Re: [PATCH v5 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature

On Mon, Apr 11, 2022 at 10:59:38AM +0200, Michal Suchánek wrote: On Fri, Apr 01, 2022 at 09:31:18AM +0800, Coiby Xu wrote: Currently, a problem faced by arm64 is if a kernel image is signed by a MOK key, loading it via the kexec_file_load() system call would be rejected with the error "Lockdown:

Re: [PATCH v5 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature

On Fri, Apr 01, 2022 at 09:31:18AM +0800, Coiby Xu wrote: > Currently, a problem faced by arm64 is if a kernel image is signed by a > MOK key, loading it via the kexec_file_load() system call would be > rejected with the error "Lockdown: kexec: kexec of unsigned images is > restricted; see man kern

[PATCH v5 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature

Currently, a problem faced by arm64 is if a kernel image is signed by a MOK key, loading it via the kexec_file_load() system call would be rejected with the error "Lockdown: kexec: kexec of unsigned images is restricted; see man kernel_lockdown.7". This patch allows to verify arm64 kernel image si