Skip to content
  • Vivek Goyal's avatar
    bin2c: move bin2c in scripts/basic · 8370edea
    Vivek Goyal authored
    
    
    This patch series does not do kernel signature verification yet.  I plan
    to post another patch series for that.  Now distributions are already
    signing PE/COFF bzImage with PKCS7 signature I plan to parse and verify
    those signatures.
    
    Primary goal of this patchset is to prepare groundwork so that kernel
    image can be signed and signatures be verified during kexec load.  This
    should help with two things.
    
    - It should allow kexec/kdump on secureboot enabled machines.
    
    - In general it can help even without secureboot. By being able to verify
      kernel image signature in kexec, it should help with avoiding module
      signing restrictions. Matthew Garret showed how to boot into a custom
      kernel, modify first kernel's memory and then jump back to old kernel and
      bypass any policy one wants to.
    
    This patch (of 15):
    
    Kexec wants to use bin2c and it wants to use it really early in the build
    process. See arch/x86/purgatory/ code in later patches.
    
    So move bin2c in scripts/basic so that it can be built very early and
    be usable by arch/x86/purgatory/
    
    Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
    Cc: Borislav Petkov <bp@suse.de>
    Cc: Michael Kerrisk <mtk.manpages@gmail.com>
    Cc: Yinghai Lu <yinghai@kernel.org>
    Cc: Eric Biederman <ebiederm@xmission.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Matthew Garrett <mjg59@srcf.ucam.org>
    Cc: Greg Kroah-Hartman <greg@kroah.com>
    Cc: Dave Young <dyoung@redhat.com>
    Cc: WANG Chao <chaowang@redhat.com>
    Cc: Baoquan He <bhe@redhat.com>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    8370edea