Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot
From: Linus Torvalds
Date: Wed Aug 15 2018 - 13:45:50 EST
On Wed, Aug 15, 2018 at 10:27 AM Yannik Sembritzki <yannik@xxxxxxxxxxxxx> wrote:
>
> Would this be okay?
No, I meant that it would have to go into the proper header files, and
also be used by verify_pkcs7_signature() and pkcs7_preparse() etc, so
that you could actually grep for this, and understand what it does.
Right now you have to know about the magic. Or follow the call chain
down and look, like I did.
Side note, it should probably be
#define TRUST_FULL_KEYRING ((struct key *)1ul)
instead, so that it is also type-safe (using "void *" means that it
would work almost anywhere, but it really should be a "struct key *".
And I'd like to see a comment from the kexec people too, I guess.
Linus