| Message ID | 20240824111234.2216355-1-lizetao1@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [-next] arm64: enable ARCH_SUPPORTS_KEXEC_SIG_FORCE for arm64 | expand |
On Sat, Aug 24, 2024 at 07:12:34PM +0800, Li Zetao wrote: > When the CONFIG_KEXEC_SIG is enabled, an illegal image is loaded through > kexec, and the illegal image is successfully loaded. The test example is > as follows: > > # cat /sys/kernel/kexec_loaded > 0 > # kexec -s -l ./Image.illegal_signature > # echo $? > 0 > # dmesg | tail > PEFILE: Digest mismatch > # cat /sys/kernel/kexec_loaded > 1 > > The root cause of this problem is that CONFIG_KEXEC_SIG_FORCE is not > enabled. Solve this problem by enabling the ARCH_SUPPORTS_KEXEC_SIG_FORCE > feature. I'm not sure this is a problem as such -- it seems to be working as intended if you look at the Kconfig help text: // Kconfig.kexec :: KEXEC_SIG | The image can still be loaded without a valid signature unless you | also enable KEXEC_SIG_FORCE, though if there's a signature that we | can check, then it must be valid. > Signed-off-by: Li Zetao <lizetao1@huawei.com> > --- > arch/arm64/Kconfig | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a2f8ff354ca6..9952c40a2bd8 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1549,6 +1549,9 @@ config ARCH_SELECTS_KEXEC_FILE > config ARCH_SUPPORTS_KEXEC_SIG > def_bool y > > +config ARCH_SUPPORTS_KEXEC_SIG_FORCE > + def_bool y I think the real question is why on Earth does KEXEC_SIG_FORCE depend on this arch option? Can't we just remove ARCH_SUPPORTS_KEXEC_SIG_FORCE, seeing as it doesn't appear to do anything? Will
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a2f8ff354ca6..9952c40a2bd8 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1549,6 +1549,9 @@ config ARCH_SELECTS_KEXEC_FILE config ARCH_SUPPORTS_KEXEC_SIG def_bool y +config ARCH_SUPPORTS_KEXEC_SIG_FORCE + def_bool y + config ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG def_bool y
When the CONFIG_KEXEC_SIG is enabled, an illegal image is loaded through kexec, and the illegal image is successfully loaded. The test example is as follows: # cat /sys/kernel/kexec_loaded 0 # kexec -s -l ./Image.illegal_signature # echo $? 0 # dmesg | tail PEFILE: Digest mismatch # cat /sys/kernel/kexec_loaded 1 The root cause of this problem is that CONFIG_KEXEC_SIG_FORCE is not enabled. Solve this problem by enabling the ARCH_SUPPORTS_KEXEC_SIG_FORCE feature. Signed-off-by: Li Zetao <lizetao1@huawei.com> --- arch/arm64/Kconfig | 3 +++ 1 file changed, 3 insertions(+)