From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CF2A377EDE; Thu, 5 Mar 2026 09:31:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703102; cv=none; b=U0h/SE4L/GN+DQV+KLHIBVnp6fmdRBjobKE8rb+R3MPBc/YgeRw2RkCLfr5DL4tj/5aSLWCXAwu5hZSZgP9r2MvB/UoXXdm87TmFTVVNj0UBkcMFUHU7xcGy5ZUXIE/y1rP8M5wF6wvDc3F73SIZsL0sjjwlPsf9kD/QUTwiwoM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703102; c=relaxed/simple; bh=C5+VU6Rj3AzAAjH6qgyvpICOEokAeHvmCW4pKOiv3Qo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GAhTJZQfjwzdGATF0PIzcu4NVsyAc35FBfRA1NwcVXYCJdlrN/ZTDtNvHFvsfBTWw7yz3GEQr6QnIJHpbHp51n2BwFBOOFuvZdgjasKJm9jjVrG1a61q9wJ/d2t0FIZCgcFHHQivqEOacKVwTDCeF2FKzVdXL0XELmgWtF6vccE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=1uaGiMq3; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=G3rL3M2b; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="1uaGiMq3"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="G3rL3M2b" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/RkkBJiLBbpdzJTeKxKjRuAgXGRoNTF0V2kg5fwbGXY=; b=1uaGiMq3LW62FBk9XwoYATpqAuNHEc/mM8LNzqJrSfMsiO9MRbKrlmqsJVfSwc9JlAbRmM OFyhwYQYu774VZlKg/HNx43TkEGaJ2f2HZRm/gMVqtA/cbM1VPEwq/gC+kgkDw3StAtLsx GHHaW71Tm5Zj6ATD5IvEdbVyyTHaQ9RfRvpdgOEqgWOvO9FqyX5Zxq+43rOnxwY68D+rYR wALdTPr+czhyaSXtxo5jPD+G1i9zNe3hUa+vOxEP7geYq+rFP9o+oMlKXS4VvVKyCUb8wi DIJDMWGF8uTtdOgsY+A/fLQdvElu4RWoMKkTH1oKSvZrWO2fk9eULb2FxqBnHg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/RkkBJiLBbpdzJTeKxKjRuAgXGRoNTF0V2kg5fwbGXY=; b=G3rL3M2bfizah86sbTqKp8jffkCpxCcprizYiOCkf31x0EegXs/86aP/gr7fnNeFOGpKUK 6I2mj70aqLlzKdCQ== Date: Thu, 05 Mar 2026 10:31:37 +0100 Subject: [PATCH v3 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-1-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=672; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=C5+VU6Rj3AzAAjH6qgyvpICOEokAeHvmCW4pKOiv3Qo=; b=pIjGK+briiE9TtnOmCpm9x1TOsm+6Ad8yo4WKjZDjFB33p/OUNPrIFjya2Qo8AMfNXZZ7/ent 2WeSIn7hyFmAHseNuO37wsLhb2f7Lwkakn9U8EsQrx878sxHAcaf8pZ X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This definition duplicates a definition from an internal kernel header which is going to be renamed. To get rid of an instance of the old name, drop the definition. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- certs/extract-cert.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/certs/extract-cert.c b/certs/extract-cert.c index 7d6d468ed612..8c762f908443 100644 --- a/certs/extract-cert.c +++ b/certs/extract-cert.c @@ -33,8 +33,6 @@ #endif #include "ssl-common.h" =20 -#define PKEY_ID_PKCS7 2 - static __attribute__((noreturn)) void format(void) { --=20 2.53.0 From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DB873783C2; Thu, 5 Mar 2026 09:31:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703103; cv=none; b=P0Zlo+7lpyhRWet64VP/dZI2VqRiqB9Lc+w5CgKfk5BkORfc1W/YNoSrXqUhBOR0RqgTZmzgU31QX0+506zdEKcQ7EKU70seZhA33je99zdHs63DJSb/NZuMfQG8I5ax0coGJu/3mzNSeumkNyX7oH4Ry9p7nVSQs4QQ5FjQ55w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703103; c=relaxed/simple; bh=IMnfzkWW/lJ2khnY0abUgZ3GDYlJP3VKRnu8Fk7kfi8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=K5eRfThRwWZ37rBFDTMUmmuUsa95ijx7XDY9GNlDPAIXAdxkGUqeXwxkv7ZWICAmzQf47I7O7gvvXkkyw4K+FVjHiD/3mkG+8ACMLCWEV6PQcVPWsY5UYz4/xt7Ubgghptrf5OxynoVevM7kXqFQ0qG08MeyP/YjRKakpP1DuhM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=PnQ3LNjD; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=/KDM6B8o; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="PnQ3LNjD"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="/KDM6B8o" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gpj/sYIOmRFElLcGAt+aF/dk/ZrzzTgowa10UT0Mh2U=; b=PnQ3LNjDDM9AOYAceTGYkJckUE5vLvrzBfzrViI4FDWQ8JzWZaqskLq9Fn3hTKgTpACxY6 