Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Michal Suchanek <msuchanek@xxxxxxx>
Subject: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 24 Sep 2022 11:19:19 +0200
Cc: linux-kernel@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx, Heiko Carstens <hca@xxxxxxxxxxxxx>, Vasily Gorbik <gor@xxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxx>, Alexander Gordeev <agordeev@xxxxxxxxxxxxx>, Sven Schnelle <svens@xxxxxxxxxxxxx>, Philipp Rudo <prudo@xxxxxxxxxx>, Sasha Levin <sashal@xxxxxxxxxx>, Baoquan He <bhe@xxxxxxxxxx>, Alexander Egorenkov <egorenar@xxxxxxxxxxxxx>, "open list:S390" <linux-s390@xxxxxxxxxxxxxxx>, Catalin Marinas <catalin.marinas@xxxxxxx>, Will Deacon <will@xxxxxxxxxx>, Michael Ellerman <mpe@xxxxxxxxxxxxxx>, Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>, Paul Mackerras <paulus@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Eric Biederman <ebiederm@xxxxxxxxxxxx>, Mimi Zohar <zohar@xxxxxxxxxxxxx>, "Naveen N. Rao" <naveen.n.rao@xxxxxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)" <linux-arm-kernel@xxxxxxxxxxxxxxxxxxx>, "open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)" <linuxppc-dev@xxxxxxxxxxxxxxxx>, "open list:KEXEC" <kexec@xxxxxxxxxxxxxxxxxxx>, Coiby Xu <coxu@xxxxxxxxxx>, keyrings@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, James Morse <james.morse@xxxxxxx>, AKASHI Takahiro <takahiro.akashi@xxxxxxxxxx>
In-reply-to: <cover.1663951201.git.msuchanek@suse.de>
References: <cover.1663951201.git.msuchanek@suse.de>

On Fri, Sep 23, 2022 at 07:10:28PM +0200, Michal Suchanek wrote:
> Hello,
> 
> this is backport of commit 0d519cadf751
> ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
> to table 5.15 tree including the preparatory patches.

This feels to me like a new feature for arm64, one that has never worked
before and you are just making it feature-parity with x86, right?

Or is this a regression fix somewhere?  Why is this needed in 5.15.y and
why can't people who need this new feature just use a newer kernel
version (5.19?)

thanks,

greg k-h

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Follow-Ups:
- Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
  - From: Michal Suchánek

References:
- [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
  - From: Michal Suchanek

Prev by Date: [PATCH] s390/tape: Add __init/__exit annotations to module init/exit funcs
Next by Date: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
Previous by thread: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
Next by thread: Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Development] [Kernel Newbies] [IDE] [Security] [Git] [Netfilter] [Bugtraq] [Yosemite Info] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Linux ATA RAID] [Samba] [Linux Media] [Device Mapper]