From patchwork Thu Aug 24 08:17:57 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: AKASHI Takahiro <takahiro.akashi@linaro.org>
X-Patchwork-Id: 110880
Delivered-To: patch@linaro.org
Received: by 10.140.95.78 with SMTP id h72csp5315676qge;
 Thu, 24 Aug 2017 01:19:25 -0700 (PDT)
X-Received: by 10.101.91.13 with SMTP id y13mr1260903pgq.250.1503562765775; 
 Thu, 24 Aug 2017 01:19:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1503562765; cv=none;
 d=google.com; s=arc-20160816;
 b=ARZJk+KKFAB1nHBlU4KSOLulGvwPqP6J/WPwCZPDsgyxGpH5N9FTRCPWfODvMl8bYD
 MnVPcQaYGQHP+kbjm6YHfR6nAUj//d5Lnnmkhbg5gFZhCqLQYPqTEtxLQvg/amO53uVZ
 b4BWY6nUISnSJRASyLSLehqepnzR4/RiLhGWX9pq4M8vnwQuueG512idpqKK5VLSaeYw
 x3P2SjHYb6SpWyvkpfmIm1gcyrV/NDhUGZl6NmoBElKSK+eAW3DBcnW2D1TYsaYb5DoR
 wi17K5kVvmjZ1cXgXPLUB6OEUupxBV8qitKo3ZPvY8PbxzJafgmXE294xosNXtYD0THF
 ixmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:message-id:date:subject:cc:to:from
 :dkim-signature:arc-authentication-results;
 bh=USbl7w5MCUhXdFK+TM1b1iQBt89aHAfxfmNTgXJ+H2c=;
 b=AVbGH9jAxJJflDPbcqf4q9KAQ8DR2CyEGFyFCU90U+XxjC9OpkwyhXk5UpmV5TbJFU
 rsAP5taj+OPggdferdrzYU/8gflSjOJMDa9EpzD58zxPBP60p7zW04sWP3zmvP3Ogt74
 bXkvLRIhRH22FJ4ku1Ho60y0ziG/ZtX98i1vrTdPUjQ0cokWVbknNsC1RNVJ/MjYUW4f
 JwPoa8TfFPcQkYVIV+clV2TizajlA4nObB8lDQXW8NqPObrc+YdLvRLUTfJQfIU2qVzb
 6A3ywokSaZgljDFTirKLUTbbWAletwlqDGExEDhNw50cZuusp7Urw9FxbQHc7n+2CiX7
 Ru6w==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=e3M8+XZL;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 g33si2561477plb.846.2017.08.24.01.19.25; 
 Thu, 24 Aug 2017 01:19:25 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=e3M8+XZL;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1752318AbdHXITX (ORCPT <rfc822;daniel.diaz@linaro.org>
 + 26 others); Thu, 24 Aug 2017 04:19:23 -0400
Received: from mail-pg0-f50.google.com ([74.125.83.50]:34519 "EHLO
 mail-pg0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1751208AbdHXIR2 (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Thu, 24 Aug 2017 04:17:28 -0400
Received: by mail-pg0-f50.google.com with SMTP id s14so13456853pgs.1
 for <linux-kernel@vger.kernel.org>;
 Thu, 24 Aug 2017 01:17:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=USbl7w5MCUhXdFK+TM1b1iQBt89aHAfxfmNTgXJ+H2c=;
 b=e3M8+XZL69nfE4HQItUo5D9A6XAB60F9To+6X1e6+ayTxDDcqAy/fLQhrHblv+eAjk
 aw4gDOezVSktPLO0k4/UgMWE+oENuiSLtVKw1fwaKKiT4Et84kAFHYZQCEmJVz6a0JeL
 dgyV+87Jei3kWPHB26w/+aKXJYFWgbMajtDvk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=USbl7w5MCUhXdFK+TM1b1iQBt89aHAfxfmNTgXJ+H2c=;
 b=ji0h9JxMEh0ETgG8HmoZ80wjxXMZrFTqLfUxgJ8iEp5RdSHjIPtJ5/oZwv1Qlxtd9V
 WjQ9WpWIlRhFLGqzQxd3Isi7GKNfwiOwxUdQpqWpHbYOfMJkzYl67UFskSYhhKNLnV6W
 KUSfASUaGiQHR32a+sBJnX9PlJCc3GWoOs5M1xBBUGyFd/KuOAarybOLobFy1luCHq6P
 UcrQQsdsUCtjj5lnFmrokoRrwN/lwqs9OX4fFA6Ju6iqaLBRMFca7/1+ND9e+YaMmrlJ
 bgeKHmJzPNG77veHWX9npjc2xnaYJkuDrpiS1Kjvcvi530WLrF8/OeiMHHKb584cdTVw
 o0vw==
X-Gm-Message-State: AHYfb5j0AgTVcUsCr2OGNZJ/JdOyvPcu516PJngJ5Ev31jejnoG0swnw
 U0dc6zlWxH1LIOZk
X-Received: by 10.84.143.100 with SMTP id 91mr6052418ply.32.1503562647846;
 Thu, 24 Aug 2017 01:17:27 -0700 (PDT)
Received: from linaro.org ([121.95.100.191])
 by smtp.googlemail.com with ESMTPSA id
 p17sm7753398pfj.176.2017.08.24.01.17.26
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 24 Aug 2017 01:17:27 -0700 (PDT)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: catalin.marinas@arm.com, will.deacon@arm.com,
 bauerman@linux.vnet.ibm.com, dhowells@redhat.com,
 vgoyal@redhat.com, herbert@gondor.apana.org.au,
 davem@davemloft.net, akpm@linux-foundation.org, mpe@ellerman.id.au,
 dyoung@redhat.com, bhe@redhat.com, arnd@arndb.de, ard.biesheuvel@linaro.org
Cc: kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org,
 linux-kernel@vger.kernel.org, AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH 00/14] arm64: kexec: add kexec_file_load support
Date: Thu, 24 Aug 2017 17:17:57 +0900
Message-Id: <20170824081811.19299-1-takahiro.akashi@linaro.org>
X-Mailer: git-send-email 2.14.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is the initial attempt of implementing kexec_file_load() support
on arm64.[1]
Most of the code is based on kexec-tools (along with some kernel code
from x86 and from powerpc, which also came from kexec-tools).


This patch series enables us to
  * load the kernel, either Image or vmlinux, with kexec_file_load
    system call, and
  * optionally verify its signature at load time for trusted boot.

To load the kernel via kexec_file_load system call, a small change
needs to be applied on kexec-tools. See [2]. This enables '-s' option.

As we discussed a long time ago, users may not be allowed to specify
device-tree file of the 2nd kernel explicitly with kexec-tools, therefore
re-using the blob of the first kernel.

Regarding a method of placing the signature into the kernel binary,
  * for 'Image', we conform with x86 (or rather Microsoft?) style of
    signing since the binary can also be seen as in PE format
    (assuming that CONFIG_EFI is enabled),
  * for 'vmlinux', we follow powerpc approach[3]: The signature will
    be appended just after the binary itself as module signing does.
    This implies that we need to enable CONFIG_MODULE_SIG, too.

    Powerpc is also going to support extended-file-attribute-based
    verification[3], but arm64 doesn't for now partly because we don't
    have TPM-based IMA at this moment.

Accordingly, we can use the existing commands, sbsign and sig-file
respectively, to sign the kernel. Please note that it is totally up to
the system what key/certificate is used for signing.

Some concerns(or future works):
* Even if the kernel is configured with CONFIG_RANDOMIZE_BASE, the 2nd
  kernel won't be placed at a randomized address. We will have to
  add some boot code similar to efi-stub to implement the feature.
* While big-endian kernel can support kernel signing, I'm not sure that
  Image can be recognized as in PE format because x86 standard only
  defines little-endian-based format.
  So I tested big-endian kernel signing only with vmlinux.
* IMA(and file extended attribute)-based kexec


Patch #1 to #7 are all preparatory patches on generic side.
(Patch #1 is not part of mine, but a prerequisite from [4].)
Patch #8 and #9 are purgatory code.
Patch #10 to #12 are common for enabling kexec_file_load.
Patch #13 is for 'Image' support.
Patch #14 is for 'vmlinux' support.


