From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D382375AB6; Mon, 2 Mar 2026 12:42:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455379; cv=none; b=qbK8FoAL1etiCxORQQZZdPpdBLAbBHnWCGsK25Uvl/AB+wwfDpwF13t2tRiLaRC9Z9ggmaUm1qSWN2ahTdbJZ4EguKnLvk53NcmYk0A3ByuNMOP5dDTCUry/D+M8qS2YytGdlijxcMvt8+u+BqkXabQfJJSe/lnRG1qtvbMmlRo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455379; c=relaxed/simple; bh=yDDdsBo1jMWNKz4i53Q/gbOwsZfoXqMpbmlpMaTSrKQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Dax3lWWGbGsR3yfqGEmTVYfgX91sAULSjb+kbJLiWwUkOverwG4UGd66uvO7q3jvRNI9rp6y+yD3pD7vqrjslLERhWDwhsl5hJ2nH2iiFtSI30p7gE9BKAhX+6FK2XR/I7s03zduK/bD+STOgSb1+DqI/rsvHZB0qkooU5G7Nv8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=JpD4TIJ7; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=ARBWL1rg; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="JpD4TIJ7"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="ARBWL1rg" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=edM/Hzqe3tsthU560XKL65xGahMk1uIWdy4OPGvvCIc=; b=JpD4TIJ7OJs/ee6nmbil0mjZIKKTJaQkWRAyGntOGhxK43dlHybsVq7QT+quA2dHPfkvfV PWG64EGwy9WehLxBsXtoFSU2qdeR0zUuXktunF4N59YBqleP6xL1G+sOw58fF/ph92+6I7 famZarZHUV9FSzdQs0O3SiOcqZqEa4ZhI+5dKcSpmGl2GfzFkiRJvZwGikrqy+5FZybtmS gk2xWBkqsgn38+xLSf+RYrsDIENGfyWG/KBcUDLOVnpQ09jXOcw0A4Fl6FLgJFGnNdSyZO D2pnCrUOGyIaLuTNIbcCuZtdoa7IPwNiz+pg2RVW3GbO0913sUJbZWmcOcuv+A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=edM/Hzqe3tsthU560XKL65xGahMk1uIWdy4OPGvvCIc=; b=ARBWL1rg4yeawgEh7BOJROX8URPLxvKsulbNoO6JgAjm7c3LjAQezrJ3YexMI4eb/Twy6y ohg94bjwvSo1SHAg== Date: Mon, 02 Mar 2026 13:42:37 +0100 Subject: [PATCH 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-1-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=625; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=yDDdsBo1jMWNKz4i53Q/gbOwsZfoXqMpbmlpMaTSrKQ=; b=tQ+h8Au4YzGvhu3/zy0crCgJAsae3iSEzEb/ptjBM09S7Zu2+qkLNCQiHQBN7qvItBx0a1Ou1 lOYQ2xsm6VhAyfnDjC8thENIAPhD2Qtw0Kp3Ji+6sXejKghtKdIECtS X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This definition duplicates a definition from an internal kernel header which is going to be renamed. To get rid of an instance of the old name, drop the definition. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- certs/extract-cert.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/certs/extract-cert.c b/certs/extract-cert.c index 7d6d468ed612..8c762f908443 100644 --- a/certs/extract-cert.c +++ b/certs/extract-cert.c @@ -33,8 +33,6 @@ #endif #include "ssl-common.h" =20 -#define PKEY_ID_PKCS7 2 - static __attribute__((noreturn)) void format(void) { --=20 2.53.0 From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1FF62374199; Mon, 2 Mar 2026 12:42:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455379; cv=none; b=eBct/IL9slAQEknS2v5PfwJR8Q4v/1uCizy9qfj4PLyCehmAhOukBccwMq4te7O80ast85s0/7lQeLPJ8trD6ddQczV2cz6UQpO23/iv0DvyEizdFqxshz8lPem9jommkgcQzn9hRyrAz/MfLvxJ3v0RMb+PL7U7j/uq/cV55bw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455379; c=relaxed/simple; bh=ur3wno1ZvBzeP1rsZGdFqu3K7q/acmvdMgedhUg8Hrk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZvqRp/oBr5wTKPafI0h0RWiYjhKhHhTaYGvUhxcNyeoKZ1CIuiixsrwfju29XqiTbKrYMwI3msTshtJT4sGbR4DliE/3A7P4n2eh7YO/gXNUxZeGVZz1HzuZ1Oepa8jvj9VZBXVPtU9KtJBJzjIiPLpyQxH/e3tg90Mf8sVTOYQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=n+uZVmpa; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=tuCvpsju; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="n+uZVmpa"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="tuCvpsju" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jpv6S9NQcAa5B5KVkj2jiXMPZnAkS7rcD+/ivsQs98g=; b=n+uZVmpaVzTjTZbRebibMJdZdYHx/5DNiUzQNK5Jn62Xhh3wffk0hJMR6USokShmVJ4XVW nGiA4QVbmW7mpgbOUdCcntSXEcw590joPQ0r7vl4lwwDp7TXrjTd7uoMpJEGb0CltDvbFW jPy99aQlgtfqxBSKGeR7ae+HpMMAz26R2DmR7x5Dulp5sA8GcFh7HlPoMI9x7BQArbCwyB ba6+50WDFg7qdxSKjN/f1mVaRqmH6b7K0sk8D1YzdqUSxcmNX02/UOI9jMjwlgQ1M9mHbR o1vloc4TOAayC97fngNBSqV2lvEttNbMInVgWn0it5ip0mEqDOXdKtwtFnDa7Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jpv6S9NQcAa5B5KVkj2jiXMPZnAkS7rcD+/ivsQs98g=; b=tuCvpsjuCYnCe87Hcz6IuxfolP15IsHNGcKTo3uVZvNEzNvKnRFaz8JaZtmAhTXJDS1UHY