[v1,0/2] Fix kexec of pesigned images

Message ID	20230217201435.39784-1-rharwood@redhat.com (mailing list archive)
Headers	show Return-Path: <keyrings-owner@vger.kernel.org> From: Robbie Harwood <rharwood@redhat.com> To: keyrings@vger.kernel.org, David Howells <dhowells@redhat.com> Cc: Robbie Harwood <rharwood@redhat.com> Subject: [PATCH v1 0/2] Fix kexec of pesigned images Date: Fri, 17 Feb 2023 15:14:33 -0500 Message-Id: <20230217201435.39784-1-rharwood@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Fix kexec of pesigned images \| expand [v1,0/2] Fix kexec of pesigned images [v1,1/2] verify_pefile: relax wrapper length check [v1,2/2] asymmetric_keys: log on fatal failures in PE/pkcs7

Message ID

20230217201435.39784-1-rharwood@redhat.com (mailing list archive)

Headers

From: Robbie Harwood <rharwood@redhat.com>
To: keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Cc: Robbie Harwood <rharwood@redhat.com>
Subject: [PATCH v1 0/2] Fix kexec of pesigned images
Date: Fri, 17 Feb 2023 15:14:33 -0500
Message-Id: <20230217201435.39784-1-rharwood@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Fix kexec of pesigned images | expand

Message

Robbie Harwood Feb. 17, 2023, 8:14 p.m. UTC

Hello,

In order to comply with the PE specification, recent versions of pesign do not
include 8-byte padding in the dwLength field.  kexec of signed images has
therefore not worked in Fedora (which uses pesign) for some time.

The first commit relaxes the check in order to fix this issue.  The second
upgrades several pe_debug() messages to pe_info() in order to make this more
debuggable on systems with secureboot lockdown in place.

Be well,
--Robbie

Robbie Harwood (2):
  verify_pefile: relax wrapper length check
  asymmetric_keys: log on fatal failures in PE/pkcs7

 crypto/asymmetric_keys/pkcs7_verify.c  | 10 ++++----
 crypto/asymmetric_keys/verify_pefile.c | 32 +++++++++++++++-----------
 2 files changed, 23 insertions(+), 19 deletions(-)