Re: [PATCH v8 3/4] arm64: kexec_file: use more system keyrings to verify kernel image signature

Hello, On Thu, Jun 09, 2022 at 07:15:27PM -0400, Mimi Zohar wrote: > On Thu, 2022-05-12 at 15:01 +0800, Coiby Xu wrote: > > Currently, a problem faced by arm64 is if a kernel image is signed by a > > MOK key, loading it via the kexec_file_load() system call would be > > rejected with the error "Lo

Re: [PATCH v8 3/4] arm64: kexec_file: use more system keyrings to verify kernel image signature

On Thu, Jun 09, 2022 at 07:15:27PM -0400, Mimi Zohar wrote: On Thu, 2022-05-12 at 15:01 +0800, Coiby Xu wrote: Currently, a problem faced by arm64 is if a kernel image is signed by a MOK key, loading it via the kexec_file_load() system call would be rejected with the error "Lockdown: kexec: kexe

Re: [PATCH v8 3/4] arm64: kexec_file: use more system keyrings to verify kernel image signature

On Thu, 2022-05-12 at 15:01 +0800, Coiby Xu wrote: > Currently, a problem faced by arm64 is if a kernel image is signed by a > MOK key, loading it via the kexec_file_load() system call would be > rejected with the error "Lockdown: kexec: kexec of unsigned images is > restricted; see man kernel_lock

[PATCH v8 3/4] arm64: kexec_file: use more system keyrings to verify kernel image signature

Currently, a problem faced by arm64 is if a kernel image is signed by a MOK key, loading it via the kexec_file_load() system call would be rejected with the error "Lockdown: kexec: kexec of unsigned images is restricted; see man kernel_lockdown.7". This happens because image_verify_sig uses only t