lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240824111234.2216355-1-lizetao1@huawei.com>
Date: Sat, 24 Aug 2024 19:12:34 +0800
From: Li Zetao <lizetao1@...wei.com>
To: <catalin.marinas@....com>, <will@...nel.org>
CC: <lizetao1@...wei.com>, <linux-arm-kernel@...ts.infradead.org>,
	<linux-kernel@...r.kernel.org>
Subject: [PATCH -next] arm64: enable ARCH_SUPPORTS_KEXEC_SIG_FORCE for arm64

When the CONFIG_KEXEC_SIG is enabled, an illegal image is loaded through
kexec, and the illegal image is successfully loaded. The test example is
as follows:

  # cat /sys/kernel/kexec_loaded
  0
  # kexec -s -l ./Image.illegal_signature
  # echo $?
  0
  # dmesg | tail
  PEFILE: Digest mismatch
  # cat /sys/kernel/kexec_loaded
  1

The root cause of this problem is that CONFIG_KEXEC_SIG_FORCE is not
enabled. Solve this problem by enabling the ARCH_SUPPORTS_KEXEC_SIG_FORCE
feature.

Signed-off-by: Li Zetao <lizetao1@...wei.com>
---
 arch/arm64/Kconfig | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a2f8ff354ca6..9952c40a2bd8 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1549,6 +1549,9 @@ config ARCH_SELECTS_KEXEC_FILE
 config ARCH_SUPPORTS_KEXEC_SIG
 	def_bool y
 
+config ARCH_SUPPORTS_KEXEC_SIG_FORCE
+	def_bool y
+
 config ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
 	def_bool y
 
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