From patchwork Fri Aug 25 06:18:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chengen Du X-Patchwork-Id: 1825795 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=wZ0fSfqK; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RX8sz400Xz1yfF for ; Fri, 25 Aug 2023 16:19:03 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1qZQ9m-0004Xc-9y; Fri, 25 Aug 2023 06:18:54 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1qZQ9f-0004Ss-8s for kernel-team@lists.ubuntu.com; Fri, 25 Aug 2023 06:18:47 +0000 Received: from mail-oi1-f200.google.com (mail-oi1-f200.google.com [209.85.167.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id C4BB63F657 for ; Fri, 25 Aug 2023 06:18:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1692944326; bh=ZBZjnT0kG2DdpOzgXNa07ul3OjRXswR9ARJFqn693Jo=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=wZ0fSfqKczuI1CNBPKT/LAq55HJm9BFXMRYjVhqwtb728VB5Y9kv7f9hce3bg1O81 3oFH1Sb0/vbVgrELz4q14XlmJbnmYgoSDpAOH1892o0XSkgk/9UNGRNMA9NcvR9d5j JKZ7+zTzrYvHnr82RgKABzYAR2IsZLF0csGnJuVjR6g51rEVa12IjH2ipQ/i3Rmmsm y5EsUaejPv1u7bZhGVt55R3J43iLx+UwbP9Y8nKTnl2JWiVhUBjzzlRFdL5R7EWJ8o NhHwImyWW/XW8szpu2Mu9t8ShHgGGdFeGt96S/rNhvq9LjeDKmQDcjnjZPNs7IS0vD jV8lCnCETPpOA== Received: by mail-oi1-f200.google.com with SMTP id 5614622812f47-3a741f4790fso679217b6e.0 for ; Thu, 24 Aug 2023 23:18:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692944324; x=1693549124; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZBZjnT0kG2DdpOzgXNa07ul3OjRXswR9ARJFqn693Jo=; b=VecmxMVmH2qiT9llup+3ZrIeUchxVJLFWvW/wemYfystgDlpLZJ45k3BC6Cvj7gI6r DQYIPLtK23pJL12RM3q0L5o18aLYGTaCGoch9WgEvndXIy6w4svkZfHw4cU/nb1mE0+O EYhnkauA+guM4x2zJwfc9pXtlTMjnRgzD0YclfcTtpy2zlfHHjTuyzT6I2GYjGcZWyQR 8mRDENr+2JrwN4++W9DyhVkkdJvpqn7U3+LRmK08zsPu7Wepsp0FZbtrwV07SLsmz1fG gg3HZUNNvQuk5e3gSdkS2jdAdIhEEFRldjDvLFH61/NyAw+A07QnBRZYKNJWCRXPg5PO 1sHw== X-Gm-Message-State: AOJu0YyKNCLqfbvqZvHfdxD1kb3Vyi0RwsIglgOwUzqTPWhcITMKmvs0 0xM9tivFXbWGInQcOz/5L9Wuik05EK48o7lPd/NLK+hLEv+lfzrOCXoCmFHhoHRMb1nCj1N/HYO +tmb62SoWBOyN49em7DobapHW8rkfwesCEifir9LMpqTvJTthF85Dmeg= X-Received: by 2002:a05:6808:2a6f:b0:3a4:225d:82c0 with SMTP id fu15-20020a0568082a6f00b003a4225d82c0mr1866748oib.31.1692944324606; Thu, 24 Aug 2023 23:18:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHEm2lDXXiWgX6aN/dR6jsULoxUx3d6/UkYHRW2pkmvGHa+BbIYAEHrc2vVAad2ZQgJnGsuTg== X-Received: by 2002:a05:6808:2a6f:b0:3a4:225d:82c0 with SMTP id fu15-20020a0568082a6f00b003a4225d82c0mr1866742oib.31.1692944324390; Thu, 24 Aug 2023 23:18:44 -0700 (PDT) Received: from chengendu.. (111-248-109-24.dynamic-ip.hinet.net. [111.248.109.24]) by smtp.gmail.com with ESMTPSA id u4-20020aa78484000000b00660d80087a8sm728664pfn.187.2023.08.24.23.18.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Aug 2023 23:18:43 -0700 (PDT) From: Chengen Du To: kernel-team@lists.ubuntu.com Subject: [SRU][J][PATCH 1/3] UBUNTU: [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG Date: Fri, 25 Aug 2023 14:18:37 +0800 Message-Id: <20230825061839.52444-2-chengen.du@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230825061839.52444-1-chengen.du@canonical.com> References: <20230825061839.52444-1-chengen.du@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" This option enables support for kexec image signature verification, allowing signed kernels to be loaded via the kexec_file_load system call. Signed-off-by: Chengen Du --- debian.master/config/annotations | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 5f854837a810..ee85d6e14274 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -6535,7 +6535,7 @@ CONFIG_KEXEC policy<{'amd64': 'y', 'arm64': ' CONFIG_KEXEC_CORE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_KEXEC_ELF policy<{'ppc64el': 'y'}> CONFIG_KEXEC_FILE policy<{'amd64': 'y', 'arm64': 'y', 'ppc64el': 'y', 's390x': 'n'}> -CONFIG_KEXEC_IMAGE_VERIFY_SIG policy<{'arm64': 'n'}> +CONFIG_KEXEC_IMAGE_VERIFY_SIG policy<{'arm64': 'y'}> CONFIG_KEXEC_JUMP policy<{'amd64': 'y'}> CONFIG_KEXEC_SIG policy<{'amd64': 'y', 'arm64': 'y'}> CONFIG_KEXEC_SIG_FORCE policy<{'amd64': 'n'}>