Re: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE

David Howells Tue, 16 Jan 2018 08:32:31 -0800

I think that your code isn't quite right.  Looking at the patched code:

    #ifdef CONFIG_KEXEC_SIG
        sig_err = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
                                           image->kernel_buf_len);
        if (sig_err)
                pr_debug("kernel signature verification failed.\n");
        else
                pr_debug("kernel signature verification successful.\n");
    #endif


        if (sig_err && IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
                ret = sig_err;
                goto out;
        }

If the signature check fails because the signature is bad, but
CONFIG_KEXEC_SIG_FORCE=n then it now won't fail when it should.

If sig_err is -EKEYREJECTED, -EKEYEXPIRED or -EKEYREVOKED then it must fail,
even if the signature check isn't forced.

David

Re: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE

Reply via email to