QHUnk4VZVaE6UyCw== Date: Mon, 02 Mar 2026 13:42:38 +0100 Subject: [PATCH 2/8] module: Drop unused signature types Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-2-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=864; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=ur3wno1ZvBzeP1rsZGdFqu3K7q/acmvdMgedhUg8Hrk=; b=URcJQjEFOC2tm52Bx4DuKldD28dvW8muyMvcAk/fvBe3JN3YE2RAp5qikI6/jqWMLuYsz2dyJ gOab8VmtyowDnzvLWT82oCZyoIH3nq57mRsVwz8EAKawsJHmjuWUtDk X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Only PKCS#7 signatures are used today. Remove the unused enum values. As this enum is used in on-disk data, preserve the numeric value. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- include/linux/module_signature.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 7eb4b00381ac..820cc1473383 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -15,9 +15,7 @@ #define MODULE_SIG_STRING "~Module signature appended~\n" =20 enum pkey_id_type { - PKEY_ID_PGP, /* OpenPGP generated key ID */ - PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ - PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ + PKEY_ID_PKCS7 =3D 2, /* Signature in PKCS#7 message */ }; =20 /* --=20 2.53.0 From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AAD36374730; Mon, 2 Mar 2026 12:42:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455380; cv=none; b=AG793kTk6SBpCpsMU6AB6IFNEcQFD9jfM+fd4/35MwSZ9RgxYnlBUKTQ1+2WDWJXxgvWI6PODsKRRRbhXp4z1pNyAxZKWPIw5Xsg+iDCoC/Dfk4J/1/HjAhiXezBZ0P1zdJInjvUWXYGt/Kk3VSZdcwkAAvFnSl4Qi3MTaWKwxs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455380; c=relaxed/simple; bh=Drhj8Oovj8k1cd2RCjGQRArP36Hgh63Up8nrqsYZLnU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=u2KR9Qnledmi0vk/g5gTfLYUpkdDm7gkUO9KifymS1yaZcxPWCONYdfVIVP2zBmb0D8gEQbYwA1Y05RalkjrX1IIqoqURAEctWmDijWYu38rgTYbn/LKmMg5/u0u/yIBeyAlzwL4YV3UbcjqgiMu0IWPyng4YOlTqlZbDO2wTMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=hRn2Nk/2; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=YK8l3SKd; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="hRn2Nk/2"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="YK8l3SKd" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tHS+37msKxAYPf8DU36VaxS7Qvb43b3/9BWbnAd8G8I=; b=hRn2Nk/2Tt43LqQn1jxOkGBN8f6f5GyvVEpFvmvq1YiImPgvJwCzbhutG95Gbzt9DkUIKA dsf3BlJ9i63BKtbTg5G8MB6hVm45FFzOu8Zm69kSNlKdWGaru4GdqfcCTp6Wl+681/Gp0m gf2PRhYdLjKI9uIQr0/cphSj87OujqHfpKdHv+PDP5VivdIs0VQJQk4t3+u4BVV7f5I22l ab5ksBbul8QU5vNcssK7UVpEPe6xOWEkRQv5vUmjQ+IF+GO1CRghIvleIRhOsXCKzMVlHF bizgtLgxZvuXTiVfvZZLJBhj9VNy9uATs/WacA23CZ2ozO5usF7I9twxn28zJQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tHS+37msKxAYPf8DU36VaxS7Qvb43b3/9BWbnAd8G8I=; b=YK8l3SKdn5seGwRu3L4s6qtWym3l0NN0t1J2/KwZt0GJf6mz5Ylh0tbQj0FuuWIl0AO5G3 1ob/S+f617uxvvAA== Date: Mon, 02 Mar 2026 13:42:39 +0100 Subject: [PATCH 3/8] module: Give 'enum pkey_id_type' a more specific name Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-3-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=2526; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=Drhj8Oovj8k1cd2RCjGQRArP36Hgh63Up8nrqsYZLnU=; b=z7hftJ3Ja7xxcG0MuUzTXSUs0k5Q8gsZGXHPwoVz81VEES2Fm0LfdHYfr1SQX8UB8uemzWyKT cyUYMMZYkBzAxZnjQahUKrhGdVoXSLpmI6oxFjvF4GgOAZvc8hpk8N7 X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This enum originates in generic cryptographic code and has a very generic name. Nowadays it is only used for module signatures. As this enum is going to be exposed in a UAPI header, give it a more specific name for clarity and consistency. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- arch/s390/kernel/machine_kexec_file.c | 2 +- include/linux/module_signature.h | 6 +++--- kernel/module_signature.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machi= ne_kexec_file.c index 1bf59c3f0e2b..667ee9279e23 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -53,7 +53,7 @@ int s390_verify_sig(const char *kernel, unsigned long ker= nel_len) return -EKEYREJECTED; kernel_len -=3D sig_len; =20 - if (ms->id_type !