From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 81B32313E05; Thu, 5 Mar 2026 07:11:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694717; cv=none; b=Cwg2uRRUt7jLpRx1jJiBLyX5eunVdrLkbfdbwmpqfk4Z9iKcMVfiL8bk47sFxxkU6gp39seVdnDGhEdaK0kV4Z8g47IV+rgc3ASlz9smL8RGThNHvuTZQRdMPYMZ1tpgKjh+HLxlgncBKF0LIQwpXWfKQgcFLeAvD0YPgLk/YSA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694717; c=relaxed/simple; bh=C5+VU6Rj3AzAAjH6qgyvpICOEokAeHvmCW4pKOiv3Qo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GQqH6wWA8RFUKQXtoAbN6mjSggp30g4ItzFXgMUIS3Vn08fxrTjC1rX3htyU2bXjNORiInREaS/uKpISykLaZCMUE5rVN4F3GMo30fXa7WEcJIDqml/pxImy+ZvzKP9k+LBIRn6HjCD+QXzVH+7mDPw935y8nXpkiRu94h+bUTc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=GmWUCy99; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=fDFPY/kF; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="GmWUCy99"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="fDFPY/kF" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/RkkBJiLBbpdzJTeKxKjRuAgXGRoNTF0V2kg5fwbGXY=; b=GmWUCy99wdqX7hTlOANFHdp1xX5qU5aF0LnzQBCRGuIzFX6jaPfcLtd8KLQTT2GjZuUMlC JeNXGQdOIRRhuSJkDvlXmq5BL3MqDQ8gcP6PlcopaCbriW57Pn1AodDw3MybnVnecqvtSW 2XwzIFRp7URb0ZTL5A4i/WrJnfraaF6S9IrUsbDcgOZVzSWG6LwSN6fIVdVjp12viPcGNM o3AWiqfqtUUUApRFwZmjTO7LeBKLDzYv3mTpKTTaa4RGcBhOO2h2uFLGQgJcOw7841X8a1 qt6hVNxpAmu0vEe3S2c1YgB26KBVd7HCESLWBnX089IVTyfEGQXo63ghVlu9Zg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/RkkBJiLBbpdzJTeKxKjRuAgXGRoNTF0V2kg5fwbGXY=; b=fDFPY/kF0Aba7eD2E7dCZ7YeGLYjVBF3swd6U91yfUNtsgk+S9Q3PXMWDu5CAVLSAZcsFX nyYVunsq5kUbh2CA== Date: Thu, 05 Mar 2026 08:11:51 +0100 Subject: [PATCH v2 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-1-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=672; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=C5+VU6Rj3AzAAjH6qgyvpICOEokAeHvmCW4pKOiv3Qo=; b=BqTa/nB/ZbjoULXVTnrG4fZ6f/DesQPDBO3szX9KpD1OcnfWk2dSwxR2zUUC7NOArmZJ6g4yj jmhXCTFskqbDTHBwaCMqoPrfWfDMYuWPYGykdmuk+jRtWJmc++9HqKV X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This definition duplicates a definition from an internal kernel header which is going to be renamed. To get rid of an instance of the old name, drop the definition. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- certs/extract-cert.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/certs/extract-cert.c b/certs/extract-cert.c index 7d6d468ed612..8c762f908443 100644 --- a/certs/extract-cert.c +++ b/certs/extract-cert.c @@ -33,8 +33,6 @@ #endif #include "ssl-common.h" =20 -#define PKEY_ID_PKCS7 2 - static __attribute__((noreturn)) void format(void) { --=20 2.53.0 From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14614313543; Thu, 5 Mar 2026 07:11:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694718; cv=none; b=MaIlXdC3+uxhp4vVwh3XehR/2sM2D4q9Pq7EcWV7kMUQ1UTgayTL9jD16jUwewmNiCOJkI/zSihJV8UuqHSKidQalaouSZxYKD5vDF8wB1mE2LDG+Klch27inzlNEMmdlkMOqFc2h+N8Cnj1JdU1EdxPDmSHPjKz7KpfJ0aBdUs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694718; c=relaxed/simple; bh=IMnfzkWW/lJ2khnY0abUgZ3GDYlJP3VKRnu8Fk7kfi8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=R/MQrXf9811OgWdI/mCRuWseMeyTa6MSk0Wt+aAu9LerhlIhj9XDQsplXTf/lDt+/CbpZr7ll+czkVqer16v398HMkL/Rjb2lKzX/D3Ohm6SPSu0MEZ76gztSd2TX43j/TFKj9ItJB/HgPDgZ6/ZQ1sY679oA2SSAHGUxRReyFA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=MsTQK8kg; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=fK3GCUQE; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="MsTQK8kg"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="fK3GCUQE" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694715; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gpj/sYIOmRFElLcGAt+aF/dk/ZrzzTgowa10UT0Mh2U=; b=MsTQK8kghZQ6H+hm1SZl1W9E/qsCKxTp34CwYZF8QLHHLzOJP+BNNgEv8wYYxxjWNepypF +WApmu17bDz3s9E9OZE0J6vDyTLzcuTuI/DV/i0nmHH9hKR6BS6HeM4lOMoXS7cmj0sgnt QefdittF8La3s1CvNlhZFmjx9ype7fC72w6eKj85qMMX7xtA52I0dh/14YnQZ/TEmdILSD 8J8eYl8QzexgHsOzDFrYoN3GL21XOd7Phuoz031S66v61uemTyxhse802xMpKuyGU+mvRr