kexec_load(2) bypasses signature verification

Dave Young dyoung at redhat.com
Thu Jun 25 01:48:18 PDT 2015


On 06/19/15 at 09:09am, Vivek Goyal wrote:
> On Fri, Jun 19, 2015 at 04:18:16PM +0800, Dave Young wrote:
> > > > If we want to disable unsigned kernel loading at compile time, then we
> > > > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC.
> > > > Introducing another config option is not the way forward, IMHO.
> > > 
> > > Yes, let's do it in this way since everyone is fine with it.
> > 
> > I will work on a patch if nobody else have interest or no time on it.
> 
> Thanks Dave. Will be good if you can get this done.

Vivek, I worked out some draft patches here:
https://github.com/daveyoung/linux/commits/kexec-syscall-cleanup

Basiclly I split kexec_file first, then add CONFIG_KEXEC_CORE kconfig option
then split kexec_load code from general code.

There's a lot of #ifdef CONFIG_KEXEC in kernel source, because CONFIG_KEXEC
can be disabled so I changed all kernel general and x86 #ifdef to use
CONFIG_KEXEC_CORE if necessary. For other arches dependent code with #ifdef
I did not change anything other than the new Kconfig option. It will works
because only x86 support KEXEC_FILE.

Please take a look if you have time, if this is not what you want please let
me know.

I will have no time this week, only did building test, will do more test next
week, if everything is ok I can send out the patches to list for review.

Thanks
Dave



More information about the kexec mailing list