73Fn+PiO+o8VsENrUviCEM9z7A6kLmi2V2KtbYC4vdqGUMWM9mYXa75FMxUT/L//FwrOyk Bh/tzW83GtTkZOLxSlQNbgzHR2EBdiUjv0YxtJWk8pEjifeQAs99nT4t2wlRNuv5keWlTD FqoC3RdISnlCj2roTb/tZWy3Zoxsy9BHVAbaYDIURsGRNgK05Rt+5jX5lwlWM+vAUr+mr6 GzKFqzyokhAQWyDS++WiGyuExrBoR968T4i09ae+e0H4PQlzkt1CNuzbGN4bBw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gpj/sYIOmRFElLcGAt+aF/dk/ZrzzTgowa10UT0Mh2U=; b=/KDM6B8oJBfLT4R0mui9aSxCBbl3k2h69LrSyjakw+gR3gRs1Bh97ONgLE2hZo9Fdzcn3D qdMyOa/l5mDs+8CQ== Date: Thu, 05 Mar 2026 10:31:38 +0100 Subject: [PATCH v3 2/8] module: Drop unused signature types Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-2-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=911; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=IMnfzkWW/lJ2khnY0abUgZ3GDYlJP3VKRnu8Fk7kfi8=; b=jdeub1AAl1IXbevkTb6qgPF8dFSExg2I1+ibwXHOSYd+c7oICoIgnntp1EXIq61M/Uhjjoc/Y a1TkgI6LMhQBWIyBWzWhEs3H4Z2BiS4p4/N32VY9rFYiguIJGBP0P52 X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Only PKCS#7 signatures are used today. Remove the unused enum values. As this enum is used in on-disk data, preserve the numeric value. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- include/linux/module_signature.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 7eb4b00381ac..820cc1473383 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -15,9 +15,7 @@ #define MODULE_SIG_STRING "~Module signature appended~\n" =20 enum pkey_id_type { - PKEY_ID_PGP, /* OpenPGP generated key ID */ - PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ - PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ + PKEY_ID_PKCS7 =3D 2, /* Signature in PKCS#7 message */ }; =20 /* --=20 2.53.0 From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 143D93793DF; Thu, 5 Mar 2026 09:31:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703104; cv=none; b=i+fFyiqaB0SFOs7jqAlbwGjolRuVTSQTstjSaIf+SCWSdMnr7BU/i1lzVVyKdUuVJpW3bQXR8pTBa2zfMv4Q25Ywek92JP3vOs9irIEUnVkUUlRdoX3EZXUImHpVdL590GDb/USQRaFf2I0W3Y6ssEeTPSr7h00PHu/+02gZsgc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703104; c=relaxed/simple; bh=0hFooFnHCbtyEcdlys+/j5z4JpvnkphkvXvFV2sQM+I=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=HQkVsYQU1jEIcqgSlzOI4osApzzGkI/G4yACrgdvSBwjBqCoCxsjL45OESec3KhwKKjv9opRB8ebEBxKnkxGT7d4UEHX9m033nu/NrC37tFLVbKZfw55H6vOw7BftWTmjqFDjOdx/T59+dJlojxSte9cVuK2+U8iNoup0aUD6fc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=Rkwg3vMe; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=jUuDjNzL; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="Rkwg3vMe"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="jUuDjNzL" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x6XHgze9+I6IR83T3SKiAcKjzRKh0KdaqB85aJ6dP2A=; b=Rkwg3vMe0MdC4gCfoVcSaZ5mWzBA6e5fHnxcekhw4iwMzUVWl32e1PC3XzgSUpaiHOvoWw 0TFmeUT+/RGqCkgI7WzgAAyGldAbqHL9XYTAijBPVJ8Fe4adQZhQsS+qke4plk6azPNwJj Il2WGcv01OImKm3SXeLVWNoMDkfZwiSmZdog+Du0HvOGVBWz1nXZtYJXl1PqwXg/Del1UD 2sGpYcIPawo327OK4rzdagdByOvfss4Me/3Yjr2kcltD3DLz3/b+Vr6FNfQ25gQC16W/87 XFdWFXQCURmcPRYpGc4QaxoqN6/2M9Wzeua1L1Dhqyowu24mC0RtusQd0m5nGw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x6XHgze9+I6IR83T3SKiAcKjzRKh0KdaqB85aJ6dP2A=; b=jUuDjNzLt7wNfbxIsR62LomJW5Z2p3D2kmdhPpjaGB8leG+dwpENJ+OFaRAiSQ5S/kitRM eo1f5EsCa/2UFHCA== Date: Thu, 05 Mar 2026 10:31:39 +0100 Subject: [PATCH v3 3/8] module: Give 'enum