[PATCH 00/15][V4] kexec: A new system call to allow in kernel loading

Andrew Morton akpm at linux-foundation.org
Thu Jun 26 13:58:11 PDT 2014


On Thu, 26 Jun 2014 16:33:29 -0400 Vivek Goyal <vgoyal at redhat.com> wrote:

> This patch series does not do kernel signature verification yet. I plan
> to post another patch series for that. Now distributions are already signing
> PE/COFF bzImage with PKCS7 signature I plan to parse and verify those
> signatures.
> 
> Primary goal of this patchset is to prepare groundwork so that kernel
> image can be signed and signatures be verified during kexec load. This
> should help with two things.
> 
> - It should allow kexec/kdump on secureboot enabled machines.
> 
> - In general it can help even without secureboot. By being able to verify
>   kernel image signature in kexec, it should help with avoiding module
>   signing restrictions. Matthew Garret showed how to boot into a custom
>   kernel, modify first kernel's memory and then jump back to old kernel and
>   bypass any policy one wants to.
> 
> I hope these patches can be queued up for 3.17. Even without signature
> verification support, they provide new syscall functionality. But I
> wil leave it to maintainers to decide if they want signature verification
> support also be ready to merge before they merge this patchset.

Well, this is an absolute ton of new code, much of it pretty complex. 
And I believe the entire point of this work is to enable image
signature checking, but that hasn't been implemented yet?

In which case I'm thinking it would be unwise to merge these parts into
mainline - if signature checking doesn't work or fails review or if you
get hit by a bus then we'd be left with a large lump of rather useless
code?

In which case I'm inclined to put this series into -next and keep it
there pending completion of the signature checking part.




More information about the kexec mailing list