From: Alexey Petrenko <alexey.petrenko@oracle.com>
Date: Mon, 10 Jul 2017 23:15:08 +0000 (-0700)
Subject: uek-rpm nano: Signature verification support in kexec_file_load
X-Git-Tag: v4.1.12-106.0.20170720_1900~44
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=bc32adfba1b71faa9a018757f0d537d7081f1850;p=users%2Fjedix%2Flinux-maple.git

uek-rpm nano: Signature verification support in kexec_file_load

The following configuration options to support
signature verification in the kexec_file_load
syscall are enabled:
CONFIG_KEXEC_VERIFY_SIG=y
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
CONFIG_PKCS7_MESSAGE_PARSER=y
CONFIG_SIGNED_PE_FILE_VERIFICATION=y

Orabug: 26386345
Signed-off-by: alexey.petrenko@oracle.com
---

diff --git a/uek-rpm/ol6-nano/config-x86_64 b/uek-rpm/ol6-nano/config-x86_64
index d3c7522d2d86..e53b417fd026 100644
--- a/uek-rpm/ol6-nano/config-x86_64
+++ b/uek-rpm/ol6-nano/config-x86_64
@@ -585,7 +585,8 @@ CONFIG_HZ=1000
 CONFIG_SCHED_HRTICK=y
 CONFIG_KEXEC=y
 CONFIG_KEXEC_FILE=y
-# CONFIG_KEXEC_VERIFY_SIG is not set
+CONFIG_KEXEC_VERIFY_SIG=y
+CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
 CONFIG_KEXEC_AUTO_RESERVE=y
 CONFIG_CRASH_DUMP=y
 CONFIG_KEXEC_JUMP=y
@@ -4670,8 +4671,9 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
 CONFIG_PUBLIC_KEY_ALGO_RSA=y
 CONFIG_X509_CERTIFICATE_PARSER=y
 CONFIG_EFI_SIGNATURE_LIST_PARSER=y
-CONFIG_PKCS7_MESSAGE_PARSER=m
+CONFIG_PKCS7_MESSAGE_PARSER=y
 CONFIG_PKCS7_TEST_KEY=m
+CONFIG_SIGNED_PE_FILE_VERIFICATION=y
 CONFIG_HAVE_KVM=y
 CONFIG_HAVE_KVM_IRQCHIP=y
 CONFIG_HAVE_KVM_IRQFD=y
diff --git a/uek-rpm/ol6-nano/config-x86_64-debug b/uek-rpm/ol6-nano/config-x86_64-debug
index a184c5044348..512de4d195a3 100644
--- a/uek-rpm/ol6-nano/config-x86_64-debug
+++ b/uek-rpm/ol6-nano/config-x86_64-debug
@@ -587,7 +587,8 @@ CONFIG_HZ=1000
 CONFIG_SCHED_HRTICK=y
 CONFIG_KEXEC=y
 CONFIG_KEXEC_FILE=y
-# CONFIG_KEXEC_VERIFY_SIG is not set
+CONFIG_KEXEC_VERIFY_SIG=y
+CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
 CONFIG_KEXEC_AUTO_RESERVE=y
 CONFIG_CRASH_DUMP=y
 CONFIG_KEXEC_JUMP=y
@@ -4885,8 +4886,9 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
 CONFIG_PUBLIC_KEY_ALGO_RSA=y
 CONFIG_X509_CERTIFICATE_PARSER=y
 CONFIG_EFI_SIGNATURE_LIST_PARSER=y
-CONFIG_PKCS7_MESSAGE_PARSER=m
+CONFIG_PKCS7_MESSAGE_PARSER=y
 CONFIG_PKCS7_TEST_KEY=m
+CONFIG_SIGNED_PE_FILE_VERIFICATION=y
 CONFIG_HAVE_KVM=y
 CONFIG_HAVE_KVM_IRQCHIP=y
 CONFIG_HAVE_KVM_IRQFD=y