Commit 732b7b93 authored by AKASHI Takahiro's avatar AKASHI Takahiro Committed by Will Deacon

arm64: kexec_file: add kernel signature verification support

With this patch, kernel verification can be done without IMA security
subsystem enabled. Turn on CONFIG_KEXEC_VERIFY_SIG instead.

On x86, a signature is embedded into a PE file (Microsoft's format) header
of binary. Since arm64's "Image" can also be seen as a PE file as far as
CONFIG_EFI is enabled, we adopt this format for kernel signing.

You can create a signed kernel image with:
    $ sbsign --key ${KEY} --cert ${CERT} Image
Signed-off-by: default avatarAKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Reviewed-by: default avatarJames Morse <james.morse@arm.com>
[will: removed useless pr_debug()]
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
parent 702ed5bb
......@@ -867,6 +867,30 @@ config KEXEC_FILE
for kernel and initramfs as opposed to list of segments as
accepted by previous system call.
config KEXEC_VERIFY_SIG
bool "Verify kernel signature during kexec_file_load() syscall"
depends on KEXEC_FILE
help
Select this option to verify a signature with loaded kernel
image. If configured, any attempt of loading a image without
valid signature will fail.
In addition to that option, you need to enable signature
verification for the corresponding kernel image type being
loaded in order for this to work.
config KEXEC_IMAGE_VERIFY_SIG
bool "Enable Image signature verification support"
default y
depends on KEXEC_VERIFY_SIG
depends on EFI && SIGNED_PE_FILE_VERIFICATION
help
Enable Image signature verification support.
comment "Support for PE file signature verification disabled"
depends on KEXEC_VERIFY_SIG
depends on !EFI || !SIGNED_PE_FILE_VERIFICATION
config CRASH_DUMP
bool "Build kdump crash kernel"
help
......
......@@ -12,7 +12,9 @@
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/kexec.h>
#include <linux/pe.h>
#include <linux/string.h>
#include <linux/verification.h>
#include <asm/byteorder.h>
#include <asm/cpufeature.h>
#include <asm/image.h>
......@@ -20,13 +22,13 @@
static int image_probe(const char *kernel_buf, unsigned long kernel_len)
{
const struct arm64_image_header *h;
const struct arm64_image_header *h =
(const struct arm64_image_header *)(kernel_buf);
h = (const struct arm64_image_header *)(kernel_buf);
if (!h || (kernel_len < sizeof(*h)))
return -EINVAL;
if (!h || (kernel_len < sizeof(*h)) ||
memcmp(&h->magic, ARM64_IMAGE_MAGIC,
sizeof(h->magic)))
if (memcmp(&h->magic, ARM64_IMAGE_MAGIC, sizeof(h->magic)))
return -EINVAL;
return 0;
......@@ -107,7 +109,18 @@ static void *image_load(struct kimage *image,
return ERR_PTR(ret);
}
#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
static int image_verify_sig(const char *kernel, unsigned long kernel_len)
{
return verify_pefile_signature(kernel, kernel_len, NULL,
VERIFYING_KEXEC_PE_SIGNATURE);
}
#endif
const struct kexec_file_ops kexec_image_ops = {
.probe = image_probe,
.load = image_load,
#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
.verify_sig = image_verify_sig,
#endif
};
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment