Re: FAILED: patch "[PATCH] arm64: kexec_file: use more system keyrings to verify kernel" failed to apply to 5.19-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Aug 16, 2022 at 06:45:59PM +0800, Coiby Xu wrote:
> On Tue, Aug 16, 2022 at 09:59:57AM +0200, Greg KH wrote:
> > On Tue, Aug 16, 2022 at 02:32:56PM +0800, Coiby Xu wrote:
> > > Hi Greg,
> > > 
> > > Good to see you here:)
> > > 
> > > On Mon, Aug 15, 2022 at 05:33:03PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> > > >
> > > > The patch below does not apply to the 5.19-stable tree.
> > > > If someone wants it applied there, or to any other stable or longterm
> > > > tree, then please email the backport, including the original git commit
> > > > id to <stable@xxxxxxxxxxxxxxx>.
> > > >
> > > > thanks,
> > > >
> > > > greg k-h
> > > >
> > > > ------------------ original commit in Linus's tree ------------------
> > > >
> > > > > From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
> > > > From: Coiby Xu <coxu@xxxxxxxxxx>
> > > > Date: Thu, 14 Jul 2022 21:40:26 +0800
> > > > Subject: [PATCH] arm64: kexec_file: use more system keyrings to verify kernel
> > > > image signature
> > > >
> > > > Currently, when loading a kernel image via the kexec_file_load() system
> > > > call, arm64 can only use the .builtin_trusted_keys keyring to verify
> > > > a signature whereas x86 can use three more keyrings i.e.
> > > > .secondary_trusted_keys, .machine and .platform keyrings. For example,
> > > > one resulting problem is kexec'ing a kernel image  would be rejected
> > > > with the error "Lockdown: kexec: kexec of unsigned images is restricted;
> > > > see man kernel_lockdown.7".
> > > >
> > > > This patch set enables arm64 to make use of the same keyrings as x86 to
> > > > verify the signature kexec'ed kernel image.
> > > >
> > > > Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
> > > > Cc: stable@xxxxxxxxxxxxxxx # 105e10e2cf1c: kexec_file: drop weak attribute from functions
> > 
> > This is not a valid commit id in Linus's tree.
> > 
> > > > Cc: stable@xxxxxxxxxxxxxxx # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
> > 
> > This is not a valid commit id in Linus's tree
> > 
> > > > Cc: stable@xxxxxxxxxxxxxxx # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
> > 
> > And this too is not a valid commit in Linus's tree.
> 
> Sorry for the confusion. The correct commit ids are as follows,
> 
> 0738eceb6201 ("kexec: drop weak attribute from functions")
> 689a71493bd2 ("kexec: clean up arch_kexec_kernel_verify_sig")
> c903dae8941d ("kexec, KEYS: make the code in bzImage64_verify_sig generic")

What order do they need to be applied in?

thanks,

greg k-h
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux