From patchwork Fri May 26 03:06:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 100538 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp58789qge; Thu, 25 May 2017 20:02:28 -0700 (PDT) X-Received: by 10.99.116.82 with SMTP id e18mr48584192pgn.1.1495767748061; Thu, 25 May 2017 20:02:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1495767748; cv=none; d=google.com; s=arc-20160816; b=E5e3aYgVwn3NiqzkKY2muG1teOd1uIhklqC/gLNOSQclo0QbeSPnC1kdvZEaOzgRho 1Ioo5xao/nNH4iJsX62h1bD8ND5tBcUf1ZRr2Kz5fyGBR3tZu2+39oBpJeGEMfPaa4ju rdk63/HvhmZgDI3KvOdIJurEC68lCGDeuswxZhzoKGvMEO9824+yKBB8w9eGPq+/wqph z7N8Laz/csvlIj2s3NWknr4r9HYxIg5ycAjjfomxbEgwG00TijEJxgTFjOU0Fy8A1hQY xyjdYeT7N1aeyDM38HyEu61S0tpPIz3oSaMMfQh60uZHYmGXgUhItw897m/WoBKKWym0 JMIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=l8+O2aQQuDqSS4we6NvuHRg4R2T3fWRE+vgKEI6nUUM=; b=P+RHilGDFLmY4PtBb83dLybthKja7Bs3qAEdK/xqMaRM8ZaYcc6MR/u+YZjo/Uv24A 4MV4Z4Y35Hq4RgG1Bhpsx9gl3ZJLiLOAs/ukH4cBEM0DmxOewc4LXPsgjDMuRtib636O bOw/LSApwZaPJmn8q6EPA5eRv6MQTOAM2bOdzX2/YUMKa+13TjJ2FMc5mWWfHQd/4l9c 0rQaRb6pEyanYJl9hjgFuXNgsclEATm50ReoGN07g4tFpDUyDlZGWA4VGNwdl5ySIZad repwN7AVYFQKCpDL7Kb5TM/cJdxseOBIIxClrtCWqCLk3gaDys4vMeRgNCTaDA4PRBKP EvoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d22si29899690pgn.220.2017.05.25.20.02.27; Thu, 25 May 2017 20:02:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S969444AbdEZDCX (ORCPT + 25 others); Thu, 25 May 2017 23:02:23 -0400 Received: from mail-pf0-f171.google.com ([209.85.192.171]:33161 "EHLO mail-pf0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S939695AbdEZDCP (ORCPT ); Thu, 25 May 2017 23:02:15 -0400 Received: by mail-pf0-f171.google.com with SMTP id e193so184452504pfh.0 for ; Thu, 25 May 2017 20:02:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=l8+O2aQQuDqSS4we6NvuHRg4R2T3fWRE+vgKEI6nUUM=; b=CGHX+cLlAFGSPnGqh8wqaUiJfrFzCQGD34HCW4dfBw3XFP7y3EAAwgRLot0P0OmHoX OP845CVHC1pNn3IWZz8vfGi72z1p8E+TKXV5JjOByHYV0QOchd4cAh+DtK0kT0G4ZJOD IOtex7LD+Fe193cDU07HUwtTveEtUVjeXGtFg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=l8+O2aQQuDqSS4we6NvuHRg4R2T3fWRE+vgKEI6nUUM=; b=t5os9VPUeVVdyaYoTxbatn3zup+6I5LqYBx35d0iYzLa3uw/ntRlY6WZBuOw94H0P0 7HmqF7QzpHrY4d8xTclkR/C3nQXihvfJkw1XcMivALPgaGEiKeImgiu8sg+yjpxH6os7 tgrkAqS5CtlzI67eMwOyqX02l4h8LYz2jlyWvgnWlO32M0KSwze2JlmsKQgxIBm11Mt1 Ge4+mRaScdjXWcotYnJPmT/HF5H+T2IPDx0QaD0PfibujWgJjA/IT1aFWJ97Q0goLMdx 8HEMEabpfNAe7xEbsjvo8nydz+FUxxY2l6pr/1QjmVHtYwNycw2BNSr0g+zYvkOP7OXR xjqw== X-Gm-Message-State: AODbwcBaKdyEe2bdu2tjPyQdJvORPcBAM9TLkV9OwyCURa+zvdbMZOEG KUmm3Z5R1EXfJfAD4gwd/g== X-Received: by 10.98.160.74 with SMTP id r71mr48275324pfe.16.1495767734150; Thu, 25 May 2017 20:02:14 -0700 (PDT) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id s68sm16175201pgc.5.2017.05.25.20.02.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 May 2017 20:02:13 -0700 (PDT) From: AKASHI Takahiro To: mcgrof@kernel.org Cc: rusty@rustcorp.com.au, dhowells@redhat.com, ming.lei@canonical.com, seth.forshee@canonical.com, kyle@kernel.org, David.Woodhouse@intel.com, linux-kernel@vger.kernel.org, AKASHI Takahiro Subject: [PATCH 0/4] firmware: signature verification Date: Fri, 26 May 2017 12:06:05 +0900 Message-Id: <20170526030609.1414-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.11.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is my first version of patch series for adding signature verification to firmware loading. The original idea and code came from the work by Luis some time ago, and I migrated it with some improvements to new driver data APIs, leaving request_firmware() intact. For details about how it works, please see the commit message of patch#1 and the document under Documentation/driver-api/firmware. Please note that patch#3, test script, is still a bit rough-edged, especially that we have to prepare some data files in advance. I will try to improve it for better automation. For you convenience, the patch is available: https://git.linaro.org/people/takahiro.akashi/linux-aarch64.git firmware/signature AKASHI Takahiro (4): firmware: add firmware signing scripts: sign-file: add firmware-signing option test: firmwware: add signature test to driver_data loader test firmware: document signature verification for driver data Documentation/driver-api/firmware/driver_data.rst | 6 + .../driver-api/firmware/fallback-mechanisms.rst | 5 +- Documentation/driver-api/firmware/signing.rst | 81 +++++++ drivers/base/Kconfig | 25 ++ drivers/base/firmware_class.c | 211 +++++++++++++++- include/linux/driver_data.h | 5 + lib/test_driver_data.c | 56 ++++- scripts/sign-file.c | 5 +- tools/testing/selftests/firmware/driver_data.sh | 265 ++++++++++++++++++++- 9 files changed, 638 insertions(+), 21 deletions(-) create mode 100644 Documentation/driver-api/firmware/signing.rst -- 2.11.1