Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot

From: Linus Torvalds
Date: Wed Aug 15 2018 - 13:45:50 EST

On Wed, Aug 15, 2018 at 10:27 AM Yannik Sembritzki <yannik@xxxxxxxxxxxxx> wrote:
> Would this be okay?

No, I meant that it would have to go into the proper header files, and
also be used by verify_pkcs7_signature() and pkcs7_preparse() etc, so
that you could actually grep for this, and understand what it does.

Right now you have to know about the magic. Or follow the call chain
down and look, like I did.

Side note, it should probably be

#define TRUST_FULL_KEYRING ((struct key *)1ul)

instead, so that it is also type-safe (using "void *" means that it
would work almost anywhere, but it really should be a "struct key *".

And I'd like to see a comment from the kexec people too, I guess.