Re: [PATCH v2 0/6] KEXEC_SIG with appended signature

From: Heiko Carstens
Date: Tue Nov 30 2021 - 10:31:06 EST


On Thu, Nov 25, 2021 at 07:02:38PM +0100, Michal Suchanek wrote:
> Hello,
>
> This is resend of the KEXEC_SIG patchset.
>
> The first patch is new because it'a a cleanup that does not require any
> change to the module verification code.
>
> The second patch is the only one that is intended to change any
> functionality.
>
> The rest only deduplicates code but I did not receive any review on that
> part so I don't know if it's desirable as implemented.
>
> The first two patches can be applied separately without the rest.
>
> Thanks
>
> Michal
>
> Michal Suchanek (6):
> s390/kexec_file: Don't opencode appended signature check.
> powerpc/kexec_file: Add KEXEC_SIG support.
> kexec_file: Don't opencode appended signature verification.
> module: strip the signature marker in the verification function.
> module: Use key_being_used_for for log messages in
> verify_appended_signature
> module: Move duplicate mod_check_sig users code to mod_parse_sig
>
> arch/powerpc/Kconfig | 11 +++++
> arch/powerpc/kexec/elf_64.c | 14 ++++++
> arch/s390/kernel/machine_kexec_file.c | 42 ++----------------
> crypto/asymmetric_keys/asymmetric_type.c | 1 +
> include/linux/module_signature.h | 1 +
> include/linux/verification.h | 4 ++
> kernel/module-internal.h | 2 -
> kernel/module.c | 12 +++--
> kernel/module_signature.c | 56 +++++++++++++++++++++++-
> kernel/module_signing.c | 33 +++++++-------
> security/integrity/ima/ima_modsig.c | 22 ++--------
> 11 files changed, 113 insertions(+), 85 deletions(-)

For all patches which touch s390:
Acked-by: Heiko Carstens <hca@xxxxxxxxxxxxx>