mDcZJTIdZSKjqyeU8WY5s36P1IxdZf8xqLPDm1xJFgE9PPwxo7Zgsuz2NeJ2jg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694715; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gpj/sYIOmRFElLcGAt+aF/dk/ZrzzTgowa10UT0Mh2U=; b=fK3GCUQE9b+mkcHFBoNBmpeTTBcVIEAZKXAuoOph3+Zh0/WAsEH+tcFs4H+zEIbjPv5a+s Vi+XgPo5CdjcZ4Dw== Date: Thu, 05 Mar 2026 08:11:52 +0100 Subject: [PATCH v2 2/8] module: Drop unused signature types Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-2-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=911; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=IMnfzkWW/lJ2khnY0abUgZ3GDYlJP3VKRnu8Fk7kfi8=; b=1fhqYsOuRHGlPAGJrQElarGPZg6g1CzFBxfifsRUxlx3JQ8+I2k1mAreCQDoWs43MiGW6Olct 8ydSx0mcGHQDJE44YBzhhGdum3GGEMaDrPV40vEWqWrocNjLO1ckZvf X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Only PKCS#7 signatures are used today. Remove the unused enum values. As this enum is used in on-disk data, preserve the numeric value. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- include/linux/module_signature.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 7eb4b00381ac..820cc1473383 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -15,9 +15,7 @@ #define MODULE_SIG_STRING "~Module signature appended~\n" =20 enum pkey_id_type { - PKEY_ID_PGP, /* OpenPGP generated key ID */ - PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ - PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ + PKEY_ID_PKCS7 =3D 2, /* Signature in PKCS#7 message */ }; =20 /* --=20 2.53.0 From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 859D631355D; Thu, 5 Mar 2026 07:11:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694719; cv=none; b=SUzL85W43C+2ZUhETS0d7t/LMqv1K0H6jnaCMNcuHHc7SLLA0eA3pgIPcCCXDuHometaYpwNfXrU22H9k5hLR+QJf4UyrJHvJ8jum8Z0296bZi4/vWYBJ9QIW2BwzABRDO+aN3otU2jh7YXaZd/Abr3wiBluXEJ89tLfgsIvM9I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694719; c=relaxed/simple; bh=0hFooFnHCbtyEcdlys+/j5z4JpvnkphkvXvFV2sQM+I=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=LFV0wlUiJtxbjDQEsGNH8Q2UcQRQbp5NgMxgOvIUBu1Q8BjVfPysKwCSEVtXDjrpL/qod/8ijI9CBbYvOla/n3mNTj3+id95gY3/95aepwg5l6GFSNKKSZLgo15dT5Z26bWUMcjYfOWMCBzNrK+BEB90qHgD7uGuZv//Fvo9AY8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=zJwFRc7E; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=cEHfgT/1; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="zJwFRc7E"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="cEHfgT/1" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x6XHgze9+I6IR83T3SKiAcKjzRKh0KdaqB85aJ6dP2A=; b=zJwFRc7EHdC35eal6Xk45HPtnpDqPYlL98iDduCeTJ1QsXH0G4pqs86ANPMipcEOVsK2a8 /fE+D7ZMtFYIDLvIzrESw+I3Kch1CKr9p2rfOw5751xVj1vdwFgIPF8kNUDlJdyPSLnqZv bB+mEnPXbvDM2utcSY+CO3w2o6xJI/HIabLQtOb570NRsOH/K0+B3VkNNKv3mDuGkko9rN mCqHywXBQ35XIWRvBxYW3f0olCGr4Dytt/V4JLTc4YsqSM79RbbRwwpU+j0QVUXqXyNork zRIX+GPB2UhedPxaNox3DYCr0ScOANaqVrfY3HMi7n8PhOqrteCStygjhfwTew== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x6XHgze9+I6IR83T3SKiAcKjzRKh0KdaqB85aJ6dP2A=; b=cEHfgT/1wrF6XD1O9Tr5B2WZPtDjLRzMt9M3tlHGOYPchCROBvbTVixuD4VIGUaleoVAhK FarRnYdkZfSNQdDQ== Date: Thu, 05 Mar 2026 08:11:53 +0100 Subject: [PATCH v2 3/8] module: Give 'enum pkey_id_type' a more specific name Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-3-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=2573; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=0hFooFnHCbtyEcdlys+/j5z4JpvnkphkvXvFV2sQM+I=; b=ADURXUtG29Lunox5rPl0sXkssb6GXRm1h90A2IhLf80mC0+vFyfNAcD4x2MoZdXKYOKsvCgqF Nqbh8otBJHgBflOe2z4mJ9pfql2eXF8okb0aL3g0nh7NPQmmS737WYy X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This enum originates in generic cryptographic code and has a very generic name. Nowadays it is only used for module signatures. As this enum is going to be exposed in a UAPI header, give it a more specific name for clarity and consistency. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- arch/s390/kernel/machine_kexec_file.c | 2 +- include/linux/module_signature.h | 6 +++--- kernel/module_signature.