=3D PKEY_ID_PKCS7) + if (ms->id_type !=3D MODULE_SIGNATURE_TYPE_PKCS7) return -EKEYREJECTED; =20 if (ms->algo !=3D 0 || diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 820cc1473383..c3a05d4cfe67 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -14,8 +14,8 @@ /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ #define MODULE_SIG_STRING "~Module signature appended~\n" =20 -enum pkey_id_type { - PKEY_ID_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ }; =20 /* @@ -31,7 +31,7 @@ enum pkey_id_type { struct module_signature { u8 algo; /* Public-key crypto algorithm [0] */ u8 hash; /* Digest algorithm [0] */ - u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ + u8 id_type; /* Key identifier type [enum module_signature_type] */ u8 signer_len; /* Length of signer's name [0] */ u8 key_id_len; /* Length of key identifier [0] */ u8 __pad[3]; diff --git a/kernel/module_signature.c b/kernel/module_signature.c index 00132d12487c..a0eee2fe4368 100644 --- a/kernel/module_signature.c +++ b/kernel/module_signature.c @@ -24,7 +24,7 @@ int mod_check_sig(const struct module_signature *ms, size= _t file_len, if (be32_to_cpu(ms->sig_len) >=3D file_len - sizeof(*ms)) return -EBADMSG; =20 - if (ms->id_type !=3D PKEY_ID_PKCS7) { + if (ms->id_type !=3D MODULE_SIGNATURE_TYPE_PKCS7) { pr_err("%s: not signed with expected PKCS#7 message\n", name); return -ENOPKG; --=20 2.53.0 From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B37F373C1F; Mon, 2 Mar 2026 12:42:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455380; cv=none; b=KJ7Vs5XRJYofucMIcC/ugCxEJk3dybIZaE1WaxvRzesmBYW6OcCgN1qzSdjALBGCU+hYsXRTReuTD3Yt2Ac5JvugEt0Cek/02tnTZDwC5ZeyQiqTGQKUbBm/F8aGHQh0p8yW3ONUUMt0FtIcXkfvR3xbaI2Q9k+ZveXUCFIa408= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455380; c=relaxed/simple; bh=9+IykjM5+dY5sn98CC18UC25he8th29UA2N8+jw3urA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=CWwDNxR/f/vC1MbTSByNXBCmbuSRYPWfHTUDDhW9mjtLCEcgGvEFvioqUO5sT71IG0kbaU4V8GawehCeDCYgHDkgNwTgsBZWKiYBIj3MwnYogI9OEAgS3xlrFTrIGp9px1MntWOqDSWyp83upnJsamy1K4//q2OfrlKZxwUVFhY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=G7fUVQYq; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=nJQc+m+X; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="G7fUVQYq"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="nJQc+m+X" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3nPD+9hI8vr93ENQswr2lT0bcHBLQpzVQifHXVF29X4=; b=G7fUVQYqsHj9j369TUYgzWkjiYptQkWn/O29ckfDJKaGuDQMVlkvXr5/RpMODz8DaZdJfK kjYgZtu77by+I6xZc2X+YHa3p4oHQV86RXPZVPrsssZ/vprD1dxK4NhwC2kHAF8WCOi5CI YOsQhWuUbxbcO2jUvS+nhr6MRcpsIE1044cExhOY9SDdMLcJ8EfDlxdWeGA8z6QawFHyUo dCaDRqaRLT2qUdDHN3b+HWdn38lQC3F951lbNZhx/tCBwnF3uMJDIPuSUIykUMUIlwRwZu T1RFBqoD3Uqsh56Xa6a0nq3U6ztwwjaZnxq5njM4egDqfy2U1pJ9CL5VzE6HAw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3nPD+9hI8vr93ENQswr2lT0bcHBLQpzVQifHXVF29X4=; b=nJQc+m+XufNzlTZsfCHAl/wRtpznIcPUwOY4Ec21Gw9dqVzHeWf7En6hDuTdia2VIReKmM SeddWLymgo2RupDQ== Date: Mon, 02 Mar 2026 13:42:40 +0100 Subject: [PATCH 4/8] module: Give MODULE_SIG_STRING a more descriptive name Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-4-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=4464; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=9+IykjM5+dY5sn98CC18UC25he8th29UA2N8+jw3urA=; b=1+c/k0i8O34rx84KGRm3osKpiBBZnq0h63vMfa+CfTw6ZZtgcMWq2FXezJ9ZbUd2NqqyKXwd9 MYCpXWnexx+Dy0TbmK/59nSsweG3AwvbzXndkd/B/9snwFTzFSgnnLc X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= The purpose of the constant it is not entirely clear from its name. As this constant is going to be exposed in a UAPI header, give it a more specific name for clarity. As all its users call it 'marker', use that wording in the constant itself. