[PATCH v4 0/3] use more system keyrings to verify arm64 kdump kernel image signature
Coiby Xu
coxu at redhat.com
Mon Mar 21 01:28:07 PDT 2022
Hi Baoquan,
On Mon, Mar 21, 2022 at 12:24:59PM +0800, Baoquan He wrote:
>Hi Coiby,
>
>On 03/18/22 at 05:40pm, Coiby Xu wrote:
>> This patch set allows arm64 to use more system keyrings to verify kdump
>> kernel image signature by making the existing code in x64 public.
>
>Could you tell more about why arm64 need use more system keyrings to
>verify kdump kernel iamge signature?
>
>What problem have you encountered to make you want to do this?
Thanks for raising this question! Currently, a problem faced by arm64 is
if a kernel image is signed by a MOK key, this kernel image would be
rejected with the error "Lockdown: kexec: kexec of unsigned images is
restricted; see man kernel_lockdown.7". I'll improve the cover letter
and the 3rd commit message to have this info.
>
>Thanks
>Baoquan
>
--
Best regards,
Coiby
More information about the kexec
mailing list