pkey_id_type' a more specific name Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-3-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=2573; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=0hFooFnHCbtyEcdlys+/j5z4JpvnkphkvXvFV2sQM+I=; b=I179R6lUtQ1nbxaFgmpBytrX1gCYbvpwbGNMLJwpi0SzxXE7PVvvoQ/NMY4YlPzjP2MXAwzul r65clbK6k+nDlFG3dc0xtQWLIuNCYXbeK4ieCKY6hA8uJG2PHaxt3Kp X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This enum originates in generic cryptographic code and has a very generic name. Nowadays it is only used for module signatures. As this enum is going to be exposed in a UAPI header, give it a more specific name for clarity and consistency. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- arch/s390/kernel/machine_kexec_file.c | 2 +- include/linux/module_signature.h | 6 +++--- kernel/module_signature.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machi= ne_kexec_file.c index 1bf59c3f0e2b..667ee9279e23 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -53,7 +53,7 @@ int s390_verify_sig(const char *kernel, unsigned long ker= nel_len) return -EKEYREJECTED; kernel_len -=3D sig_len; =20 - if (ms->id_type !=3D PKEY_ID_PKCS7) + if (ms->id_type !=3D MODULE_SIGNATURE_TYPE_PKCS7) return -EKEYREJECTED; =20 if (ms->algo !=3D 0 || diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 820cc1473383..c3a05d4cfe67 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -14,8 +14,8 @@ /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ #define MODULE_SIG_STRING "~Module signature appended~\n" =20 -enum pkey_id_type { - PKEY_ID_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ }; =20 /* @@ -31,7 +31,7 @@ enum pkey_id_type { struct module_signature { u8 algo; /* Public-key crypto algorithm [0] */ u8 hash; /* Digest algorithm [0] */ - u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ + u8 id_type; /* Key identifier type [enum module_signature_type] */ u8 signer_len; /* Length of signer's name [0] */ u8 key_id_len; /* Length of key identifier [0] */ u8 __pad[3]; diff --git a/kernel/module_signature.c b/kernel/module_signature.c index 00132d12487c..a0eee2fe4368 100644 --- a/kernel/module_signature.c +++ b/kernel/module_signature.c @@ -24,7 +24,7 @@ int mod_check_sig(const struct module_signature *ms, size= _t file_len, if (be32_to_cpu(ms->sig_len) >=3D file_len - sizeof(*ms)) return -EBADMSG; =20 - if (ms->id_type !=3D PKEY_ID_PKCS7) { + if (ms->id_type !=3D MODULE_SIGNATURE_TYPE_PKCS7) { pr_err("%s: not signed with expected PKCS#7 message\n", name); return -ENOPKG; --=20 2.53.0 From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B5E3379964; Thu, 5 Mar 2026 09:31:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703105; cv=none; b=Bv/E37UKhH+l5aUgAGLH8Yg9FQiggMAAtzsNz/pJ22ZlYAcIHqyaF1Xn6O2lXQEL2d/XhZVA6tCI9zaW+Br/lXhGCLfWKJzqSvKQ8p5JDxLK1TH+gK7Nv+x5RaXbmD084l/DutD5icwkpeJWEhG4irkIDFCEC3VGUMJjQagP9uM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703105; c=relaxed/simple; bh=lm2zdd1A7Pa39t7QGFEXw1w4jepGk8HgTJnI9lzo6So=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mc6ctPZ/hoHZ6ev59dABLbqI/TLdlXtO/L+Qnv/67QCLXQAMkr0fyv9O2f+GEOzkLRJFiwNCtbRWS6VX7/X0Gm5asY6Lps8Ir4k8eNESmRGIS72jHxZnpYvDTWHRJLjyFsBF2bQzDQkTxGJsE4QpxAGsnYBFEHzq5mEy74DrOPA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=HQXldCJK; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=CQopPuU3; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="HQXldCJK"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="CQopPuU3" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hyqXPUmQIvIGFxEm9KyWySX9eEIsRTDaevUpvtqQ49Y=; b=HQXldCJKBopciJJU+DV8+MAPdJggkbPh1WBCLiDKu+e3q8cVK5mDQe3Wu+nYYFerejQ/qP RWxY00Hob1EbR52b/16T0xv6k39VGwbMSnS9LHFDsnAjXllMhvsE0mstuwIywW/uhvK/r6 wTwoNzOl3wmCTgC32JboFjhF17ojzK87fFZAeG3VswqlFvOegQUB3jLdLqyJSfOTei5wjR DZFfSygIjR0xopVqVlskg7+K9ArWHCsBhKkqpkJ4O6p4COTrDV37qnuEygOl67Rs4kckRn uUdwK1mdlJ4NHNyohf7+oSIpgfo/CT8THgZEW9p4OzFkxDVIUpQv+FLfuWPRgw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hyqXPUmQIvIGFxEm9KyWySX9eEIsRTDaevUpvtqQ49Y=; b=CQopPuU3AdYl2LqSGzDjjai3LKmS7YNmQDXWmFrAnBVf8zHW//he9ZbZb0gDcfgMFxmLyU p48VB+euebaEHuCw== Date: Thu, 05 Mar 2026 10:31:40 +0100 Subject: [PATCH v3 4/8] module: Give MODULE_SIG_STRING a more descriptive name Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-4-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=4511; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=lm2zdd1A7Pa39t7QGFEXw1w4jepGk8HgTJnI9lzo6So=; b=e3e9L+FWnQFwvrCqH7CB0rUMPbEx0o4jOqzW32qzQjv3wWsUhb+daaheCsbjc8rNrwP/T6+Ja EHncLNu0gGmArtq4Q6j42QGWBq3gNPrsqbigZ9tlEI/FKIKP6hd1GV8 X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= The purpose of the constant it is not entirely clear from its name. As this constant is going to be exposed in a UAPI header, give it a more specific name for clarity. As all its users call it 'marker', use that wording in the constant itself. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- arch/s390/kernel/machine_kexec_file.c | 4 ++-- include/linux/module_signature.h | 2 +- kernel/module/signing.c | 4 ++-- security/integrity/ima/ima_modsig.c | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machi= ne_kexec_file.c index 667ee9279e23..6f0852d5a3a9 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = =3D { #ifdef CONFIG_KEXEC_SIG int s390_verify_sig(const char *kernel, unsigned long kernel_len) { - const unsigned long marker_len =3D sizeof(MODULE_SIG_STRING) - 1; + const unsigned long marker_len =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; struct module_signature *ms; unsigned long sig_len; int ret; @@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long ker= nel_len) if (marker_len > kernel_len) return -EKEYREJECTED; =20 - if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING, + if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER, marker_len)) return -EKEYREJECTED; kernel_len -=3D marker_len; diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index c3a05d4cfe67..915549c779dc 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -12,7 +12,7 @@ #include =20 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" =20 enum module_signature_type { MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ diff --git a/kernel/module/signing.c b/kernel/module/signing.c index a2ff4242e623..590ba29c85ab 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *inf= o) int module_sig_check(struct load_info *info, int flags) { int err =3D -ENODATA; - const unsigned long markerlen =3D sizeof(MODULE_SIG_STRING) - 1; + const unsigned long markerlen =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; const char *reason; const void *mod =3D info->hdr; bool mangled_module =3D flags & (MODULE_INIT_IGNORE_MODVERSIONS | @@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags) */ if (!mangled_module && info->len > markerlen && - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) =3D= =3D 0) { + memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerle= n) =3D=3D 0) { /* We truncate the module to discard the signature */ info->len -=3D markerlen; err =3D mod_verify_sig(mod, info); diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/i= ma_modsig.c index 9aa92fd35a03..632c746fd81e 100644 --- a/security/integrity/ima/ima_modsig.c +++ b/security/integrity/ima/ima_modsig.c @@ -40,7 +40,7 @@ struct modsig { int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, struct modsig **modsig) { - const size_t marker_len =3D strlen(MODULE_SIG_STRING); + const size_t marker_len =3D strlen(MODULE_SIGNATURE_MARKER); const struct module_signature *sig; struct modsig *hdr; size_t sig_len; @@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf,= loff_t buf_len, return -ENOENT; =20 p =3D buf + buf_len - marker_len; - if (memcmp(p, MODULE_SIG_STRING, marker_len)) + if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len)) return -ENOENT; =20 buf_len -=3D marker_len; @@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const vo= id *buf, loff_t size) * Provide the file contents (minus the appended sig) so that the PKCS7 * code can calculate the file hash. */ - size -=3D modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) + + size -=3D modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) + sizeof(struct module_signature); rc =3D pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size); if (rc) --=20 2.53.0 From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDC8337AA76; Thu, 5 Mar 2026 09:31:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703107; cv=none; b=EXld9y+14/V/i62McgSRrCShFf3KjDFBgePlUh+RpGD+D0iqp9cz5s8/8Ce6d2Rq+ODjODf5H0uMDCHoFkaQN24CfHAC+5qLOzrtrVa8SdH7kM6wqbZHeRp7ka4ESCx8g+cWyMkMTp+fv7qqLUdSimkpDI4zAU32WhHMmSs4HQI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703107; c=relaxed/simple; bh=82oL3WtgAN64LHuHNcsjPBuF0YKIbNmJsitQ2BVqkYo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=X+PWn0BNH1MuaR423Ic2tGhczasLoWWBXeterYnsYLVkh3i0JPwLyUHK5Dqq2rB4YpaSL/c6QwNh7dw53qE4jCSIlNwgzbbjN5+4npWQkXlANMEVVZFXn4kJGWA90AjpNX5DPam3bmh/DeOWxRaDLRfHveajXnj8T9x3qGvIn6Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=a1wtCuT4; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=oIH8L7Ca; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="a1wtCuT4"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="oIH8L7Ca" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J9omS7dgQ8BXV+q++KcFWhKgcxzIXmvC9J+vXgoKmAc=; b=a1wtCuT4kbdfqFBMSFsUN/+Jv5gS3A2ijamCz78QGDuVJjgfBMTOyfhSF2b6QXP7pfEKDg DHXnQU+6pyFD5fDlttMREOvNCk3vjh2K9nY0gvjY7O90DFjTCB/SbgOZz0AkXPLZmzAQmu HOZ/OIJkIEGjBddrtpM2cS2diZcpOMKhC1RDLGdrKuJNsiVMWPt5oVVy25kA/4kV/cvzwR ppkqPQD9IGWYFzHP4pIn5rukSpn5n/eIfcOzUwkFW4ok7PuEEb8RGwz2k73wVz7H+U1Ucu s4aRvqF7FYuqgxRnSfLGGGciWSTIR4ZoVnAiBGoaETIuZwGSQoVe9l6NVKGamw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J9omS7dgQ8BXV+q++KcFWhKgcxzIXmvC9J+vXgoKmAc=; b=oIH8L7Ca04BHMvndYJhlfynKj/xQQIXNBQI1L9G8ANj4P5hJK9BKK6DPvvhg9jaW2N1+8p v87O6WFnnBevDACg== Date: Thu, 05 Mar 2026 10:31:41 +0100 Subject: [PATCH v3 5/8] module: Move 'struct module_signature' to UAPI Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-5-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=3350; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=82oL3WtgAN64LHuHNcsjPBuF0YKIbNmJsitQ2BVqkYo=; b=b7OnbRvjkCM/Ukho8W12uwactly22IwUxgp+MCGw8str44A0U30SwJC1GT+wl2r5nicWUr7Nm KMoqSDIWDg0C38kZW5Q61vEJQwBqNNdxuZQcONaPYuuBQXANJZTkQoQ X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This structure definition is used outside the kernel proper. For example in kmod and the kernel build environment. To allow reuse, move it to a new UAPI header. While it is not a true UAPI, it is a common practice to have non-UAPI interface definitions in the kernel's UAPI headers. