| Message ID | 20181018000305.9502-1-cascardo@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Bionic] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot | expand |
On Wed, Oct 17, 2018 at 09:03:05PM -0300, Thadeu Lima de Souza Cascardo wrote: > From: Yannik Sembritzki <yannik@sembritzki.me> > > BugLink: https://bugs.launchpad.net/bugs/1798441 > > The split of .system_keyring into .builtin_trusted_keys and > .secondary_trusted_keys broke kexec, thereby preventing kernels signed by > keys which are now in the secondary keyring from being kexec'd. > > Fix this by passing VERIFY_USE_SECONDARY_KEYRING to > verify_pefile_signature(). > > Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") > Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> > Signed-off-by: David Howells <dhowells@redhat.com> > Cc: kexec@lists.infradead.org > Cc: keyrings@vger.kernel.org > Cc: linux-security-module@vger.kernel.org > Cc: stable@kernel.org > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > (backported from commit ea93102f32244e3f45c8b26260be77ed0cc1d16c) > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com>
On 18.10.18 02:03, Thadeu Lima de Souza Cascardo wrote: > From: Yannik Sembritzki <yannik@sembritzki.me> > > BugLink: https://bugs.launchpad.net/bugs/1798441 > > The split of .system_keyring into .builtin_trusted_keys and > .secondary_trusted_keys broke kexec, thereby preventing kernels signed by > keys which are now in the secondary keyring from being kexec'd. > > Fix this by passing VERIFY_USE_SECONDARY_KEYRING to > verify_pefile_signature(). > > Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") > Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> > Signed-off-by: David Howells <dhowells@redhat.com> > Cc: kexec@lists.infradead.org > Cc: keyrings@vger.kernel.org > Cc: linux-security-module@vger.kernel.org > Cc: stable@kernel.org > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > (backported from commit ea93102f32244e3f45c8b26260be77ed0cc1d16c) > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- Verified that the used pointer is indeed the definition of VERIFY_USE_SECONDARY_KEYRING in Cosmic (changed state of the bug report to fix released for devel as this had been applied to Cosmic before release) and also verified that the verification counter-part has a check for (void *)1UL to match. -Stefan > arch/x86/kernel/kexec-bzimage64.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c > index 7722b08db6a4..57abde6e3475 100644 > --- a/arch/x86/kernel/kexec-bzimage64.c > +++ b/arch/x86/kernel/kexec-bzimage64.c > @@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loader_data) > static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) > { > return verify_pefile_signature(kernel, kernel_len, > - NULL, > + ((struct key *)1UL), > VERIFYING_KEXEC_PE_SIGNATURE); > } > #endif >
On 18.10.18 02:03, Thadeu Lima de Souza Cascardo wrote: > From: Yannik Sembritzki <yannik@sembritzki.me> > > BugLink: https://bugs.launchpad.net/bugs/1798441 > > The split of .system_keyring into .builtin_trusted_keys and > .secondary_trusted_keys broke kexec, thereby preventing kernels signed by > keys which are now in the secondary keyring from being kexec'd. > > Fix this by passing VERIFY_USE_SECONDARY_KEYRING to > verify_pefile_signature(). > > Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") > Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> > Signed-off-by: David Howells <dhowells@redhat.com> > Cc: kexec@lists.infradead.org > Cc: keyrings@vger.kernel.org > Cc: linux-security-module@vger.kernel.org > Cc: stable@kernel.org > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > (backported from commit ea93102f32244e3f45c8b26260be77ed0cc1d16c) > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > arch/x86/kernel/kexec-bzimage64.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c > index 7722b08db6a4..57abde6e3475 100644 > --- a/arch/x86/kernel/kexec-bzimage64.c > +++ b/arch/x86/kernel/kexec-bzimage64.c > @@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loader_data) > static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) > { > return verify_pefile_signature(kernel, kernel_len, > - NULL, > + ((struct key *)1UL), > VERIFYING_KEXEC_PE_SIGNATURE); > } > #endif > Applied to bionic/master-next. Thanks. -Stefan
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 7722b08db6a4..57abde6e3475 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loader_data) static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) { return verify_pefile_signature(kernel, kernel_len, - NULL, + ((struct key *)1UL), VERIFYING_KEXEC_PE_SIGNATURE); } #endif