  [1] http://git.linaro.org/people/takahiro.akashi/linux-aarch64.git
	branch:arm64/kexec_file
  [2] http://git.linaro.org/people/takahiro.akashi/kexec-tools.git
	branch:arm64/kexec_file
  [3] http://lkml.iu.edu//hypermail/linux/kernel/1707.0/03669.html
  [4] http://lkml.iu.edu//hypermail/linux/kernel/1707.0/03670.html


AKASHI Takahiro (13):
  include: pe.h: remove message[] from mz header definition
  resource: add walk_system_ram_res_rev()
  kexec_file: factor out vmlinux (elf) parser from powerpc
  kexec_file: factor out crashdump elf header function from x86
  kexec_file: add kexec_add_segment()
  asm-generic: add kexec_file_load system call to unistd.h
  arm64: kexec_file: create purgatory
  arm64: kexec_file: add sha256 digest check in purgatory
  arm64: kexec_file: load initrd, device-tree and purgatory segments
  arm64: kexec_file: set up for crash dump adding elf core header
  arm64: enable KEXEC_FILE config
  arm64: kexec_file: add Image format support
  arm64: kexec_file: add vmlinux format support

Thiago Jung Bauermann (1):
  MODSIGN: Export module signature definitions

 arch/Kconfig                            |   3 +
 arch/arm64/Kconfig                      |  33 ++
 arch/arm64/Makefile                     |   1 +
 arch/arm64/crypto/sha256-core.S_shipped |   2 +
 arch/arm64/include/asm/kexec.h          |  23 ++
 arch/arm64/include/asm/kexec_file.h     |  84 +++++
 arch/arm64/kernel/Makefile              |   5 +-
 arch/arm64/kernel/kexec_elf.c           | 216 ++++++++++++
 arch/arm64/kernel/kexec_image.c         | 112 ++++++
 arch/arm64/kernel/machine_kexec_file.c  | 606 ++++++++++++++++++++++++++++++++
 arch/arm64/purgatory/Makefile           |  43 +++
 arch/arm64/purgatory/entry.S            |  41 +++
 arch/arm64/purgatory/purgatory.c        |  20 ++
 arch/arm64/purgatory/sha256-core.S      |   1 +
 arch/arm64/purgatory/sha256.c           |  79 +++++
 arch/arm64/purgatory/sha256.h           |   1 +
 arch/arm64/purgatory/string.c           |  32 ++
 arch/arm64/purgatory/string.h           |   5 +
 arch/powerpc/Kconfig                    |   1 +
 arch/powerpc/kernel/kexec_elf_64.c      | 464 ------------------------
 arch/x86/kernel/crash.c                 | 324 -----------------
 include/linux/elf.h                     |  62 ++++
 include/linux/ioport.h                  |   3 +
 include/linux/kexec.h                   |  39 ++
 include/linux/module.h                  |   3 -
 include/linux/module_signature.h        |  47 +++
 include/linux/pe.h                      |   2 +-
 include/uapi/asm-generic/unistd.h       |   4 +-
 init/Kconfig                            |   6 +-
 kernel/Makefile                         |   3 +-
 kernel/crash_core.c                     | 333 ++++++++++++++++++
 kernel/kexec_file.c                     |  47 +++
 kernel/kexec_file_elf.c                 | 454 ++++++++++++++++++++++++
 kernel/module.c                         |   1 +
 kernel/module_signing.c                 |  74 ++--
 kernel/resource.c                       |  48 +++
 36 files changed, 2383 insertions(+), 839 deletions(-)
 create mode 100644 arch/arm64/include/asm/kexec_file.h
 create mode 100644 arch/arm64/kernel/kexec_elf.c
 create mode 100644 arch/arm64/kernel/kexec_image.c
 create mode 100644 arch/arm64/kernel/machine_kexec_file.c
 create mode 100644 arch/arm64/purgatory/Makefile
 create mode 100644 arch/arm64/purgatory/entry.S
 create mode 100644 arch/arm64/purgatory/purgatory.c
 create mode 100644 arch/arm64/purgatory/sha256-core.S
 create mode 100644 arch/arm64/purgatory/sha256.c
 create mode 100644 arch/arm64/purgatory/sha256.h
 create mode 100644 arch/arm64/purgatory/string.c
 create mode 100644 arch/arm64/purgatory/string.h
 create mode 100644 include/linux/module_signature.h
 create mode 100644 kernel/kexec_file_elf.c

-- 
2.14.1