Re: [PATCH v4 0/3] use more system keyrings to verify arm64 kdump kernel image signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/21/22 at 04:28pm, Coiby Xu wrote:
> Hi Baoquan,
> 
> On Mon, Mar 21, 2022 at 12:24:59PM +0800, Baoquan He wrote:
> > Hi Coiby,
> > 
> > On 03/18/22 at 05:40pm, Coiby Xu wrote:
> > > This patch set allows arm64 to use more system keyrings to verify kdump
> > > kernel image signature by making the existing code in x64 public.
> > 
> > Could you tell more about why arm64 need use more system keyrings to
> > verify kdump kernel iamge signature?
> > 
> > What problem have you encountered to make you want to do this?
> 
> Thanks for raising this question! Currently, a problem faced by arm64 is
> if a kernel image is signed by a MOK key, this kernel image would be
> rejected with the error "Lockdown: kexec: kexec of unsigned images is
> restricted; see man kernel_lockdown.7". I'll improve the cover letter
> and the 3rd commit message to have this info.

Thanks for the effort, Coiby.

Usually, when we post patch to solve issues, or improve, we had better
tell

1) what problem we encounter;
2) why the problem happened, what is the root cause after investigation and analysis;
3) how you fix it;

The 1) and 2) are very important to help reviewer understand what's
going on, and why this patch is needed. As you can see, in this
patchset, only 3) is presented.

Cheers


_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec



[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux