[v2,0/2] Fix kexec of pesigned images

Message

Robbie Harwood Feb. 20, 2023, 5:12 p.m. UTC

In order to comply with the PE specification, recent versions of pesign do not
include 8-byte padding in the dwLength field.  kexec of signed images has
therefore not worked in Fedora (which uses pesign) for some time.

The first commit relaxes the check in order to fix this issue.  The second
upgrades several pe_debug() messages to pe_warn() in order to make this more
debuggable on systems with secureboot lockdown in place.

Changelog:
v2:
- Fix linking syntax in first commit message
- Upgrade to pr_warn() in second commit at dhowells's suggestion

Be well,
--Robbie

Robbie Harwood (2):
  verify_pefile: relax wrapper length check
  asymmetric_keys: log on fatal failures in PE/pkcs7

 crypto/asymmetric_keys/pkcs7_verify.c  | 10 ++++----
 crypto/asymmetric_keys/verify_pefile.c | 32 +++++++++++++++-----------
 2 files changed, 23 insertions(+), 19 deletions(-)