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machi= ne_kexec_file.c index 1bf59c3f0e2b..667ee9279e23 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -53,7 +53,7 @@ int s390_verify_sig(const char *kernel, unsigned long ker= nel_len) return -EKEYREJECTED; kernel_len -=3D sig_len; =20 - if (ms->id_type !=3D PKEY_ID_PKCS7) + if (ms->id_type !=3D MODULE_SIGNATURE_TYPE_PKCS7) return -EKEYREJECTED; =20 if (ms->algo !=3D 0 || diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 820cc1473383..c3a05d4cfe67 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -14,8 +14,8 @@ /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ #define MODULE_SIG_STRING "~Module signature appended~\n" =20 -enum pkey_id_type { - PKEY_ID_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ }; =20 /* @@ -31,7 +31,7 @@ enum pkey_id_type { struct module_signature { u8 algo; /* Public-key crypto algorithm [0] */ u8 hash; /* Digest algorithm [0] */ - u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ + u8 id_type; /* Key identifier type [enum module_signature_type] */ u8 signer_len; /* Length of signer's name [0] */ u8 key_id_len; /* Length of key identifier [0] */ u8 __pad[3]; diff --git a/kernel/module_signature.c b/kernel/module_signature.c index 00132d12487c..a0eee2fe4368 100644 --- a/kernel/module_signature.c +++ b/kernel/module_signature.c @@ -24,7 +24,7 @@ int mod_check_sig(const struct module_signature *ms, size= _t file_len, if (be32_to_cpu(ms->sig_len) >=3D file_len - sizeof(*ms)) return -EBADMSG; =20 - if (ms->id_type !=3D PKEY_ID_PKCS7) { + if (ms->id_type !=3D MODULE_SIGNATURE_TYPE_PKCS7) { pr_err("%s: not signed with expected PKCS#7 message\n", name); return -ENOPKG; --=20 2.53.0 From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 27FD431F9A6; Thu, 5 Mar 2026 07:11:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694719; cv=none; b=Bq1Vy2S7Xlzcb5UBWgFRMPs/kUCyo/K5R8Db5lcI/JE7wO6QEu2vR+Dn+hd7ji8DEes2MwjlUTiCjedVOvqUmHKm354tPLbxHPdk/4yfWFtWucgKtLXgwaw8CA7da5J11qunPqleTABwLCmsbYrAxsqbHhbGHsz78omEC2J/QpA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694719; c=relaxed/simple; bh=lm2zdd1A7Pa39t7QGFEXw1w4jepGk8HgTJnI9lzo6So=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=fFGjSkhMx8z1PqVAn8Mut/z7hZQEqSO0mLtg/yIrOI5fAfg/OAeG2RPH2pdG8kxVr7XRZQcwjrBCsJT1OiHX4XJeTZxYx863L8YZoWzN0ogSu7RohMHS9bEkZeCZhWY0a4Nop0PpWP/vDcPwQY5Hp7wCGg6eIeRjBNBkHoC17UU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=hHHWE6qO; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=/cFEwIqn; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="hHHWE6qO"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="/cFEwIqn" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hyqXPUmQIvIGFxEm9KyWySX9eEIsRTDaevUpvtqQ49Y=; b=hHHWE6qO2w7N9k2PX13Th6Qi8PE6DO7vGYVZiEi+HUQA64mQ1l6Zgrzl8OW+ckOfIolWvK JR/jJWiNNO2pZK4J3056hbMNEsdPf++r0a4wd8GuqnFlAo/vs5TnY5DbgbIzzvvnAk31Bn puoYMT9VPRWr/obxwu1Pz5v04UvTXfEJHh87iLdHY/LupB3YBGbA/g1TNbg+O7Ks0/BFXn +zW6ZnoOCQwL3+LebKThaWmDFaTH+N4jRKM6S1CjPnWiDzvwxlI/Kn90VX/QCWhHbqYktO ZdtGmTxxJXOm9yEtehElvuhHo0ZtRVGG2OfkdVVt3qp38/nbZsAO27z7eI6JXA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hyqXPUmQIvIGFxEm9KyWySX9eEIsRTDaevUpvtqQ49Y=; b=/cFEwIqnaLrgkd67t86VmXnG7wWL/gu7WST9kU69v6XphaEghl99TukQ1egPLlMMNbjqpx 1KLD/OVQbl/sEGCQ== Date: Thu, 05 Mar 2026 08:11:54 +0100 Subject: [PATCH v2 4/8] module: Give MODULE_SIG_STRING a more descriptive name Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-4-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=4511; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=lm2zdd1A7Pa39t7QGFEXw1w4jepGk8HgTJnI9lzo6So=; b=2YPpLLNIpoQvw0pSfhqynlGKSojRdOXRsSsl90BiLQ7EJcAIBlo4aeonDyKMETIJ/aPwbIemf o2LhQRzDkUOC/dujkPs70nt4vSFiffC85r3k1tff1MRXPH/QG5puN2r X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= The purpose of the constant it is not entirely clear from its name. As this constant is going to be exposed in a UAPI header, give it a more specific name for clarity. As all its users call it 'marker', use that wording in the constant itself. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- arch/s390/kernel/machine_kexec_file.c | 4 ++-- include/linux/module_signature.h | 2 +- kernel/module/signing.c | 4 ++-- security/integrity/ima/ima_modsig.c | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machi= ne_kexec_file.c index 667ee9279e23..6f0852d5a3a9 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = =3D { #ifdef CONFIG_KEXEC_SIG int s390_verify_sig(const char *kernel, unsigned long kernel_len) { - const unsigned long marker_len =3D sizeof(MODULE_SIG_STRING) - 1; + const unsigned long marker_len =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; struct module_signature *ms; unsigned long sig_len; int ret; @@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long ker= nel_len) if (marker_len > kernel_len) return -EKEYREJECTED; =20 - if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING, + if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER, marker_len)) return -EKEYREJECTED; kernel_len -=3D marker_len; diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index c3a05d4cfe67..915549c779dc 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -12,7 +12,7 @@ #include =20 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" =20 enum module_signature_type { MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ diff --git a/kernel/module/signing.c b/kernel/module/signing.c index a2ff4242e623..590ba29c85ab 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *inf= o) int module_sig_check(struct load_info *info, int flags) { int err =3D -ENODATA; - const unsigned long markerlen =3D sizeof(MODULE_SIG_STRING) - 1; + const unsigned long markerlen =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; const char *reason; const void *mod =3D info->hdr; bool mangled_module =3D flags & (MODULE_INIT_IGNORE_MODVERSIONS | @@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags) */ if (!mangled_module && info->len > markerlen && - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) =3D= =3D 0) { + memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerle= n) =3D=3D 0) { /* We truncate the module to discard the signature */ info->len -=3D markerlen; err =3D mod_verify_sig(mod, info); diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/i= ma_modsig.c index 9aa92fd35a03..632c746fd81e 100644 --- a/security/integrity/ima/ima_modsig.c +++ b/security/integrity/ima/ima_modsig.c @@ -40,7 +40,7 @@ struct modsig { int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, struct modsig **modsig) { - const size_t marker_len =3D strlen(MODULE_SIG_STRING); + const size_t marker_len =3D strlen(MODULE_SIGNATURE_MARKER); const struct module_signature *sig; struct modsig *hdr; size_t sig_len; @@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf,= loff_t buf_len, return -ENOENT; =20 p =3D buf + buf_len - marker_len; - if (memcmp(p, MODULE_SIG_STRING, marker_len)) + if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len)) return -ENOENT; =20 buf_len -=3D marker_len; @@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const vo= id *buf, loff_t size) * Provide the file contents (minus the appended sig) so that the PKCS7 * code can calculate the file hash. */ - size -=3D modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) + + size -=3D modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) + sizeof(struct module_signature); rc =3D pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size); if (rc) --=20 2.53.0 From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D085D327C09; Thu, 5 Mar 2026 