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- include/linux/module_signature.h | 28 +----------------------- include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++++= ++++ 2 files changed, 42 insertions(+), 27 deletions(-) diff --git a/include/linux/module_signature.h b/include/linux/module_signat= ure.h index 915549c779dc..db335d46787f 100644 --- a/include/linux/module_signature.h +++ b/include/linux/module_signature.h @@ -10,33 +10,7 @@ #define _LINUX_MODULE_SIGNATURE_H =20 #include - -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" - -enum module_signature_type { - MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ -}; - -/* - * Module signature information block. - * - * The constituents of the signature section are, in order: - * - * - Signer's name - * - Key identifier - * - Signature data - * - Information block - */ -struct module_signature { - u8 algo; /* Public-key crypto algorithm [0] */ - u8 hash; /* Digest algorithm [0] */ - u8 id_type; /* Key identifier type [enum module_signature_type] */ - u8 signer_len; /* Length of signer's name [0] */ - u8 key_id_len; /* Length of key identifier [0] */ - u8 __pad[3]; - __be32 sig_len; /* Length of signature data */ -}; +#include =20 int mod_check_sig(const struct module_signature *ms, size_t file_len, const char *name); diff --git a/include/uapi/linux/module_signature.h b/include/uapi/linux/mod= ule_signature.h new file mode 100644 index 000000000000..634c9f1c8fc2 --- /dev/null +++ b/include/uapi/linux/module_signature.h @@ -0,0 +1,41 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + */ + +#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H +#define _UAPI_LINUX_MODULE_SIGNATURE_H + +#include + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" + +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + __u8 algo; /* Public-key crypto algorithm [0] */ + __u8 hash; /* Digest algorithm [0] */ + __u8 id_type; /* Key identifier type [enum module_signature_type] */ + __u8 signer_len; /* Length of signer's name [0] */ + __u8 key_id_len; /* Length of key identifier [0] */ + __u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ +}; + +#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */ --=20 2.53.0 From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFFC737AA78; Thu, 5 Mar 2026 09:31:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703106; cv=none; b=nFDAK4ftoCBgcFgu0uwphRsf5zVA0n103xUr04JyxuoTAmrVqpIJKtqhmE2nQLnuMqI7BLpZoxtGDtVQ5Zxx4wn2WQAZ3pBX2NL7aPD/7LAaxAEz22sqGhtlLQBdm+TwyFNj6MKOFwb+Bxo6/5417WZma7F0WvM2Khokm+gAi5U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703106; c=relaxed/simple; bh=tKTmRc6HrP6/OQRgSe9OxodcJLXzMpfhw17bqU4f6CI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=peNvCyPa2cSoJUD28KtjZnY/bMVysparMoFNjWSaYUhxniP1XhT2OO5vA7exBurRP26dL7bE6O49Lo7pdTuCsuftq1J0FjZfGaIPJe1Lefsx+Va4DyC/84AhPH+3o/QA4pXGl9D2J9N2PAQc9dhVDe904XOa3XlVe0DhbpYL0uc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=2q0tqhpH; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=u2BNmBaj; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="2q0tqhpH"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="u2BNmBaj" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZMGtWqBpnjIDTR6LwAmpIJP3Qy4dhjS1J0sd7mm9aeM=; b=2q0tqhpHSQ7pyhJqjKNNDuHQhCEEhWAhou5DUBBj+SxPyKXHKCZVJyyY+AEs9gEHFixKUv 