[PATCH 0/3] KEXEC_SIG with appended signature
Michal Suchanek
msuchanek at suse.de
Thu Nov 4 01:27:05 AEDT 2021
S390 uses appended signature for kernel but implements the check
separately from module loader.
Support for secure boot on powerpc with appended signature is planned -
grub patches submitted upstream but not yet merged.
This is an attempt at unified appended signature verification.
Thanks
Michal
Michal Suchanek (3):
s390/kexec_file: Don't opencode appended signature verification.
module: strip the signature marker in the verification function.
powerpc/kexec_file: Add KEXEC_SIG support.
arch/powerpc/Kconfig | 11 +++++++
arch/powerpc/kexec/elf_64.c | 14 +++++++++
arch/s390/kernel/machine_kexec_file.c | 42 +++------------------------
include/linux/verification.h | 3 ++
kernel/module-internal.h | 2 --
kernel/module.c | 11 +++----
kernel/module_signing.c | 32 ++++++++++++++------
7 files changed, 59 insertions(+), 56 deletions(-)
--
2.31.1
More information about the Linuxppc-dev
mailing list