07:11:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694720; cv=none; b=QD6XlyoNTk8AdutV7P6vwMF6q4qafnoBOKpVt7V3tNvAwaFuYr4MeiKDiuoZbMboQoaW2lwemYQAesJlVFgbHjOFclMOyCB29/2U6UOR2v/wYGYXEXmbs8afvRtEGzvH2IQWEPqoI9QXLTt3bGr3KT/W7RRx61UKsMwMt71sFzg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694720; c=relaxed/simple; bh=82oL3WtgAN64LHuHNcsjPBuF0YKIbNmJsitQ2BVqkYo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NJ1ID8qHEGUUY5pG1Jt5IUdZrftjpulqieHu061KvjaVMYDMRveU2oVmmpelBQaQk26AnuYHmFY+agYBorkhBnT/XKSt/+7/B/w2oI+QaOS3tNF54icZWE4VLiWXnFKDNd5B/R/x5FA+5HtIhYQnlmpY24ncntJvsj2ZpjCPwPY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=F4hDsXB5; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=h2BdqXKe; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="F4hDsXB5"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="h2BdqXKe" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J9omS7dgQ8BXV+q++KcFWhKgcxzIXmvC9J+vXgoKmAc=; b=F4hDsXB5o9D/X4ImTQQK9Y6zJ4mb6qO2dolPmENmc3nEiqQyn/dwRJ3IlPxJ8eJG2tTZ8o EKA462ZUav0mxrYhw/M0OgPw6wfbAZDEpa0060+lyqg5QP5IPYnvRpli2Kc0PdiCQqJbOg qi2zZGhRMVC4KwGThq1oxbLrArSz3Ux+3QXLkdjX6BZq5859IQNOXSx0o15O0LG3C1JozZ gDOYsomTf7HSE6sFtGpe5tJdyVwop2rYS66h6C3RLAMEW6zVMihRCx/rL8I6ca0C6lFs8a KcbWYm/PJ+AYK2l0pponBFQmyjdCnkqB0qhRN2NU0wk63rMQa6ZgNiS1vjc14Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J9omS7dgQ8BXV+q++KcFWhKgcxzIXmvC9J+vXgoKmAc=; b=h2BdqXKekkXuE9+NwFCgVBGJN90MlamOnZA2NTV2mj3tKCAZp8zy0OY96wabm5lwSvu7Iu BSoUSD4IBesPbBCQ== Date: Thu, 05 Mar 2026 08:11:55 +0100 Subject: [PATCH v2 5/8] module: Move 'struct module_signature' to UAPI Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-5-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=3350; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=82oL3WtgAN64LHuHNcsjPBuF0YKIbNmJsitQ2BVqkYo=; b=V3y7YfZKEL022e86uwafHrxG+HeiF9RxejROBwJOEi9XDfPCCWFUbJQ0ovWaQL4xmSa9DtpZj CxDnVZ+6RtEDVn0NvcRtd0rvTathAkxA6A8qfYC4NLl1bV0fAK9DAFY X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This structure definition is used outside the kernel proper. For example in kmod and the kernel build environment. To allow reuse, move it to a new UAPI header. While it is not a true UAPI, it is a common practice to have non-UAPI interface definitions in the kernel's UAPI headers. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- include/linux/module_signature.h | 28 +----------------------- include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++++= ++++ 2 files changed, 42 insertions(+), 27 deletions(-) diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 915549c779dc..db335d46787f 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -10,33 +10,7 @@ #define _LINUX_MODULE_SIGNATURE_H =20 #include - -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" - -enum module_signature_type { - MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ -}; - -/* - * Module signature information block. - * - * The constituents of the signature section are, in order: - * - * - Signer's name - * - Key identifier - * - Signature data - * - Information block - */ -struct module_signature { - u8 algo; /* Public-key crypto algorithm [0] */ - u8 hash; /* Digest algorithm [0] */ - u8 id_type; /* Key identifier type [enum module_signature_type] */ - u8 signer_len; /* Length of signer's name [0] */ - u8 key_id_len; /* Length of key identifier [0] */ - u8 __pad[3]; - __be32 sig_len; /* Length of signature data */ -}; +#include =20 int mod_check_sig(const struct module_signature *ms, size_t file_len, const char *name); diff --git a/include/uapi/linux/module_signature.h b/include/uapi/linux/mod= ule_signature.h new file mode 100644 index 000000000000..634c9f1c8fc2 --- /dev/null +++ b/include/uapi/linux/module_signature.h @@ -0,0 +1,41 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + */ + +#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H +#define _UAPI_LINUX_MODULE_SIGNATURE_H + +#include + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" + +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + __u8 algo; /* Public-key crypto algorithm [0] */ + __u8 hash; /* Digest algorithm [0] */ + __u8 id_type; /* Key identifier type [enum module_signature_type] */ + __u8 signer_len; /* Length of signer's name [0] */ + __u8 key_id_len; /* Length of key identifier [0] */ + __u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ +}; + +#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */ --=20 2.53.0 