make the kernel accept UKIs (Unified Kernel Images) for kexec_file_load.
UKIs contain the kernel bzImage, initrd, and cmdline all packaged up as
one EFI application. The main advantage of this is that the whole
combination is signed together as a package for secure boot.
This implementation
Hello,
this patch (v2) implements UKI support for kexec_file_load. It will require
support in the kexec-tools userspace utility. For testing purposes the
following can be used: https://github.com/Cydox/kexec-test/
Creating UKIs for testing can be done with ukify (included in systemd),
sbctl, and
Signed-off-by: Jan Hendrik Farr
---
crypto/asymmetric_keys/mscode_parser.c | 2 +-
crypto/asymmetric_keys/verify_pefile.c | 99 +-
crypto/asymmetric_keys/verify_pefile.h | 16
include/linux/parse_pefile.h | 32 +++
lib/Makefile
>> > - the dtb section also is optional but supported, and given kexec
>> > supports loading a new dtb I think this change should support it too
>> > immediately. Moreover, we are adding support for multiple DTBs in a
>> > single UKI (by simply having multiple .dtb sections, and picking the
>> >
On 09/06/23 at 05:07pm, Leizhen (ThunderTown) wrote:
>
>
> On 2023/9/5 16:29, Baoquan He wrote:
> > On 09/04/23 at 10:47am, Leizhen (ThunderTown) wrote:
> >>
> >>
> >> On 2023/9/1 17:49, Baoquan He wrote:
> > +
> > + *high = true;
> > + } else if (ret ||
On 09/08/23 at 09:59pm, Philipp Stanner wrote:
> Currently, there is no overflow-check with memdup_user().
>
> Use the new function memdup_array_user() instead of memdup_user() for
> duplicating the user-space array safely.
>
> Suggested-by: David Airlie
> Signed-off-by: Philipp Stanner
> ---
On Fri, Sep 8, 2023 at 11:02 PM Philipp Stanner wrote:
>
> Currently, user array duplications are sometimes done without an
> overflow check. Sometimes the checks are done manually; sometimes the
> array size is calculated with array_size() and sometimes by calculating
> n * size directly in