On Thu, May 12, 2022 at 03:01:23PM +0800, Coiby Xu wrote: > From: Michal Suchanek <msuchanek@xxxxxxx> > > commit e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > adds support for KEXEC_SIG verification with keys from platform keyring > but the built-in keys and secondary keyring are not used. > > Add support for the built-in keys and secondary keyring as x86 does. > > Fixes: e23a8020ce4e ("s390/kexec_file: Signature verification prototype") > Cc: stable@xxxxxxxxxxxxxxx > Cc: Philipp Rudo <prudo@xxxxxxxxxxxxx> > Cc: kexec@xxxxxxxxxxxxxxxxxxx > Cc: keyrings@xxxxxxxxxxxxxxx > Cc: linux-security-module@xxxxxxxxxxxxxxx > Signed-off-by: Michal Suchanek <msuchanek@xxxxxxx> > Reviewed-by: "Lee, Chun-Yi" <jlee@xxxxxxxx> > Acked-by: Baoquan He <bhe@xxxxxxxxxx> > Signed-off-by: Coiby Xu <coxu@xxxxxxxxxx> > --- > arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) As far as I can tell this doesn't have any dependency to the other patches in this series, so should I pick this up for the s390 tree, or how will this go upstream? In any case: Acked-by: Heiko Carstens <hca@xxxxxxxxxxxxx>