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- arch/s390/kernel/machine_kexec_file.c | 4 ++-- include/linux/module_signature.h | 2 +- kernel/module/signing.c | 4 ++-- security/integrity/ima/ima_modsig.c | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machi= ne_kexec_file.c index 667ee9279e23..6f0852d5a3a9 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = =3D { #ifdef CONFIG_KEXEC_SIG int s390_verify_sig(const char *kernel, unsigned long kernel_len) { - const unsigned long marker_len =3D sizeof(MODULE_SIG_STRING) - 1; + const unsigned long marker_len =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; struct module_signature *ms; unsigned long sig_len; int ret; @@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long ker= nel_len) if (marker_len > kernel_len) return -EKEYREJECTED; =20 - if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING, + if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER, marker_len)) return -EKEYREJECTED; kernel_len -=3D marker_len; diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index c3a05d4cfe67..915549c779dc 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -12,7 +12,7 @@ #include =20 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" =20 enum module_signature_type { MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ diff --git a/kernel/module/signing.c b/kernel/module/signing.c index a2ff4242e623..590ba29c85ab 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *inf= o) int module_sig_check(struct load_info *info, int flags) { int err =3D -ENODATA; - const unsigned long markerlen =3D sizeof(MODULE_SIG_STRING) - 1; + const unsigned long markerlen =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; const char *reason; const void *mod =3D info->hdr; bool mangled_module =3D flags & (MODULE_INIT_IGNORE_MODVERSIONS | @@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags) */ if (!mangled_module && info->len > markerlen && - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) =3D= =3D 0) { + memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerle= n) =3D=3D 0) { /* We truncate the module to discard the signature */ info->len -=3D markerlen; err =3D mod_verify_sig(mod, info); diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/i= ma_modsig.c index 9aa92fd35a03..632c746fd81e 100644 --- a/security/integrity/ima/ima_modsig.c +++ b/security/integrity/ima/ima_modsig.c @@ -40,7 +40,7 @@ struct modsig { int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, struct modsig **modsig) { - const size_t marker_len =3D strlen(MODULE_SIG_STRING); + const size_t marker_len =3D strlen(MODULE_SIGNATURE_MARKER); const struct module_signature *sig; struct modsig *hdr; size_t sig_len; @@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf,= loff_t buf_len, return -ENOENT; =20 p =3D buf + buf_len - marker_len; - if (memcmp(p, MODULE_SIG_STRING, marker_len)) + if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len)) return -ENOENT; =20 buf_len -=3D marker_len; @@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const vo= id *buf, loff_t size) * Provide the file contents (minus the appended sig) so that the PKCS7 * code can calculate the file hash. */ - size -=3D modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) + + size -=3D modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) + sizeof(struct module_signature); rc =3D pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size); if (rc) --=20 2.53.0 From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB65B3A0B1A; Mon, 2 Mar 2026 12:42:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455381; cv=none; b=tj4bsSqK2AtyckhkiazKfQH73E++Pul3kzn2cH3EUnxJvTyG1SpGhd5Fo8Pb85PefI60x4aPR8bt6QjJrsRtRL1icQPDwX7Mc0JT0E2PxBWdyq5HJ7YeFU/Ab2IGS1SayG2jCpyYQBYBs1UOAU1Zxx4ovH5k6gXuHqbPbdiyzCA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455381; c=relaxed/simple; bh=tRR2Dn5KQ/C6PdKlEhr7NRW28FPR9hu+PgAv6HFEc8E=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=udYZ3RTDrQeDzIdYfa+j484OQFSeF1zO3Th9Tqo4ZaWLneAR1sOSbYrHTgNaFO6FiOMzsfsaJagIHAPzlF1wRdaTUrTyh+mkPCBRg7XvZJtp0mgcf6A5fGkTtewTx8HVHjPfOO05Ag24TbZl4ZHSpu2k1GmNp5O2X7bFFPDjIaw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=W5nCmiTn; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=zg98dJdX; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="W5nCmiTn"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="zg98dJdX" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455378; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jCxzSZVFqh9jhNOLoH/ZehA5j63V+y+eJ1k8Kue6kxE=; b=W5nCmiTnrcTd4OKBhGLUxhQukleWvlaCdlWF7CovYqtDmXEsBbneCSV8/eDx4WHkfwVY5d sIne4qyjtcjW3v2Uiq2wqKYysGKkHlTAo86S1ubf0a4D+lHKK+DE3fcvA2uEuLMsWNx/dL 06p5dwMyX/E8YvkQsz2YQgWtq1D362mNNUMpgOcFPtWEhsZY/4IJfq0WKNgYxKswSJPjM0 6O8BRgOPN2KOgIq6goaeSblDgB4USDhhChnYFQ/ZUaggPtm7XgF5tETFHK7Xo3f991s7o3 mUXgsfYqhZQCtlcbtf8JILGobbb0petD2v23Js4Hx6E1NU6/Xr4hV9TKw1N2IA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455378; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jCxzSZVFqh9jhNOLoH/ZehA5j63V+y+eJ1k8Kue6kxE=; b=zg98dJdXpC2erMY606BS3L07YdKJAA88wX/as0xf+BnyJF068/LoBOhXXK6oo++PQTNZaz LPlpz/8Ku4yfOMAQ== Date: Mon, 02 Mar 2026 13:42:41 +0100 Subject: [PATCH 5/8] modules: Move 'struct module_signature' to UAPI Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-5-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=3303; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=tRR2Dn5KQ/C6PdKlEhr7NRW28FPR9hu+PgAv6HFEc8E=; b=/i0k+WWLAJ0i1L6QylNHbSFA0xaFSDoZrqkXXsKWUOaDqx41PtsObDk2pSxK60QZ1dy1HxNV0 3Sn2i1w4SJiDOKVC1qF1+63rxHgeizNPrIKpwQEyzq0eO2y2sw+rAKd X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This structure definition is used outside the kernel proper. For example in kmod and the kernel build environment. To allow reuse, move it to a new UAPI header. While it is not a true UAPI, it is a common practice to have non-UAPI interface definitions in the kernel's UAPI headers. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- include/linux/module_signature.h | 28 +----------------------- include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++++= ++++ 2 files changed, 42 insertions(+), 27 deletions(-) diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 915549c779dc..db335d46787f 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -10,33 +10,7 @@ #define _LINUX_MODULE_SIGNATURE_H =20 #include - -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" - -enum module_signature_type { - MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ -}; - -/* - * Module signature information block. - * - * The constituents of the signature section are, in order: - * - * - Signer's name - * - Key identifier - * - Signature data - * - Information block - */ -struct module_signature { - u8 algo; /* Public-key crypto algorithm [0] */ - u8 hash; /* Digest algorithm [0] */ - u8 id_type; /* Key identifier type [enum module_signature_type] */ - u8 signer_len; /* Length of signer's name [0] */ - u8 key_id_len; /* Length of key identifier [0] */ - u8 __pad[3]; - __be32 sig_len; /* Length of signature data */ -}; +#include =20 int mod_check_sig(const struct module_signature *ms, size_t file_len, const char *name); diff --git a/include/uapi/linux/module_signature.h b/include/uapi/linux/mod= ule_signature.h new file mode 100644 index 000000000000..634c9f1c8fc2 --- /dev/null +++ b/include/uapi/linux/module_signature.h @@ -0,0 +1,41 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + */ + +#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H +#define _UAPI_LINUX_MODULE_SIGNATURE_H + +#include + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" + +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + __u8 algo; /* Public-key crypto algorithm [0] */ + __u8 hash; /* Digest algorithm [0] */ + __u8 id_type; /* Key identifier type [enum module_signature_type] */ + __u8 signer_len; /* Length of signer's name [0] */ + __u8 key_id_len; /* Length of key identifier [0] */ + __u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ +}; + +#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */ --=20 2.53.0 From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 600533A1D01; Mon, 2 Mar 2026 