[thirdparty/kernel/stable-queue.git] / releases / 4.14.69 / fix-kexec-forbidding-kernels-signed-with-keys-in-the-secondary-keyring-to-boot.patch

From ea93102f32244e3f45c8b26260be77ed0cc1d16c Mon Sep 17 00:00:00 2001
From: Yannik Sembritzki <yannik@sembritzki.me>
Date: Thu, 16 Aug 2018 14:05:23 +0100
Subject: Fix kexec forbidding kernels signed with keys in the secondary keyring to boot

From: Yannik Sembritzki <yannik@sembritzki.me>

commit ea93102f32244e3f45c8b26260be77ed0cc1d16c upstream.

The split of .system_keyring into .builtin_trusted_keys and
.secondary_trusted_keys broke kexec, thereby preventing kernels signed by
keys which are now in the secondary keyring from being kexec'd.

Fix this by passing VERIFY_USE_SECONDARY_KEYRING to
verify_pefile_signature().

Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically")
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/kexec-bzimage64.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loade
 static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
 {
 	return verify_pefile_signature(kernel, kernel_len,
-				       NULL,
+				       VERIFY_USE_SECONDARY_KEYRING,
 				       VERIFYING_KEXEC_PE_SIGNATURE);
 }
 #endif
Commit	Line	Data
bed0f502 GKH	1	From ea93102f32244e3f45c8b26260be77ed0cc1d16c Mon Sep 17 00:00:00 2001
	2	From: Yannik Sembritzki <yannik@sembritzki.me>
	3	Date: Thu, 16 Aug 2018 14:05:23 +0100
	4	Subject: Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
	5
	6	From: Yannik Sembritzki <yannik@sembritzki.me>
	7
	8	commit ea93102f32244e3f45c8b26260be77ed0cc1d16c upstream.
	9
	10	The split of .system_keyring into .builtin_trusted_keys and
	11	.secondary_trusted_keys broke kexec, thereby preventing kernels signed by
	12	keys which are now in the secondary keyring from being kexec'd.
	13
	14	Fix this by passing VERIFY_USE_SECONDARY_KEYRING to
	15	verify_pefile_signature().
	16
	17	Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically")
	18	Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
	19	Signed-off-by: David Howells <dhowells@redhat.com>
	20	Cc: kexec@lists.infradead.org
	21	Cc: keyrings@vger.kernel.org
	22	Cc: linux-security-module@vger.kernel.org
	23	Cc: stable@kernel.org
	24	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	25	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	26
	27	---
	28	arch/x86/kernel/kexec-bzimage64.c \| 2 +-
	29	1 file changed, 1 insertion(+), 1 deletion(-)
	30
	31	--- a/arch/x86/kernel/kexec-bzimage64.c
	32	+++ b/arch/x86/kernel/kexec-bzimage64.c
	33	@@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loade
	34	static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
	35	{
	36	return verify_pefile_signature(kernel, kernel_len,
	37	- NULL,
	38	+ VERIFY_USE_SECONDARY_KEYRING,
	39	VERIFYING_KEXEC_PE_SIGNATURE);
	40	}
	41	#endif