From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF408327BEC; Thu, 5 Mar 2026 07:11:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694720; cv=none; b=r0l5HWCtMDPYMeYKRUrmt/ZTUrbwzYQaQLsqqYm7HrUlbb1RydHT5k5v/w/j/Vv5QCTbNo1yYtPELbmLLptOzZUYH8b+QL33HoAKgrgNKBf4VS42bdXXpPS5I4SfjaoIvenX0kzefxN6PsdtCD49oMk8gY620AtDHb3T/34GVyQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694720; c=relaxed/simple; bh=tKTmRc6HrP6/OQRgSe9OxodcJLXzMpfhw17bqU4f6CI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Abx7aYVxeTLHTZWd3p/QFwTAbDZlD9tHIb/+WAQ4U5x8tzgnpDfqWZBNXlJ4peVDDiGheAFnqmdbcH4Yh87XhZKQchsIbLZXzFKeZSdfjX0a2Cp2QxscfKBhLSADv4s4hI7F67Ev7wjTObBRziph0yDWRmBdVvYnY3gmdUmuliw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=V5ivcWTU; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=UxmerasS; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="V5ivcWTU"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="UxmerasS" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZMGtWqBpnjIDTR6LwAmpIJP3Qy4dhjS1J0sd7mm9aeM=; b=V5ivcWTUxZdr2tgqC3CMI87kBCtdxsY8OKA0tDClfzs2Ft2/mvShq3r7Fma9F92SJyVyOm diP+7SO/GNs9PiytONJPowX2vVlNVgYzbzXRoWTeZnjGKT/aoIlesKjDebv9yJIY8r+ux+ 7ox0Xq0ivYWMu7nNaI52bEsWOHDTw3DmaCdsFE0WquvJVZJ7w7f12YYjX0ptBWHBvcPZdW VpNTH91ZHd1Ym2ouhXpL9Zh+M94JYGo/yo25nbLZVp8p36uXLmPQ7qX3Kzes/n/7bSFOS3 ZXGT2Nl1B+7ZB7JpAI+nee+BBZa9KtH1CuMD0FWJ8LGZFHduaLlGlkOGHT2TTw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZMGtWqBpnjIDTR6LwAmpIJP3Qy4dhjS1J0sd7mm9aeM=; b=UxmerasSiLW+g2DQe/h+4Mm83vdTkk1OJO82afLBAcpNFKtwGsYJPvAS+qKNUWIQ9UUyOO e8Iadm4tLjJDC0Dg== Date: Thu, 05 Mar 2026 08:11:56 +0100 Subject: [PATCH v2 6/8] tools uapi headers: add linux/module_signature.h Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-6-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=1785; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=tKTmRc6HrP6/OQRgSe9OxodcJLXzMpfhw17bqU4f6CI=; b=+3vx3bSpCHoEVgsOHlcluBxd4hRQB0nBZk3B61kDfpgy+y3FGxTrsKS2h/B47UxL3vDTYRL8k RH6ppRFUMHVDVIURHuF+F2Ho8USBx8BQCEKJhmaQlYdKzysXCvrLMq7 X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This header is going to be used from scripts/sign-file. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- tools/include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++= ++++ 1 file changed, 41 insertions(+) diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/ua= pi/linux/module_signature.h new file mode 100644 index 000000000000..634c9f1c8fc2 --- /dev/null +++ b/tools/include/uapi/linux/module_signature.h @@ -0,0 +1,41 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + */ + +#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H +#define _UAPI_LINUX_MODULE_SIGNATURE_H + +#include + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" + +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + __u8 algo; /* Public-key crypto algorithm [0] */ + __u8 hash; /* Digest algorithm [0] */ + __u8 id_type; /* Key identifier type [enum module_signature_type] */ + __u8 signer_len; /* Length of signer's name [0] */ + __u8 key_id_len; /* Length of key identifier [0] */ + __u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ +}; + +#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */ --=20 2.53.0 From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 447DD31E825; Thu, 5 Mar 2026 07:11:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694721; cv=none; b=d3jQ+I66hPlTFsL9DMNPJlHRSnLSLiM8/WLfjoMRro4K3J7LYgn5RQ4fSZWYc+tSZf7GIRCZKbmMJ2pIcec9adG9n8xIh+N5XlXUQ9btzVZnrgiNrhxnLwjL1vgj8U+tMyE6qjh8oAymQeMuZ6I+CE85inmZBFN5/nm5RjK583I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694721; c=relaxed/simple; bh=M41jEYdsfnsqEnfdtlrISVzlWoWoJRh8+lq5aeoW4ys=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=f8BZPjPk6mPzoi+Hy+C/iuSQ1a6W5WosFWgJsMziIO2H7c2Nt3kGeEWyg8kpQWH8s1BmHuhq7UTu4AjDatbXCuxYWCCbNAyzfjxchzx16i+3NXNuiLIpZoaRmTj/KPltalbZ0d7pgtU/9eOiQpKiwcGRJmhmWWtlMI+BYE/mock= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=mHchs6MW; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=FtvQylcp; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="mHchs6MW"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="FtvQylcp" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=D+tFGStkyju+xTwo19bkVzFuNowP5SRhznp5jZXaJQo=; b=mHchs6MWinCQWCCo59O5LMKKaOtHYCFJng1Tftq0tkUamM1iEBvUOHOMnDN0d0yCh4Qyk7 