12:43:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455381; cv=none; b=oyvhhLVOb/sO5j3OPTXNh9bmkC+BhTBFm/r+rpoC3V5jmOFflIuPI6JLqs2FEda2yhEFSu9H9WMQVvbmJ2VRpBKrLZnynhMbI7SXQ60j2Iai/R64VVlc2M3YdNbekIL/paXn62QrUPB2adUmUD2h1GsMyYw+EiOQcvkFjbqAcpQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455381; c=relaxed/simple; bh=rPL2cqlC5kbseMgdT0Xm+ZJVRw6e8BXgriOnLqfKY6A=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RwcWgRXdO3Bv6z0+0XYMJdpZdf/eTnnsOrymyeLwBAF6X5jVXoAgFxYvHqonCRoCoIiLLpvx0tIAUdgp40R4GVU10B5E2x6fU3SUuq/y7ELzPD9qdMrcgyyhl2s9ZVZsX25EqxxQfdbL/iNU8wSVu1EM70zvgXmslQayRb3NdqQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=C6ebrqxX; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=7/HdWbUo; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="C6ebrqxX"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="7/HdWbUo" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455378; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l9pJ+vyM4KJKwO7mQQdL9FppHYZqklmr2LP1cMlXywY=; b=C6ebrqxXYpSKen82t8Yvy3w3BSQz0IDGpEQkmJEKTqLYZV/w7bvpNmLh5HtLqNoLj9yZTd nAjuM8MuuYC/4H8iWTYciFkq3jY6gWbS0mSrIdHGhnemiWJqJWw1erTlvJgGeGb0JW8w3O tpObJIDqhYgi2KzdSLxceUpwtpX1wu2ZZIgUT/94HrjXynt1w5G5POwCqFM9VVuFmQcRas StOe8k5uMW5345nV1y2pCGSeXSyZ/YUadlvlzkyqGRkwARSfoMO9DILFRsZLWZl5JTPlvz WPuBAasEJlSy1aCzyhjYnH6aleX1wVvI7ViGwc1qWygVDhoRd2Yt/qb2cds7mw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455378; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l9pJ+vyM4KJKwO7mQQdL9FppHYZqklmr2LP1cMlXywY=; b=7/HdWbUoTvl9gt/jY0n1X7e6YcgHBls7uoRKqAgxQWTCur9uvRAIJ8axnC9FaXKklYPuVV LQB03y4cJbsJF1Cg== Date: Mon, 02 Mar 2026 13:42:42 +0100 Subject: [PATCH 6/8] tools uapi headers: add linux/module_signature.h Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-6-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=1806; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=rPL2cqlC5kbseMgdT0Xm+ZJVRw6e8BXgriOnLqfKY6A=; b=E4pAyDe4KeKmE6wPTrYvOL6Q96Kbxt34jW0gc9c+kEnxH971RpaJHU8oPzJvpJ83ytmfHNVpn Szp7aGGgmU0C1zmuz9FQeZiragOlalTcxRhnggV6X+4WOAlXar/1M5J X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This header is going to be used from scripts/sign-file. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- tools/include/uapi/linux/module_signature.h | 42 +++++++++++++++++++++++++= ++++ 1 file changed, 42 insertions(+) diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/ua= pi/linux/module_signature.h new file mode 100644 index 000000000000..6f4f7539fe8d --- /dev/null +++ b/tools/include/uapi/linux/module_signature.h @@ -0,0 +1,42 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + */ + +#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H +#define _UAPI_LINUX_MODULE_SIGNATURE_H + +#include + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" + +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ + MODULE_SIGNATURE_TYPE_MERKLE =3D 3, /* Merkle proof for modules */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + __u8 algo; /* Public-key crypto algorithm [0] */ + __u8 hash; /* Digest algorithm [0] */ + __u8 id_type; /* Key identifier type [enum module_signature_type] */ + __u8 signer_len; /* Length of signer's name [0] */ + __u8 key_id_len; /* Length of key identifier [0] */ + __u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ +}; + +#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */ --=20 2.53.0 From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D014C3AEF53; Mon, 2 Mar 2026 12:43:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455383; cv=none; b=VUHnmaQh3Tu4Awia94kdBHL5htL/P4vpqf0+NwtRzMWhuKDl5dkbUBLIznBck1VX7n5Ao+9XmH7Bpt8CRdm0iVycfAXjXCgTrlDubKTGzNPKv9I9Xh/xn7lkL2plKCWi1buHiPXgBnFWGxAxNgz/awlAcAIzwNkpmVtu1Y/N87k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455383; c=relaxed/simple; bh=ItrkaxTtOGN835/CvSgTznvD7+k8FwNKGNYkkXbX4/Y=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SkotBndK4V8lH/TLpMaBKsjYvJ/+KWNNNgUP+x/8wyawVXdh3amxd8X36clR4CCTXpjRm0dlqAuHQValgl8TN1v91DQqYj0drLzG3PasS2MQP5YX01JW+1zebRCayc/g/1soHnNj9rsMPh8uwWMFUifA3XrQMo+MPwjUGWHqKa8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=1pwwlmVv; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=v+OQjfkC; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="1pwwlmVv"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="v+OQjfkC" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455379; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vEJzQOd+GVy7XQbRHuQT8TK8iig3Hy/UQSzsFJ1bbLU=; b=1pwwlmVvgmnn/8y5rs+MMNuVtblHbF7gpoF/MxUdPN7Dii8xFaVXgEAM5U5fisE0yP05q2 