Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot

From: Linus Torvalds
Date: Wed Aug 15 2018 - 13:45:50 EST

Next message: Gustavo A. R. Silva: "Re: [PATCH] iio: accel: cros_ec_accel_legacy: Mark expected switch fall-throughs"
Previous message: Vivek Goyal: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
In reply to: Dave Young: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Next in thread: Yannik Sembritzki: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 15, 2018 at 10:27 AM Yannik Sembritzki <yannik@xxxxxxxxxxxxx> wrote:
>
> Would this be okay?

No, I meant that it would have to go into the proper header files, and
also be used by verify_pkcs7_signature() and pkcs7_preparse() etc, so
that you could actually grep for this, and understand what it does.

Right now you have to know about the magic. Or follow the call chain
down and look, like I did.

Side note, it should probably be

#define TRUST_FULL_KEYRING ((struct key *)1ul)

instead, so that it is also type-safe (using "void *" means that it
would work almost anywhere, but it really should be a "struct key *".

And I'd like to see a comment from the kexec people too, I guess.

Linus

Next message: Gustavo A. R. Silva: "Re: [PATCH] iio: accel: cros_ec_accel_legacy: Mark expected switch fall-throughs"
Previous message: Vivek Goyal: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
In reply to: Dave Young: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Next in thread: Yannik Sembritzki: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]