Ko+prvcF69DRXdPvARfyvBgRJHKpuZPXcniJbc3eN+j1r1WxGty4VE6dyZS7jHvHOVq0QO lVC5NNRdnSsLaAWT0UhR/NoV3tn4jBM9d1OrD4vpWk/W3eVlfQxEOH7xEqqi897RH9jLAG 2M8FSNvYama1em04j/ViY/ulpRGg9H3rUH9yDVlnn9uu2F0C4TsMaZEQKoOZYDSRy/Dg79 vME9eYoGUbnHMUqpL0u3+hEZZdUAfHPZcyLGYo4ahcDHRNjbgvrHGP65Xkrhaw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=D+tFGStkyju+xTwo19bkVzFuNowP5SRhznp5jZXaJQo=; b=FtvQylcpCTPAC6mqvRddJyq//EGoMxXEfp/6aFR56q1Hsp7NmT8WBeWEj9nBoqtDOOUoPR 4vI2OFPfU13coYCg== Date: Thu, 05 Mar 2026 08:11:57 +0100 Subject: [PATCH v2 7/8] sign-file: use 'struct module_signature' from the UAPI headers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-7-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=2604; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=M41jEYdsfnsqEnfdtlrISVzlWoWoJRh8+lq5aeoW4ys=; b=onfaK7ADGnAWh9Qc4IH87fGmAxSnXANZE2WnC5cDFLAigmMHJmFTrWdKCLvdjGL0/3icU1FTo LUpYJBNrWwpCge3FAIq4T+mq0mLJyxHHildswy9xFOy2zj9plv2YjCx X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Now that the UAPI headers provide the required definitions, use those. Some symbols have been renamed, adapt to those. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- scripts/Makefile | 1 + scripts/sign-file.c | 19 ++++--------------- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/scripts/Makefile b/scripts/Makefile index 0941e5ce7b57..3434a82a119f 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -35,6 +35,7 @@ HOSTCFLAGS_sorttable.o =3D -I$(srctree)/tools/include HOSTLDLIBS_sorttable =3D -lpthread HOSTCFLAGS_asn1_compiler.o =3D -I$(srctree)/include HOSTCFLAGS_sign-file.o =3D $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2>= /dev/null) +HOSTCFLAGS_sign-file.o +=3D -I$(srctree)/tools/include/uapi/ HOSTLDLIBS_sign-file =3D $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /de= v/null || echo -lcrypto) =20 ifdef CONFIG_UNWINDER_ORC diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 73fbefd2e540..86b010ac1514 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -40,19 +40,7 @@ #endif #include "ssl-common.h" =20 -struct module_signature { - uint8_t algo; /* Public-key crypto algorithm [0] */ - uint8_t hash; /* Digest algorithm [0] */ - uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ - uint8_t signer_len; /* Length of signer's name [0] */ - uint8_t key_id_len; /* Length of key identifier [0] */ - uint8_t __pad[3]; - uint32_t sig_len; /* Length of signature data */ -}; - -#define PKEY_ID_PKCS7 2 - -static char magic_number[] =3D "~Module signature appended~\n"; +#include =20 static __attribute__((noreturn)) void format(void) @@ -197,7 +185,7 @@ static X509 *read_x509(const char *x509_name) =20 int main(int argc, char **argv) { - struct module_signature sig_info =3D { .id_type =3D PKEY_ID_PKCS7 }; + struct module_signature sig_info =3D { .id_type =3D MODULE_SIGNATURE_TYPE= _PKCS7 }; char *hash_algo =3D NULL; char *private_key_name =3D NULL, *raw_sig_name =3D NULL; char *x509_name, *module_name, *dest_name; @@ -357,7 +345,8 @@ int main(int argc, char **argv) sig_size =3D BIO_number_written(bd) - module_size; sig_info.sig_len =3D htonl(sig_size); ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); - ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest= _name); + ERR(BIO_write(bd, MODULE_SIGNATURE_MARKER, sizeof(MODULE_SIGNATURE_MARKER= ) - 1) < 0, + "%s", dest_name); =20 ERR(BIO_free(bd) !