On 01/21/19 at 05:59pm, Kairui Song wrote:
> This patch let kexec_file_load makes use of .platform keyring as fall
> back if it failed to verify a PE signed image against secondary or
> builtin key ring, make it possible to verify kernel image signed with
> preboot keys as well.
>
> This commit
Dear,
write me from your private email address here {(shqin...@gmail.com)} for
future communication and details.
Regards,
Shiq
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
On Mon, 2019-01-21 at 17:59 +0800, Kairui Song wrote:
> This patch let kexec_file_load makes use of .platform keyring as fall
> back if it failed to verify a PE signed image against secondary or
> builtin key ring, make it possible to verify kernel image signed with
> preboot keys as well.
>
>
On Mon, 2019-01-21 at 17:59 +0800, Kairui Song wrote:
> commit 9dc92c45177a ('integrity: Define a trusted platform keyring')
> introduced a .platform keyring for storing preboot keys, used for
> verifying kernel images' signature. Currently only IMA-appraisal is able
> to use the keyring to verify
On Tue, Jan 22, 2019 at 11:32:41AM +0800, Chao Fan wrote:
> But I notice the only function call entry is in kaslr.c which needs
> RANDOMIZE_BASE, so do I need change it as:
> vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/acpi.o
Well, the very first patch in this thread doesn't have anything to
For AMD machine with SME feature, if SME is enabled in the first
kernel, the crashed kernel's page table(pgd/pud/pmd/pte) contains
the memory encryption mask, so makedumpfile needs to remove the
memory encryption mask to obtain the true physical address.
Signed-off-by: Lianbo Jiang
---
It will be used to store the sme mask for crashed kernel, the
sme_mask denotes whether the old memory is encrypted or not.
Signed-off-by: Lianbo Jiang
---
makedumpfile.c | 3 +++
makedumpfile.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/makedumpfile.c b/makedumpfile.c
index
The patchset did two things:
[1] add a new variable 'sme_mask' to number_table
The variable will be used to store the sme mask for crashed kernel,
the sme_mask denotes whether the old memory is encrypted or not.
[2] remove the memory encryption mask to obtain the true physical
address
For AMD