek@suse.de/
Thanks
Michal
> And after going through the whole series, it doesn't tell what this
> patch series intends to do in cover-letter or patch log.
>
> Thanks
> Baoquan
>
> >
> > The first two patches can be applied separately without the rest.
> >
> > Thanks
> >
> > Michal
> >
> > Michal Suchanek (6):
> > s390/kexec_file: Don't opencode appended signature check.
> > powerpc/kexec_file: Add KEXEC_SIG support.
> > kexec_file: Don't opencode appended signature verification.
> > module: strip the signature marker in the verification function.
> > module: Use key_being_used_for for log messages in
> > verify_appended_signature
> > module: Move duplicate mod_check_sig users code to mod_parse_sig
> >
> > arch/powerpc/Kconfig | 11 +++++
> > arch/powerpc/kexec/elf_64.c | 14 ++++++
> > arch/s390/kernel/machine_kexec_file.c | 42 ++----------------
> > crypto/asymmetric_keys/asymmetric_type.c | 1 +
> > include/linux/module_signature.h | 1 +
> > include/linux/verification.h | 4 ++
> > kernel/module-internal.h | 2 -
> > kernel/module.c | 12 +++--
> > kernel/module_signature.c | 56 +++++++++++++++++++++++-
> > kernel/module_signing.c | 33 +++++++-------
> > security/integrity/ima/ima_modsig.c | 22 ++--------
> > 11 files changed, 113 insertions(+), 85 deletions(-)
> >
> > --
> > 2.31.1
> >
> >
> > _______________________________________________
> > kexec mailing list
> > kexec@...ts.infradead.org
> > http://lists.infradead.org/mailman/listinfo/kexec
> >
>
Powered by blists - more mailing lists