=3D 1, "%s", dest_name); =20 --=20 2.53.0 From nobody Thu Apr 9 23:24:21 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C41B932B989; Thu, 5 Mar 2026 07:11:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694721; cv=none; b=OCzMp4ij6wXFt51gd+3HDr0AkvpcAB6PN30xYhS4bo+KzAFiqPbgDVJXFSdU86kdxZ/OVZC7XldS0SPwl73jHZhiCHSDcH3nwst3ycKXY6FcCJ4eAhR6aRrAXGQ83Dvc+W3I7kkX1JZnMMBRk0H1T/iO+9CMw/fdoTBCJX5WI98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772694721; c=relaxed/simple; bh=MilPBKT5qdBGv3KAqViaqGXVrPTSiq77sK756EO+4xk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RE6ynkjk30u2qFijYKbXzy+yiGPXpCiypoEulBeYp9EYr5BLz7oVH5vtveByQyuzi0Ca/K6cdcBjITYlcvMmgd+3pfOjzj/2is/hbx9UfncYQme+mz7n0pSIjWXI1Eyr76/xFfTkdd/9Y4RLoLfoD/pd31yQrUMzBzsLY98AGxc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=DS1AH48t; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=j4+Kz4fq; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="DS1AH48t"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="j4+Kz4fq" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772694718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+RqUxSzmka9uuI1Wx1AJs8zJfLvQqhjOS+vbWhu9tD0=; b=DS1AH48tfugFJcWdxt+ntxub/fGyGX9FkpjLo0CJZeh/DwiZiPwPzFkUQjX9eixu4qa4Z1 4+n/HmA6OQAT5bE72jpECNB6CvImHVYjhnrrPsSe5wKW4j0GZ5zw/sTjRBUbznTHu7X7O7 4KB7lZChdL7BYF5Ac4nX3n97YxL44/rh7bJAh8rdyVVub+M8pcpuyFITzQECESW0XyMI+z LH9XDOcEFSmM0bnvL7hJ3O0RzD12zwrheNTCTsEBprVqHNrZpK8cyKKNJoGih5ciMWGL0f jpoJOGJAlQDUYWwdB4dyCBB4TDAbMophYuff2+Zhw1ExctzO+x5Zh8MRbVY3+Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772694718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+RqUxSzmka9uuI1Wx1AJs8zJfLvQqhjOS+vbWhu9tD0=; b=j4+Kz4fq6lQ/WAEovs2DrNNpIYCrkmQ1vXjADMdGWbWe//WpJ9tet50SZDwe5Ow0y308oI WKclOAnQM4JltQBQ== Date: Thu, 05 Mar 2026 08:11:58 +0100 Subject: [PATCH v2 8/8] selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v2-8-dc4d81129dee@linutronix.de> References: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v2-0-dc4d81129dee@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772694712; l=2348; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=MilPBKT5qdBGv3KAqViaqGXVrPTSiq77sK756EO+4xk=; b=Y630crB86kIbqRltJn2BQgjYutCB5syuG9sQtPZvqCzlVINSBbItuoyZZJcFPjmhBOAlWwlAN rrzsRYozFmcBYiHIDYSmoW64Qvi3e5/0RWDujK3QgSIGuXAXEeF8c8d X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Now that the UAPI headers provide the required definitions, use those. Some symbols have been renamed, adapt to those. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu --- .../selftests/bpf/prog_tests/verify_pkcs7_sig.c | 28 +++---------------= ---- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c b/to= ols/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c index 4d69d9d55e17..f327feb8e38c 100644 --- a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c +++ b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c @@ -18,6 +18,7 @@ #include #include #include +#include #include =20 #include "test_verify_pkcs7_sig.skel.h" @@ -33,29 +34,6 @@ #define SHA256_DIGEST_SIZE 32 #endif =20 -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" - -/* - * Module signature information block. - * - * The constituents of the signature section are, in order: - * - * - Signer's name - * - Key identifier - * - Signature data - * - Information block - */ -struct module_signature { - __u8 algo; /* Public-key crypto algorithm [0] */ - __u8 hash; /* Digest algorithm [0] */ - __u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ - __u8 signer_len; /* Length of signer's name [0] */ - __u8 key_id_len; /* Length of key identifier [0] */ - __u8 __pad[3]; - __be32 sig_len; /* Length of signature data */ -}; - struct data { __u8 data[MAX_DATA_SIZE]; __u32 data_len; @@ -215,7 +193,7 @@ static int populate_data_item_mod(struct data *data_ite= m) return 0; =20 modlen =3D st.st_size; - marker_len =3D sizeof(MODULE_SIG_STRING) - 1; + marker_len =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; =20 fd =3D open(mod_path, O_RDONLY); if (fd =3D=3D -1) @@ -228,7 +206,7 @@ static int populate_data_item_mod(struct data *data_ite= m) if (mod =3D=3D MAP_FAILED) return -errno; =20 - if (strncmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len)) { + if (strncmp(mod + modlen - marker_len, MODULE_SIGNATURE_MARKER, marker_le= n)) { ret =3D -EINVAL; goto out; } --=20 2.53.0