[v3] LivePatch signing support

[PATCH v3 0/5] LivePatch signing support

Ross Lagerwall posted 5 patches 5 months ago

Diff against v1 v2
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20250602133639.2871212-1-ross.lagerwall@citrix.com

docs/misc/livepatch.pandoc      |  106 +-
xen/common/Kconfig              |   18 +
xen/common/livepatch.c          |  139 +++
xen/common/livepatch_elf.c      |   55 +
xen/crypto/Makefile             |   12 +
xen/crypto/rsa.c                |  196 ++++
xen/include/xen/livepatch.h     |   15 +
xen/include/xen/livepatch_elf.h |   18 +
xen/include/xen/mpi.h           |   68 ++
xen/include/xen/rsa.h           |   74 ++
xen/lib/Makefile                |    1 +
xen/lib/mpi.c                   | 1729 +++++++++++++++++++++++++++++++
xen/tools/extract-key.py        |   40 +
13 files changed, 2419 insertions(+), 52 deletions(-)
create mode 100644 xen/crypto/rsa.c
create mode 100644 xen/include/xen/mpi.h
create mode 100644 xen/include/xen/rsa.h
create mode 100644 xen/lib/mpi.c
create mode 100755 xen/tools/extract-key.py

Expand all Fold all

[PATCH v3 0/5] LivePatch signing support

Posted by Ross Lagerwall 5 months ago

Live patch signing support was mentioned as future work in the design
document several years ago. This series finally implements support for
it since it is a requirement of Secure Boot to prevent loading unsigned
code into Xen.

See the individual patches for what has changed in v3.

Jennifer Herbert (1):
  livepatch: Verify livepatch signatures

Kevin Lampis (1):
  livepatch: Embed public key in Xen

Ross Lagerwall (3):
  docs: Introduce live patch signing
  crypto: Add RSA support
  livepatch: Load built-in key during boot

 docs/misc/livepatch.pandoc      |  106 +-
 xen/common/Kconfig              |   18 +
 xen/common/livepatch.c          |  139 +++
 xen/common/livepatch_elf.c      |   55 +
 xen/crypto/Makefile             |   12 +
 xen/crypto/rsa.c                |  196 ++++
 xen/include/xen/livepatch.h     |   15 +
 xen/include/xen/livepatch_elf.h |   18 +
 xen/include/xen/mpi.h           |   68 ++
 xen/include/xen/rsa.h           |   74 ++
 xen/lib/Makefile                |    1 +
 xen/lib/mpi.c                   | 1729 +++++++++++++++++++++++++++++++
 xen/tools/extract-key.py        |   40 +
 13 files changed, 2419 insertions(+), 52 deletions(-)
 create mode 100644 xen/crypto/rsa.c
 create mode 100644 xen/include/xen/mpi.h
 create mode 100644 xen/include/xen/rsa.h
 create mode 100644 xen/lib/mpi.c
 create mode 100755 xen/tools/extract-key.py

-- 
2.49.0