git.baikalelectronics.ru Git - kernel.git/commit

author	Coiby Xu <coxu@redhat.com>
	Thu, 14 Jul 2022 13:40:25 +0000 (21:40 +0800)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Fri, 15 Jul 2022 16:21:16 +0000 (12:21 -0400)
commit	30d78f94c75030eb46096935251bc2493e611955
tree	e36423f7902aa6e217396efaa0b4e67d5f495052	tree \| snapshot
parent	9177ee9cd2b490ff09ce240e7342fecfaba70b0f	commit \| diff

kexec, KEYS: make the code in bzImage64_verify_sig generic

commit df649a59fa42 ("kexec, KEYS: Make use of platform keyring for
signature verify") adds platform keyring support on x86 kexec but not
arm64.

The code in bzImage64_verify_sig uses the keys on the
.builtin_trusted_keys, .machine, if configured and enabled,
.secondary_trusted_keys, also if configured, and .platform keyrings
to verify the signed kernel image as PE file.

Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Reviewed-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

arch/x86/kernel/kexec-bzimage64.c		diff \| blob \| history
include/linux/kexec.h		diff \| blob \| history
kernel/kexec_file.c		diff \| blob \| history