]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0d23b5f)
uek-rpm nano: Signature verification support in kexec_file_load
authorAlexey Petrenko <alexey.petrenko@oracle.com>
Mon, 10 Jul 2017 23:15:08 +0000 (16:15 -0700)
committerChuck Anderson <chuck.anderson@oracle.com>
Fri, 14 Jul 2017 00:18:29 +0000 (17:18 -0700)
The following configuration options to support
signature verification in the kexec_file_load
syscall are enabled:
CONFIG_KEXEC_VERIFY_SIG=y
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
CONFIG_PKCS7_MESSAGE_PARSER=y
CONFIG_SIGNED_PE_FILE_VERIFICATION=y

Orabug: 26386345
Signed-off-by: alexey.petrenko@oracle.com
uek-rpm/ol6-nano/config-x86_64 patch | blob | history
uek-rpm/ol6-nano/config-x86_64-debug patch | blob | history

diff --git a/uek-rpm/ol6-nano/config-x86_64 b/uek-rpm/ol6-nano/config-x86_64
index d3c7522d2d86598bb37f681d5a5612b129910873..e53b417fd0268f0cfa0a7acad5859e0d72029249 100644 (file)
--- a/uek-rpm/ol6-nano/config-x86_64
+++ b/uek-rpm/ol6-nano/config-x86_64
@@ -585,7 +585,8 @@ CONFIG_HZ=1000
 CONFIG_SCHED_HRTICK=y
 CONFIG_KEXEC=y
 CONFIG_KEXEC_FILE=y
-# CONFIG_KEXEC_VERIFY_SIG is not set
+CONFIG_KEXEC_VERIFY_SIG=y
+CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
 CONFIG_KEXEC_AUTO_RESERVE=y
 CONFIG_CRASH_DUMP=y
 CONFIG_KEXEC_JUMP=y
@@ -4670,8 +4671,9 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
 CONFIG_PUBLIC_KEY_ALGO_RSA=y
 CONFIG_X509_CERTIFICATE_PARSER=y
 CONFIG_EFI_SIGNATURE_LIST_PARSER=y
-CONFIG_PKCS7_MESSAGE_PARSER=m
+CONFIG_PKCS7_MESSAGE_PARSER=y
 CONFIG_PKCS7_TEST_KEY=m
+CONFIG_SIGNED_PE_FILE_VERIFICATION=y
 CONFIG_HAVE_KVM=y
 CONFIG_HAVE_KVM_IRQCHIP=y
 CONFIG_HAVE_KVM_IRQFD=y
diff --git a/uek-rpm/ol6-nano/config-x86_64-debug b/uek-rpm/ol6-nano/config-x86_64-debug
index a184c504434825b61326e3145d76dee37dc0071a..512de4d195a3e4bb8d4a9f903a99625b0ac9ccc0 100644 (file)
--- a/uek-rpm/ol6-nano/config-x86_64-debug
+++ b/uek-rpm/ol6-nano/config-x86_64-debug
@@ -587,7 +587,8 @@ CONFIG_HZ=1000
 CONFIG_SCHED_HRTICK=y
 CONFIG_KEXEC=y
 CONFIG_KEXEC_FILE=y
-# CONFIG_KEXEC_VERIFY_SIG is not set
+CONFIG_KEXEC_VERIFY_SIG=y
+CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
 CONFIG_KEXEC_AUTO_RESERVE=y
 CONFIG_CRASH_DUMP=y
 CONFIG_KEXEC_JUMP=y
@@ -4885,8 +4886,9 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
 CONFIG_PUBLIC_KEY_ALGO_RSA=y
 CONFIG_X509_CERTIFICATE_PARSER=y
 CONFIG_EFI_SIGNATURE_LIST_PARSER=y
-CONFIG_PKCS7_MESSAGE_PARSER=m
+CONFIG_PKCS7_MESSAGE_PARSER=y
 CONFIG_PKCS7_TEST_KEY=m
+CONFIG_SIGNED_PE_FILE_VERIFICATION=y
 CONFIG_HAVE_KVM=y
 CONFIG_HAVE_KVM_IRQCHIP=y
 CONFIG_HAVE_KVM_IRQFD=y
Unnamed repository; edit this file 'description' to name the repository.