On Wed, Feb 09, 2022 at 03:46:05PM +1100, Michael Ellerman wrote: > Luis Chamberlain <mcgrof@xxxxxxxxxx> writes: > > On Tue, Jan 11, 2022 at 12:37:42PM +0100, Michal Suchanek wrote: > >> Hello, > >> > >> This is a refresh of the KEXEC_SIG series. > >> > >> This adds KEXEC_SIG support on powerpc and deduplicates the code dealing > >> with appended signatures in the kernel. > >> > >> powerpc supports IMA_KEXEC but that's an exception rather than the norm. > >> On the other hand, KEXEC_SIG is portable across platforms. > >> > >> For distributions to have uniform security features across platforms one > >> option should be used on all platforms. > >> > >> Thanks > >> > >> Michal > >> > >> Previous revision: https://lore.kernel.org/linuxppc-dev/cover.1637862358.git.msuchanek@xxxxxxx/ > >> Patched kernel tree: https://github.com/hramrach/kernel/tree/kexec_sig > >> > >> Michal Suchanek (6): > >> s390/kexec_file: Don't opencode appended signature check. > >> powerpc/kexec_file: Add KEXEC_SIG support. > >> kexec_file: Don't opencode appended signature verification. > >> module: strip the signature marker in the verification function. > >> module: Use key_being_used_for for log messages in > >> verify_appended_signature > >> module: Move duplicate mod_check_sig users code to mod_parse_sig > > > > What tree should this go through? I'd prefer if over through modules > > tree as it can give a chance for Aaron Tomlin to work with this for his > > code refactoring of kernel/module*.c to kernel/module/ > > Yeah that's fine by me, the arch changes are pretty minimal and unlikely > to conflict much. Ok sounds good thanks. Luis
