Commit 04340249 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity 

Pull integrity updates from Mimi Zohar:
 "Aside from the one EVM cleanup patch, all the other changes are kexec
  related.

  On different architectures different keyrings are used to verify the
  kexec'ed kernel image signature. Here are a number of preparatory
  cleanup patches and the patches themselves for making the keyrings -
  builtin_trusted_keyring, .machine, .secondary_trusted_keyring, and
  .platform - consistent across the different architectures"

* tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
  arm64: kexec_file: use more system keyrings to verify kernel image signature
  kexec, KEYS: make the code in bzImage64_verify_sig generic
  kexec: clean up arch_kexec_kernel_verify_sig
  kexec: drop weak attribute from functions
  kexec_file: drop weak attribute from functions
  evm: Use IS_ENABLED to initialize .enabled
parents 87fe1adb 88b61b13

arch/arm64/include/asm/kexec.h

+16 −2
Original line number Diff line number Diff line
@@ -84,16 +84,30 @@ static inline void crash_setup_regs(struct pt_regs *newregs, 
extern bool crash_is_nosave(unsigned long pfn);

extern void crash_prepare_suspend(void);

extern void crash_post_resume(void);



void crash_free_reserved_phys_range(unsigned long begin, unsigned long end);

#define crash_free_reserved_phys_range crash_free_reserved_phys_range

#else

static inline bool crash_is_nosave(unsigned long pfn) {return false; }

static inline void crash_prepare_suspend(void) {}

static inline void crash_post_resume(void) {}

#endif



struct kimage;



#if defined(CONFIG_KEXEC_CORE)

void cpu_soft_restart(unsigned long el2_switch, unsigned long entry,

		      unsigned long arg0, unsigned long arg1,

		      unsigned long arg2);



int machine_kexec_post_load(struct kimage *image);

#define machine_kexec_post_load machine_kexec_post_load



void arch_kexec_protect_crashkres(void);

#define arch_kexec_protect_crashkres arch_kexec_protect_crashkres



void arch_kexec_unprotect_crashkres(void);

#define arch_kexec_unprotect_crashkres arch_kexec_unprotect_crashkres

#endif



#define ARCH_HAS_KIMAGE_ARCH
@@ -113,9 +127,9 @@ struct kimage_arch { 
#ifdef CONFIG_KEXEC_FILE

extern const struct kexec_file_ops kexec_image_ops;



struct kimage;

int arch_kimage_file_post_load_cleanup(struct kimage *image);

#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup



extern int arch_kimage_file_post_load_cleanup(struct kimage *image);

extern int load_other_segments(struct kimage *image,

		unsigned long kernel_load_addr, unsigned long kernel_size,

		char *initrd, unsigned long initrd_len,

arch/arm64/kernel/kexec_image.c

+1 −10
Original line number Diff line number Diff line
@@ -14,7 +14,6 @@ 
#include <linux/kexec.h>

#include <linux/pe.h>

#include <linux/string.h>

#include <linux/verification.h>

#include <asm/byteorder.h>

#include <asm/cpufeature.h>

#include <asm/image.h>
@@ -130,18 +129,10 @@ static void *image_load(struct kimage *image, 
	return NULL;

}



#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG

static int image_verify_sig(const char *kernel, unsigned long kernel_len)

{

	return verify_pefile_signature(kernel, kernel_len, NULL,

				       VERIFYING_KEXEC_PE_SIGNATURE);

}

#endif



const struct kexec_file_ops kexec_image_ops = {

	.probe = image_probe,

	.load = image_load,

#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG

	.verify_sig = image_verify_sig,

	.verify_sig = kexec_kernel_verify_pe_sig,

#endif

};

arch/powerpc/include/asm/kexec.h

+14 −0
Original line number Diff line number Diff line
@@ -98,6 +98,11 @@ void relocate_new_kernel(unsigned long indirection_page, unsigned long reboot_co 


void kexec_copy_flush(struct kimage *image);



#if defined(CONFIG_CRASH_DUMP) && defined(CONFIG_PPC_RTAS)

void crash_free_reserved_phys_range(unsigned long begin, unsigned long end);

#define crash_free_reserved_phys_range crash_free_reserved_phys_range

#endif



#ifdef CONFIG_KEXEC_FILE

extern const struct kexec_file_ops kexec_elf64_ops;
@@ -120,6 +125,15 @@ int setup_purgatory(struct kimage *image, const void *slave_code, 
#ifdef CONFIG_PPC64

struct kexec_buf;



int arch_kexec_kernel_image_probe(struct kimage *image, void *buf, unsigned long buf_len);

#define arch_kexec_kernel_image_probe arch_kexec_kernel_image_probe



int arch_kimage_file_post_load_cleanup(struct kimage *image);

#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup



int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);

#define arch_kexec_locate_mem_hole arch_kexec_locate_mem_hole



int load_crashdump_segments_ppc64(struct kimage *image,

				  struct kexec_buf *kbuf);

int setup_purgatory_ppc64(struct kimage *image, const void *slave_code,

arch/s390/include/asm/kexec.h

+14 −0
Original line number Diff line number Diff line
@@ -85,6 +85,17 @@ struct kimage_arch { 
extern const struct kexec_file_ops s390_kexec_image_ops;

extern const struct kexec_file_ops s390_kexec_elf_ops;



#ifdef CONFIG_CRASH_DUMP

void crash_free_reserved_phys_range(unsigned long begin, unsigned long end);

#define crash_free_reserved_phys_range crash_free_reserved_phys_range



void arch_kexec_protect_crashkres(void);

#define arch_kexec_protect_crashkres arch_kexec_protect_crashkres



void arch_kexec_unprotect_crashkres(void);

#define arch_kexec_unprotect_crashkres arch_kexec_unprotect_crashkres

#endif



#ifdef CONFIG_KEXEC_FILE

struct purgatory_info;

int arch_kexec_apply_relocations_add(struct purgatory_info *pi,
@@ -92,5 +103,8 @@ int arch_kexec_apply_relocations_add(struct purgatory_info *pi, 
				     const Elf_Shdr *relsec,

				     const Elf_Shdr *symtab);

#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add



int arch_kimage_file_post_load_cleanup(struct kimage *image);

#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup

#endif

#endif /*_S390_KEXEC_H */

arch/s390/kernel/machine_kexec_file.c

+13 −5
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len) 
	const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;

	struct module_signature *ms;

	unsigned long sig_len;

	int ret;



	/* Skip signature verification when not secure IPLed. */

	if (!ipl_secure_flag)
@@ -65,11 +66,18 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len) 
		return -EBADMSG;

	}



	return verify_pkcs7_signature(kernel, kernel_len,

	ret = verify_pkcs7_signature(kernel, kernel_len,

				     kernel + kernel_len, sig_len,

				     VERIFY_USE_SECONDARY_KEYRING,

				     VERIFYING_MODULE_SIGNATURE,

				     NULL, NULL);

	if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING))

		ret = verify_pkcs7_signature(kernel, kernel_len,

					     kernel + kernel_len, sig_len,

					     VERIFY_USE_PLATFORM_KEYRING,

					     VERIFYING_MODULE_SIGNATURE,

					     NULL, NULL);

	return ret;

}

#endif /* CONFIG_KEXEC_SIG */