[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240827124337.GA4772@willie-the-truck>
Date: Tue, 27 Aug 2024 13:43:38 +0100
From: Will Deacon <will@...nel.org>
To: Li Zetao <lizetao1@...wei.com>
Cc: catalin.marinas@....com, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org, eric.devolder@...cle.com,
ebiederm@...ssion.com
Subject: Re: [PATCH -next] arm64: enable ARCH_SUPPORTS_KEXEC_SIG_FORCE for
arm64
On Sat, Aug 24, 2024 at 07:12:34PM +0800, Li Zetao wrote:
> When the CONFIG_KEXEC_SIG is enabled, an illegal image is loaded through
> kexec, and the illegal image is successfully loaded. The test example is
> as follows:
>
> # cat /sys/kernel/kexec_loaded
> 0
> # kexec -s -l ./Image.illegal_signature
> # echo $?
> 0
> # dmesg | tail
> PEFILE: Digest mismatch
> # cat /sys/kernel/kexec_loaded
> 1
>
> The root cause of this problem is that CONFIG_KEXEC_SIG_FORCE is not
> enabled. Solve this problem by enabling the ARCH_SUPPORTS_KEXEC_SIG_FORCE
> feature.
I'm not sure this is a problem as such -- it seems to be working as
intended if you look at the Kconfig help text:
// Kconfig.kexec :: KEXEC_SIG
| The image can still be loaded without a valid signature unless you
| also enable KEXEC_SIG_FORCE, though if there's a signature that we
| can check, then it must be valid.
> Signed-off-by: Li Zetao <lizetao1@...wei.com>
> ---
> arch/arm64/Kconfig | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index a2f8ff354ca6..9952c40a2bd8 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1549,6 +1549,9 @@ config ARCH_SELECTS_KEXEC_FILE
> config ARCH_SUPPORTS_KEXEC_SIG
> def_bool y
>
> +config ARCH_SUPPORTS_KEXEC_SIG_FORCE
> + def_bool y
I think the real question is why on Earth does KEXEC_SIG_FORCE depend on
this arch option? Can't we just remove ARCH_SUPPORTS_KEXEC_SIG_FORCE,
seeing as it doesn't appear to do anything?
Will
Powered by blists - more mailing lists