On 05/18/22 at 01:29pm, Heiko Carstens wrote:
On Thu, May 12, 2022 at 03:01:23PM +0800, Coiby Xu wrote:
From: Michal Suchanek msuchanek@suse.de
commit e23a8020ce4e ("s390/kexec_file: Signature verification prototype") adds support for KEXEC_SIG verification with keys from platform keyring but the built-in keys and secondary keyring are not used.
Add support for the built-in keys and secondary keyring as x86 does.
Fixes: e23a8020ce4e ("s390/kexec_file: Signature verification prototype") Cc: stable@vger.kernel.org Cc: Philipp Rudo prudo@linux.ibm.com Cc: kexec@lists.infradead.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Michal Suchanek msuchanek@suse.de Reviewed-by: "Lee, Chun-Yi" jlee@suse.com Acked-by: Baoquan He bhe@redhat.com Signed-off-by: Coiby Xu coxu@redhat.com
arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-)
As far as I can tell this doesn't have any dependency to the other patches in this series, so should I pick this up for the s390 tree, or how will this go upstream?
Thanks, Heiko.
I want to ask Mimi if this can be taken into KEYS-ENCRYPTED tree. Otherwise I will ask Andrew to help pick this whole series.
Surely, this patch 4 can be taken into s390 seperately since it's independent, both looks good.
Thanks Baoquan