git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Coiby Xu <coxu@redhat.com>
	Thu, 14 Jul 2022 13:40:25 +0000 (21:40 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 21 Aug 2022 13:20:08 +0000 (15:20 +0200)
commit	6871b2590a0fb367b751ae3dc243f1d26b82de03
tree	c465cca00d04fcb9a150737302e00520bf4cdf09	tree \| snapshot
parent	9f2ba6f2c52be368e7ab3699b72a3d829c36c062	commit \| diff

kexec, KEYS: make the code in bzImage64_verify_sig generic

commit c903dae8941deb55043ee46ded29e84e97cd84bb upstream.

commit 278311e417be ("kexec, KEYS: Make use of platform keyring for
signature verify") adds platform keyring support on x86 kexec but not
arm64.

The code in bzImage64_verify_sig uses the keys on the
.builtin_trusted_keys, .machine, if configured and enabled,
.secondary_trusted_keys, also if configured, and .platform keyrings
to verify the signed kernel image as PE file.

Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Reviewed-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/x86/kernel/kexec-bzimage64.c		diff \| blob \| blame \| history
include/linux/kexec.h		diff \| blob \| blame \| history
kernel/kexec_file.c		diff \| blob \| blame \| history