[PATCH] lockdown: allow kexec_file of unsigned images when not under lockdown

[Thadeu Lima de Souza Cascardo]

If CONFIG_KEXEC_VERIFY_SIG is enabled, kexec -s with an unsigned image will
fail requiring an image signed with a trusted key. However, that same
kernel will allow kexec to load and boot a kernel, if kexec_file_load is
not used.

Now, lockdown brings a solution to this inconsistency. However, as it is,
it will still prevent an unsigned image to be loaded with kexec -s when the
system is not under lockdown, while still allowing kexec to work.

At the same time, with lockdown, kexec_file_load would still work when
CONFIG_KEXEC_VERIFY_SIG is disabled.

Signed-off-by: Thadeu Lima de Souza Cascardo <casca...@canonical.com>
---
 kernel/kexec_file.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 35cf0ad29718..b64f32fda9ca 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -211,10 +211,17 @@ kimage_file_prepare_segments(struct kimage *image, int 
kernel_fd, int initrd_fd,
                                           image->kernel_buf_len);
        if (ret) {
                pr_debug("kernel signature verification failed.\n");
-               goto out;
+       } else {
+               pr_debug("kernel signature verification successful.\n");
        }
-       pr_debug("kernel signature verification successful.\n");
+#elif
+       ret = -EPERM;
 #endif
+       if (ret && kernel_is_locked_down("kexec of unsigned images"))
+               goto out;
+       else
+               ret = 0;
+
        /* It is possible that there no initramfs is being loaded */
        if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
                ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
-- 
2.19.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec