lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Jan 2022 14:49:52 +0100 From: Michal Suchanek <msuchanek@...e.de> To: keyrings@...r.kernel.org, linux-crypto@...r.kernel.org, linux-integrity@...r.kernel.org Cc: Michal Suchanek <msuchanek@...e.de>, kexec@...ts.infradead.org, Philipp Rudo <prudo@...hat.com>, Mimi Zohar <zohar@...ux.ibm.com>, Nayna <nayna@...ux.vnet.ibm.com>, Rob Herring <robh@...nel.org>, linux-s390@...r.kernel.org, Vasily Gorbik <gor@...ux.ibm.com>, Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>, Heiko Carstens <hca@...ux.ibm.com>, Jessica Yu <jeyu@...nel.org>, linux-kernel@...r.kernel.org, David Howells <dhowells@...hat.com>, Christian Borntraeger <borntraeger@...ibm.com>, Luis Chamberlain <mcgrof@...nel.org>, Paul Mackerras <paulus@...ba.org>, Hari Bathini <hbathini@...ux.ibm.com>, Alexander Gordeev <agordeev@...ux.ibm.com>, linuxppc-dev@...ts.ozlabs.org, Frank van der Linden <fllinden@...zon.com>, Thiago Jung Bauermann <bauerman@...ux.ibm.com>, Daniel Axtens <dja@...ens.net>, buendgen@...ibm.com, Michael Ellerman <mpe@...erman.id.au>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Christian Borntraeger <borntraeger@...ux.ibm.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Sven Schnelle <svens@...ux.ibm.com>, Baoquan He <bhe@...hat.com>, linux-security-module@...r.kernel.org Subject: [PATCH v4 0/6] KEXEC_SIG with appended signature Hello, This is a refresh of the KEXEC_SIG series. This adds KEXEC_SIG support on powerpc and deduplicates the code dealing with appended signatures in the kernel. powerpc supports IMA_KEXEC but that's an exception rather than the norm. On the other hand, KEXEC_SIG is portable across platforms. For distributions to have uniform security features across platforms one option should be used on all platforms. Thanks Michal Previous revision: https://lore.kernel.org/linuxppc-dev/cover.1637862358.git.msuchanek@suse.de/ Patched kernel tree: https://github.com/hramrach/kernel/tree/kexec_sig Michal Suchanek (6): s390/kexec_file: Don't opencode appended signature check. powerpc/kexec_file: Add KEXEC_SIG support. kexec_file: Don't opencode appended signature verification. module: strip the signature marker in the verification function. module: Use key_being_used_for for log messages in verify_appended_signature module: Move duplicate mod_check_sig users code to mod_parse_sig arch/powerpc/Kconfig | 16 +++++++ arch/powerpc/kexec/elf_64.c | 12 +++++ arch/s390/Kconfig | 2 +- arch/s390/kernel/machine_kexec_file.c | 41 +---------------- crypto/asymmetric_keys/asymmetric_type.c | 1 + include/linux/module_signature.h | 1 + include/linux/verification.h | 5 +++ kernel/module-internal.h | 2 - kernel/module.c | 12 +++-- kernel/module_signature.c | 56 +++++++++++++++++++++++- kernel/module_signing.c | 34 +++++++------- security/integrity/ima/ima_modsig.c | 22 ++-------- 12 files changed, 116 insertions(+), 88 deletions(-) -- 2.31.1
Powered by blists - more mailing lists