A3r1kpNdw9QHUFFYypzUDrmPDOqCYNWIiFsjnLUry2OaYQYInUcM0JNuVp+HJJ+Aw/8Zpj nJbw9UXhtBf6CMWRERM5a/0lSAz3kG3hTxuGMZdZaiWmxCk7RKbWkrHZJ+rI/sAHS4M8b5 CeflgryZQYQUBnjzYpnuYTu2xNj+BVSVHF+7HT8Bgj7Hqf8gMZ+VERxFvDXcdZLhv8ZK5m zdX02jyRooRafVrOdme8+9coZW9Qp1wZQ7dKtzx/EUXAwwcBL5M/IyU5z93xdw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455379; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vEJzQOd+GVy7XQbRHuQT8TK8iig3Hy/UQSzsFJ1bbLU=; b=v+OQjfkCUa7covzlpfwodNat04cWqFUfn3C92JCGcv1DDv8je6v3VbNVFxtM4Iyc2v16nN JZxyyOxlcEKs9bAQ== Date: Mon, 02 Mar 2026 13:42:43 +0100 Subject: [PATCH 7/8] sign-file: use 'struct module_signature' from the UAPI headers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-7-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=2557; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=ItrkaxTtOGN835/CvSgTznvD7+k8FwNKGNYkkXbX4/Y=; b=gCptxACP9XhqG+fL0MNxwtjK8/aCAC2/pSFqGalQ49vlqdNVNZyEfZaI7iI5eu8wy2oj9NUSQ +uVsn0RIo9AAN3l7411vFn5U5IZBXY5F4AjUw8TRxmenwO+rF0RyeLb X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Now that the UAPI headers provide the required definitions, use those. Some symbols have been renamed, adapt to those. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- scripts/Makefile | 1 + scripts/sign-file.c | 19 ++++--------------- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/scripts/Makefile b/scripts/Makefile index 0941e5ce7b57..3434a82a119f 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -35,6 +35,7 @@ HOSTCFLAGS_sorttable.o =3D -I$(srctree)/tools/include HOSTLDLIBS_sorttable =3D -lpthread HOSTCFLAGS_asn1_compiler.o =3D -I$(srctree)/include HOSTCFLAGS_sign-file.o =3D $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2>= /dev/null) +HOSTCFLAGS_sign-file.o +=3D -I$(srctree)/tools/include/uapi/ HOSTLDLIBS_sign-file =3D $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /de= v/null || echo -lcrypto) =20 ifdef CONFIG_UNWINDER_ORC diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 73fbefd2e540..86b010ac1514 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -40,19 +40,7 @@ #endif #include "ssl-common.h" =20 -struct module_signature { - uint8_t algo; /* Public-key crypto algorithm [0] */ - uint8_t hash; /* Digest algorithm [0] */ - uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ - uint8_t signer_len; /* Length of signer's name [0] */ - uint8_t key_id_len; /* Length of key identifier [0] */ - uint8_t __pad[3]; - uint32_t sig_len; /* Length of signature data */ -}; - -#define PKEY_ID_PKCS7 2 - -static char magic_number[] =3D "~Module signature appended~\n"; +#include =20 static __attribute__((noreturn)) void format(void) @@ -197,7 +185,7 @@ static X509 *read_x509(const char *x509_name) =20 int main(int argc, char **argv) { - struct module_signature sig_info =3D { .id_type =3D PKEY_ID_PKCS7 }; + struct module_signature sig_info =3D { .id_type =3D MODULE_SIGNATURE_TYPE= _PKCS7 }; char *hash_algo =3D NULL; char *private_key_name =3D NULL, *raw_sig_name =3D NULL; char *x509_name, *module_name, *dest_name; @@ -357,7 +345,8 @@ int main(int argc, char **argv) sig_size =3D BIO_number_written(bd) - module_size; sig_info.sig_len =3D htonl(sig_size); ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); - ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest= _name); + ERR(BIO_write(bd, MODULE_SIGNATURE_MARKER, sizeof(MODULE_SIGNATURE_MARKER= ) - 1) < 0, + "%s", dest_name); =20 ERR(BIO_free(bd) !