From bc32adfba1b71faa9a018757f0d537d7081f1850 Mon Sep 17 00:00:00 2001 From: Alexey Petrenko Date: Mon, 10 Jul 2017 16:15:08 -0700 Subject: [PATCH] uek-rpm nano: Signature verification support in kexec_file_load The following configuration options to support signature verification in the kexec_file_load syscall are enabled: CONFIG_KEXEC_VERIFY_SIG=y CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y CONFIG_PKCS7_MESSAGE_PARSER=y CONFIG_SIGNED_PE_FILE_VERIFICATION=y Orabug: 26386345 Signed-off-by: alexey.petrenko@oracle.com --- uek-rpm/ol6-nano/config-x86_64 | 6 ++++-- uek-rpm/ol6-nano/config-x86_64-debug | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/uek-rpm/ol6-nano/config-x86_64 b/uek-rpm/ol6-nano/config-x86_64 index d3c7522d2d86..e53b417fd026 100644 --- a/uek-rpm/ol6-nano/config-x86_64 +++ b/uek-rpm/ol6-nano/config-x86_64 @@ -585,7 +585,8 @@ CONFIG_HZ=1000 CONFIG_SCHED_HRTICK=y CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y -# CONFIG_KEXEC_VERIFY_SIG is not set +CONFIG_KEXEC_VERIFY_SIG=y +CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y CONFIG_KEXEC_AUTO_RESERVE=y CONFIG_CRASH_DUMP=y CONFIG_KEXEC_JUMP=y @@ -4670,8 +4671,9 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_PUBLIC_KEY_ALGO_RSA=y CONFIG_X509_CERTIFICATE_PARSER=y CONFIG_EFI_SIGNATURE_LIST_PARSER=y -CONFIG_PKCS7_MESSAGE_PARSER=m +CONFIG_PKCS7_MESSAGE_PARSER=y CONFIG_PKCS7_TEST_KEY=m +CONFIG_SIGNED_PE_FILE_VERIFICATION=y CONFIG_HAVE_KVM=y CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y diff --git a/uek-rpm/ol6-nano/config-x86_64-debug b/uek-rpm/ol6-nano/config-x86_64-debug index a184c5044348..512de4d195a3 100644 --- a/uek-rpm/ol6-nano/config-x86_64-debug +++ b/uek-rpm/ol6-nano/config-x86_64-debug @@ -587,7 +587,8 @@ CONFIG_HZ=1000 CONFIG_SCHED_HRTICK=y CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y -# CONFIG_KEXEC_VERIFY_SIG is not set +CONFIG_KEXEC_VERIFY_SIG=y +CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y CONFIG_KEXEC_AUTO_RESERVE=y CONFIG_CRASH_DUMP=y CONFIG_KEXEC_JUMP=y @@ -4885,8 +4886,9 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_PUBLIC_KEY_ALGO_RSA=y CONFIG_X509_CERTIFICATE_PARSER=y CONFIG_EFI_SIGNATURE_LIST_PARSER=y -CONFIG_PKCS7_MESSAGE_PARSER=m +CONFIG_PKCS7_MESSAGE_PARSER=y CONFIG_PKCS7_TEST_KEY=m +CONFIG_SIGNED_PE_FILE_VERIFICATION=y CONFIG_HAVE_KVM=y CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y -- 2.50.1