Re: [PATCH v5 2/2] kexec, KEYS: Make use of platform keyring for signature verify

On 01/21/19 at 05:59pm, Kairui Song wrote: > This patch let kexec_file_load makes use of .platform keyring as fall > back if it failed to verify a PE signed image against secondary or > builtin key ring, make it possible to verify kernel image signed with > preboot keys as well. > > This commit

good evening!

Dear, write me from your private email address here {(shqin...@gmail.com)} for future communication and details. Regards, Shiq ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH v5 2/2] kexec, KEYS: Make use of platform keyring for signature verify

On Mon, 2019-01-21 at 17:59 +0800, Kairui Song wrote: > This patch let kexec_file_load makes use of .platform keyring as fall > back if it failed to verify a PE signed image against secondary or > builtin key ring, make it possible to verify kernel image signed with > preboot keys as well. > >

Re: [PATCH v5 1/2] integrity, KEYS: add a reference to platform keyring

On Mon, 2019-01-21 at 17:59 +0800, Kairui Song wrote: > commit 9dc92c45177a ('integrity: Define a trusted platform keyring') > introduced a .platform keyring for storing preboot keys, used for > verifying kernel images' signature. Currently only IMA-appraisal is able > to use the keyring to verify

Re: [PATCH v2 2/2] x86, kexec_file_load: make it work with efi=noruntime or efi=old_map

On Tue, Jan 22, 2019 at 11:32:41AM +0800, Chao Fan wrote: > But I notice the only function call entry is in kaslr.c which needs > RANDOMIZE_BASE, so do I need change it as: > vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/acpi.o Well, the very first patch in this thread doesn't have anything to

[PATCH 2/2] Remove the memory encryption mask to obtain the true physical address

For AMD machine with SME feature, if SME is enabled in the first kernel, the crashed kernel's page table(pgd/pud/pmd/pte) contains the memory encryption mask, so makedumpfile needs to remove the memory encryption mask to obtain the true physical address. Signed-off-by: Lianbo Jiang ---

[PATCH 1/2] Makedumpfile: add a new variable 'sme_mask' to number_table

It will be used to store the sme mask for crashed kernel, the sme_mask denotes whether the old memory is encrypted or not. Signed-off-by: Lianbo Jiang --- makedumpfile.c | 3 +++ makedumpfile.h | 1 + 2 files changed, 4 insertions(+) diff --git a/makedumpfile.c b/makedumpfile.c index

[PATCH 0/2] makedumpfile needs to remove the memory encryption

The patchset did two things: [1] add a new variable 'sme_mask' to number_table The variable will be used to store the sme mask for crashed kernel, the sme_mask denotes whether the old memory is encrypted or not. [2] remove the memory encryption mask to obtain the true physical address For AMD