drop queue-5.15/arm64-kexec_file-use-more-system-keyrings-to-verify-.patch

didn't build :(

diff --git a/queue-5.15/arm64-kexec_file-use-more-system-keyrings-to-verify-.patch b/queue-5.15/arm64-kexec_file-use-more-system-keyrings-to-verify-.patch
deleted file mode 100644 (file)
index 400e084..0000000
--- a/queue-5.15/arm64-kexec_file-use-more-system-keyrings-to-verify-.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 8563af973a0b127e5fef22dd255ce2936d45e6ad Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image
- signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-[ Upstream commit 0d519cadf75184a24313568e7f489a7fc9b1be3b ]
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image  would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/arm64/kernel/kexec_image.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
-diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c
-index 9ec34690e255..5ed6a585f21f 100644
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *image,
-       return NULL;
- }
- 
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
--      return verify_pefile_signature(kernel, kernel_len, NULL,
--                                     VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
-       .probe = image_probe,
-       .load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--      .verify_sig = image_verify_sig,
-+      .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
--- 
-2.35.1
-

diff --git a/queue-5.15/series b/queue-5.15/series
index beb78374252b71882a978b5f28f210e9f9d9ad1c..472581e415818a2312284c8d29e76996edbd55a1 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -1,5 +1,4 @@
 drm-tegra-vic-fix-build-warning-when-config_pm-n.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-.patch
 serial-atmel-remove-redundant-assignment-in-rs485_co.patch
 tty-serial-atmel-preserve-previous-usart-mode-if-rs4.patch
 of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch