[PATCH 0/4] Unifrom keyring support across architectures and functions
Michal Suchanek
msuchanek at suse.de
Tue Feb 15 11:39:37 PST 2022
While testing KEXEC_SIG on powerpc I noticed discrepancy in support for
different keyrings across architectures and between KEXEC_SIG and
MODULE_SIG. Fix this by enabling suport for the missing keyrings.
The latter two patches obviously conflict with the ongoing module code
cleanup. If they turn out desirable I will add them to the other series
dealing with KEXEC_SIG.
The arm patches can be merged independently.
Thanks
Michal
Michal Suchanek (4):
Fix arm64 kexec forbidding kernels signed with keys in the secondary
keyring to boot
kexec, KEYS, arm64: Make use of platform keyring for signature
verification
kexec, KEYS, s390: Make use of built-in and secondary keyring for
signature verification
module, KEYS: Make use of platform keyring for signature verification
arch/arm64/kernel/kexec_image.c | 13 +++++++++++--
arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++-----
kernel/module_signing.c | 14 ++++++++++----
3 files changed, 34 insertions(+), 11 deletions(-)
--
2.31.1
More information about the linux-arm-kernel
mailing list