Commit 99d5cadf authored by Jiri Bohac's avatar Jiri Bohac Committed by James Morris
Browse files

kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE 



This is a preparatory patch for kexec_file_load() lockdown.  A locked down
kernel needs to prevent unsigned kernel images from being loaded with
kexec_file_load().  Currently, the only way to force the signature
verification is compiling with KEXEC_VERIFY_SIG.  This prevents loading
usigned images even when the kernel is not locked down at runtime.

This patch splits KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE.
Analogous to the MODULE_SIG and MODULE_SIG_FORCE for modules, KEXEC_SIG
turns on the signature verification but allows unsigned images to be
loaded.  KEXEC_SIG_FORCE disallows images without a valid signature.

Signed-off-by: default avatarJiri Bohac <jbohac@suse.cz>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
cc: kexec@lists.infradead.org
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent fef5dad9

arch/arm64/Kconfig

+3 −3
Original line number Diff line number Diff line
@@ -961,7 +961,7 @@ config KEXEC_FILE 
	  for kernel and initramfs as opposed to list of segments as

	  accepted by previous system call.



config KEXEC_VERIFY_SIG

config KEXEC_SIG

	bool "Verify kernel signature during kexec_file_load() syscall"

	depends on KEXEC_FILE

	help
@@ -976,13 +976,13 @@ config KEXEC_VERIFY_SIG 
config KEXEC_IMAGE_VERIFY_SIG

	bool "Enable Image signature verification support"

	default y

	depends on KEXEC_VERIFY_SIG

	depends on KEXEC_SIG

	depends on EFI && SIGNED_PE_FILE_VERIFICATION

	help

	  Enable Image signature verification support.



comment "Support for PE file signature verification disabled"

	depends on KEXEC_VERIFY_SIG

	depends on KEXEC_SIG

	depends on !EFI || !SIGNED_PE_FILE_VERIFICATION



config CRASH_DUMP

arch/s390/Kconfig

+1 −1
Original line number Diff line number Diff line
@@ -555,7 +555,7 @@ config ARCH_HAS_KEXEC_PURGATORY 
	def_bool y

	depends on KEXEC_FILE



config KEXEC_VERIFY_SIG

config KEXEC_SIG

	bool "Verify kernel signature during kexec_file_load() syscall"

	depends on KEXEC_FILE && SYSTEM_DATA_VERIFICATION

	help

arch/s390/configs/debug_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -64,7 +64,7 @@ CONFIG_NUMA=y 
CONFIG_PREEMPT=y

CONFIG_HZ_100=y

CONFIG_KEXEC_FILE=y

CONFIG_KEXEC_VERIFY_SIG=y

CONFIG_KEXEC_SIG=y

CONFIG_EXPOLINE=y

CONFIG_EXPOLINE_AUTO=y

CONFIG_MEMORY_HOTPLUG=y

arch/s390/configs/defconfig

+1 −1
Original line number Diff line number Diff line
@@ -39,7 +39,7 @@ CONFIG_NR_CPUS=256 
CONFIG_NUMA=y

CONFIG_HZ_100=y

CONFIG_KEXEC_FILE=y

CONFIG_KEXEC_VERIFY_SIG=y

CONFIG_KEXEC_SIG=y

CONFIG_CRASH_DUMP=y

CONFIG_HIBERNATION=y

CONFIG_PM_DEBUG=y

arch/s390/configs/performance_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -65,7 +65,7 @@ CONFIG_NR_CPUS=512 
CONFIG_NUMA=y

CONFIG_HZ_100=y

CONFIG_KEXEC_FILE=y

CONFIG_KEXEC_VERIFY_SIG=y

CONFIG_KEXEC_SIG=y

CONFIG_EXPOLINE=y

CONFIG_EXPOLINE_AUTO=y

CONFIG_MEMORY_HOTPLUG=y

CRA Git | Maintained and supported by SUSTech CRA and CCSE