OpenCloudOS-Kernel/crypto
Jiri Bohac 99d5cadfde kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
This is a preparatory patch for kexec_file_load() lockdown.  A locked down
kernel needs to prevent unsigned kernel images from being loaded with
kexec_file_load().  Currently, the only way to force the signature
verification is compiling with KEXEC_VERIFY_SIG.  This prevents loading
usigned images even when the kernel is not locked down at runtime.

This patch splits KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE.
Analogous to the MODULE_SIG and MODULE_SIG_FORCE for modules, KEXEC_SIG
turns on the signature verification but allows unsigned images to be
loaded.  KEXEC_SIG_FORCE disallows images without a valid signature.

Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
cc: kexec@lists.infradead.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:15 -07:00
..
asymmetric_keys kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE 2019-08-19 21:54:15 -07:00
async_tx treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
842.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
Kconfig crypto: ecrdsa - select ASN1 and OID_REGISTRY for EC-RDSA 2019-04-25 15:40:39 +08:00
Makefile crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ablkcipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
acompress.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
adiantum.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
aead.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
aegis.h crypto: aegis - Cleanup license mess 2019-01-25 18:41:51 +08:00
aegis128.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aegis128l.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aegis256.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aes_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aes_ti.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
af_alg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ahash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
akcipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algapi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algboss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algif_aead.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algif_hash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algif_rng.c net: remove sock_no_poll 2018-05-26 09:16:44 +02:00
algif_skcipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ansi_cprng.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 42 2019-05-24 17:27:12 +02:00
anubis.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
api.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
arc4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
authenc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
authencesn.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
blkcipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
blowfish_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
blowfish_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
camellia_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
cast5_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 140 2019-05-30 11:25:16 -07:00
cast6_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 140 2019-05-30 11:25:16 -07:00
cast_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 44 2019-05-24 17:27:12 +02:00
cbc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ccm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cfb.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
chacha20poly1305.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
chacha_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cmac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
compress.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
crc32_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
crc32c_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cryptd.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-05 13:31:19 +09:00
crypto_engine.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
crypto_null.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
crypto_user_base.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-05 13:31:19 +09:00
crypto_user_stat.c crypto: stat - remove unused mutex 2019-01-18 18:43:43 +08:00
crypto_wq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ctr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cts.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
deflate.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
des_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dh_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
drbg.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
ecb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ecc.c crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecc.h crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecc_curve_defs.h crypto: ecc - make ecc into separate module 2019-04-18 22:15:02 +08:00
ecdh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ecdh_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
echainiv.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ecrdsa.c crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_defs.h crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_params.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_pub_key.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
fcrypt.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
fips.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
gcm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
gf128mul.c crypto: gf128mul - remove incorrect comment 2017-12-22 19:52:40 +11:00
ghash-generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
hash_info.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
hmac.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-06-06 13:10:49 -07:00
internal.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
jitterentropy-kcapi.c crypto: jitterentropy - change back to module_init() 2019-05-30 15:25:57 +08:00
jitterentropy.c crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" 2015-06-25 23:18:33 +08:00
keywrap.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
khazad.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
kpp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
lrw.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
lz4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
lz4hc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
lzo-rle.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
lzo.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
md4.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
md5.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
morus640.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
morus1280.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
nhpoly1305.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
ofb.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
pcbc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pcrypt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
poly1305_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ripemd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rmd128.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rmd160.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rmd256.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rmd320.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rng.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsa-pkcs1pad.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
rsa_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsaprivkey.asn1 crypto: rsa - Store rest of the private key components 2016-07-05 23:05:26 +08:00
rsapubkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
salsa20_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
scatterwalk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
scompress.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
seed.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
seqiv.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
serpent_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sha1_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sha3_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sha256_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sha512_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 45 2019-05-24 17:27:12 +02:00
shash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
simd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
skcipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sm3_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234 2019-06-19 17:09:07 +02:00
sm4_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
streebog_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
tcrypt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tcrypt.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tea.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
testmgr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
testmgr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tgr192.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
twofish_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
twofish_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
vmac.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
wp512.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
xcbc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
xor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 47 2019-05-24 17:27:13 +02:00
xts.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
zstd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00