lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20240827124337.GA4772@willie-the-truck>
Date: Tue, 27 Aug 2024 13:43:38 +0100
From: Will Deacon <will@...nel.org>
To: Li Zetao <lizetao1@...wei.com>
Cc: catalin.marinas@....com, linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org, eric.devolder@...cle.com,
	ebiederm@...ssion.com
Subject: Re: [PATCH -next] arm64: enable ARCH_SUPPORTS_KEXEC_SIG_FORCE for
 arm64

On Sat, Aug 24, 2024 at 07:12:34PM +0800, Li Zetao wrote:
> When the CONFIG_KEXEC_SIG is enabled, an illegal image is loaded through
> kexec, and the illegal image is successfully loaded. The test example is
> as follows:
> 
>   # cat /sys/kernel/kexec_loaded
>   0
>   # kexec -s -l ./Image.illegal_signature
>   # echo $?
>   0
>   # dmesg | tail
>   PEFILE: Digest mismatch
>   # cat /sys/kernel/kexec_loaded
>   1
> 
> The root cause of this problem is that CONFIG_KEXEC_SIG_FORCE is not
> enabled. Solve this problem by enabling the ARCH_SUPPORTS_KEXEC_SIG_FORCE
> feature.

I'm not sure this is a problem as such -- it seems to be working as
intended if you look at the Kconfig help text:

  // Kconfig.kexec :: KEXEC_SIG
  | The image can still be loaded without a valid signature unless you
  | also enable KEXEC_SIG_FORCE, though if there's a signature that we
  | can check, then it must be valid.

> Signed-off-by: Li Zetao <lizetao1@...wei.com>
> ---
>  arch/arm64/Kconfig | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index a2f8ff354ca6..9952c40a2bd8 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1549,6 +1549,9 @@ config ARCH_SELECTS_KEXEC_FILE
>  config ARCH_SUPPORTS_KEXEC_SIG
>  	def_bool y
>  
> +config ARCH_SUPPORTS_KEXEC_SIG_FORCE
> +	def_bool y

I think the real question is why on Earth does KEXEC_SIG_FORCE depend on
this arch option? Can't we just remove ARCH_SUPPORTS_KEXEC_SIG_FORCE,
seeing as it doesn't appear to do anything?

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