=3D 1, "%s", dest_name); =20 --=20 2.53.0 From nobody Thu Apr 9 12:08:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 099CD3876AC; Mon, 2 Mar 2026 12:43:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455384; cv=none; b=AKI5w9fmajRatu8tSl1fpiB1148mdy52R8aebVi46Zteli7HLc4QJZQY/eP2Au2rpqva7vSIjQuhtGxPQkoyTsOUM2jKn097gKAbLregHTja8ClRva/IALJuBIBLAgX57Vuna/B8ied+p94hwDfJgPGn7rs71/0LCjo62lIE5sI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772455384; c=relaxed/simple; bh=cSyXaR9CC/kzl95o4jDS3lCVCTRqIF6V40mtMwdZY4s=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=em8Hr5ONQL7Fu9vYU52mWlmAWT8W7XEOpGTInIzq06/Lb2+bwc5/YN3ZfGEbdfkGVtWYIUGK8eKSQ94Im2zdWYYabp4GGnFWBQ/oHB2ceMcIjPYNVeRu+sk27kj1wuHaltC5e2khNcHBK4UcHYfAix/nmeszIniS2KL7U+xMwTk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=IoqCtrXo; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=ONAn918A; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="IoqCtrXo"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="ONAn918A" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772455380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7zIQjC5c3Xpy63Pp68hHQZNu1F60+I8OSONI8GYykYA=; b=IoqCtrXoaJwzS6N6YTMfyUCj8OoW/1gp3fYpZspd73A5UUdimUnCT3INryfBOp/Uidvt2O fFZBSh625EH/xOiIUs7bliPhEW7eIe4oVRbndQ7JS0HExPt2BnyyJr3BBFi0HANX3JY+U6 qFbpYUo/e8e9VwdmLq9ekhd6KfZylVBHlHOHTiuCuUrnCaZLG019mVSHnZ/Lyf+cWBhcsS T2eHYhWbptKMW1dTMPI03AVU7pIPWBhnVBFcsKpQ5KcueStobqAfhhAciAS3S0oxluNuGs 3LTkoF7DadXFNeuYl1q9LHB9gjovU0Vq093pmu6Rfx1KcM0E3m55fqPDcKGEIw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772455380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7zIQjC5c3Xpy63Pp68hHQZNu1F60+I8OSONI8GYykYA=; b=ONAn918AO3qUbTFSO+cpvPOefdI2PFu7IqaG5s12rfqY+JxpiTHetkmBVDwhXDQ+tZasVd KGa3KguKgsiBfwDw== Date: Mon, 02 Mar 2026 13:42:44 +0100 Subject: [PATCH 8/8] selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260302-module-signature-uapi-v1-8-207d955e0d69@linutronix.de> References: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> In-Reply-To: <20260302-module-signature-uapi-v1-0-207d955e0d69@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772455374; l=2301; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=cSyXaR9CC/kzl95o4jDS3lCVCTRqIF6V40mtMwdZY4s=; b=mt33KH6e4U4abWVfxbWix+ZkiYK/4AzVrqC4RxG9vRwCPeDfWtoMAsO7WQhrIzjBQx3/Orhg9 AizCR+OrzOJDG/jUpSJSipbzlY/d2Yw2F4CzWtoPNcOrPYGTWaVIQux X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Now that the UAPI headers provide the required definitions, use those. Some symbols have been renamed, adapt to those. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- .../selftests/bpf/prog_tests/verify_pkcs7_sig.c | 28 +++---------------= ---- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c b/to= ols/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c index 4d69d9d55e17..f327feb8e38c 100644 --- a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c +++ b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c @@ -18,6 +18,7 @@ #include #include #include +#include #include =20 #include "test_verify_pkcs7_sig.skel.h" @@ -33,29 +34,6 @@ #define SHA256_DIGEST_SIZE 32 #endif =20 -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" - -/* - * Module signature information block. - * - * The constituents of the signature section are, in order: - * - * - Signer's name - * - Key identifier - * - Signature data - * - Information block - */ -struct module_signature { - __u8 algo; /* Public-key crypto algorithm [0] */ - __u8 hash; /* Digest algorithm [0] */ - __u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ - __u8 signer_len; /* Length of signer's name [0] */ - __u8 key_id_len; /* Length of key identifier [0] */ - __u8 __pad[3]; - __be32 sig_len; /* Length of signature data */ -}; - struct data { __u8 data[MAX_DATA_SIZE]; __u32 data_len; @@ -215,7 +193,7 @@ static int populate_data_item_mod(struct data *data_ite= m) return 0; =20 modlen =3D st.st_size; - marker_len =3D sizeof(MODULE_SIG_STRING) - 1; + marker_len =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; =20 fd =3D open(mod_path, O_RDONLY); if (fd =3D=3D -1) @@ -228,7 +206,7 @@ static int populate_data_item_mod(struct data *data_ite= m) if (mod =3D=3D MAP_FAILED) return -errno; =20 - if (strncmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len)) { + if (strncmp(mod + modlen - marker_len, MODULE_SIGNATURE_MARKER, marker_le= n)) { ret =3D -EINVAL; goto out; } --=20 2.53.0