Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e23a8020 authored Feb 26, 2019 by Philipp Rudo Committed by Martin Schwidefsky Apr 29, 2019

s390/kexec_file: Signature verification prototype



Add kernel signature verification to kexec_file. The verification is based
on module signature verification and works with kernel images signed via
scripts/sign-file.

Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

parent 653beba2

arch/s390/Kconfig

+11 −0

Original line number	Diff line number	Diff line
		@@ -553,6 +553,17 @@ config ARCH_HAS_KEXEC_PURGATORY
		def_bool y
		depends on KEXEC_FILE

		config KEXEC_VERIFY_SIG
		bool "Verify kernel signature during kexec_file_load() syscall"
		depends on KEXEC_FILE && SYSTEM_DATA_VERIFICATION
		help
		This option makes kernel signature verification mandatory for
		the kexec_file_load() syscall.

		In addition to that option, you need to enable signature
		verification for the corresponding kernel image type being
		loaded in order for this to work.

		config ARCH_RANDOM
		def_bool y
		prompt "s390 architectural random number generation API"

arch/s390/configs/debug_defconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -64,6 +64,7 @@ CONFIG_NUMA=y
		CONFIG_PREEMPT=y
		CONFIG_HZ_100=y
		CONFIG_KEXEC_FILE=y
		CONFIG_KEXEC_VERIFY_SIG=y
		CONFIG_EXPOLINE=y
		CONFIG_EXPOLINE_AUTO=y
		CONFIG_MEMORY_HOTPLUG=y

arch/s390/configs/performance_defconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,7 @@ CONFIG_NR_CPUS=512
		CONFIG_NUMA=y
		CONFIG_HZ_100=y
		CONFIG_KEXEC_FILE=y
		CONFIG_KEXEC_VERIFY_SIG=y
		CONFIG_EXPOLINE=y
		CONFIG_EXPOLINE_AUTO=y
		CONFIG_MEMORY_HOTPLUG=y

arch/s390/defconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -39,6 +39,7 @@ CONFIG_NR_CPUS=256
		CONFIG_NUMA=y
		CONFIG_HZ_100=y
		CONFIG_KEXEC_FILE=y
		CONFIG_KEXEC_VERIFY_SIG=y
		CONFIG_CRASH_DUMP=y
		CONFIG_HIBERNATION=y
		CONFIG_PM_DEBUG=y

arch/s390/include/asm/kexec.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,7 @@ struct s390_load_data {
		size_t memsz;
		};

		int s390_verify_sig(const char *kernel, unsigned long kernel_len);
		void kexec_file_add_components(struct kimage image,
		int (add_kernel)(struct kimage image,
		struct s390_load_data *data));