64JQkBnlsbKEqpSEOvVrmHiMW1F9CZHB7wLoGXBvmYGk3TH6YlFxZZfQs5+iVnwGpPNzwl QwZCnMvB4NCqEfMzkYo1Zd30wVfcsBRbOZx+OW0wt53KKZCHoEk2o+96QoGHCBqQJAzDH4 EMA24kZJBQVKF49oTNEJcQPxGau37YJ2I3Acn2lE8yS51ko33SFJVAqjt1ErauDxLOPzUs ESPSWahMb5V58sfHU2tTzCJ8fAsUdf/we1e2gno3bQTDWaJAjuDVjo72Z2cmIw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZMGtWqBpnjIDTR6LwAmpIJP3Qy4dhjS1J0sd7mm9aeM=; b=u2BNmBajX+Bc2va3ByC4+zg2NFcD2PhiKSxYLWK768rveJGiJpCuI3NnFrgHMoaBzufHbO IyUQz+I7Ub+HzKCA== Date: Thu, 05 Mar 2026 10:31:42 +0100 Subject: [PATCH v3 6/8] tools uapi headers: add linux/module_signature.h Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-6-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=1785; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=tKTmRc6HrP6/OQRgSe9OxodcJLXzMpfhw17bqU4f6CI=; b=6okz7H5JeywVCnE7bUZrCe9AgS1uJ6mwkeuil3PLFb3vxveVwTbPuI95Dm5erhFwiWK6RKhUc GaJuJnTTdvsDCLpSsFbjySD4CYwEz7DnHRN/ooZ1gxPAeIz5Ak7qNdd X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= This header is going to be used from scripts/sign-file. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- tools/include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++= ++++ 1 file changed, 41 insertions(+) diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/ua= pi/linux/module_signature.h new file mode 100644 index 000000000000..634c9f1c8fc2 --- /dev/null +++ b/tools/include/uapi/linux/module_signature.h @@ -0,0 +1,41 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + */ + +#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H +#define _UAPI_LINUX_MODULE_SIGNATURE_H + +#include + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n" + +enum module_signature_type { + MODULE_SIGNATURE_TYPE_PKCS7 =3D 2, /* Signature in PKCS#7 message */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + __u8 algo; /* Public-key crypto algorithm [0] */ + __u8 hash; /* Digest algorithm [0] */ + __u8 id_type; /* Key identifier type [enum module_signature_type] */ + __u8 signer_len; /* Length of signer's name [0] */ + __u8 key_id_len; /* Length of key identifier [0] */ + __u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ +}; + +#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */ --=20 2.53.0 From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 812C037AA97; Thu, 5 Mar 2026 09:31:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703107; cv=none; b=gTYbp0mQ2QTiSnmpGEhCICal6BwmJtoMoF84zgW7oUFZuAa84dPIYWaH3RYOiUYFtGsFaw1HzQoejBb36+xfdxrKL59HnZ2+1WNRe4ElpHmlJhVyQsWhtINhEtncFh0rWQf3qQe7UlpR15kc0ABslHBQLQ+Kip3GraB+3yuV/0k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703107; c=relaxed/simple; bh=zLOR26cLBLYh5Klh+Pn0d+Hj/jKctPEuA5Lkndxr7M8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ffDQNn6nZ3A+DL6FxaTKRKCsfHA8yY6RTjy+7P+1N+kqe04JzZMQ5arYLD+yTgjh+kDwpxxNt1P+TAs8LmN+QJjlZ/fYStVDp23oCTm8wdN7DJyVSbpk/kkIfADIkzhh6qVqf3RN72aYY5m2MXnnmf7NpHiRrkzMx9U8nnT8jYo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=u4Ey9NAy; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=bEppHdnl; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="u4Ey9NAy"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="bEppHdnl" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=co01dxvIFWtkmzMGUBe0JJ0whr193iX3Ll+T6RjyBMU=; b=u4Ey9NAyGUWhFzkNvW79whLpHoE678j2ZVNI7l110NkoHqN/cvmf1WNc3en60CY14hUlcd kGiibB4af3kjSPeilIZYEZVe6jXa4M/ZzqJ7K24k+SsbED4eMaTIf7dq3jyeqyptm+uzzo pajMZj8GX8f16XWZsq6rPOlGiLslBquq0Rwar2AumaULhH058WMlwnGrQkKGgFr4qf8Ujd JeyEcLkiWaC/LgpXfmVyPchP4j+ox31IW901B3NWKwjirWkOfrbx00ujQHARucnXbzr39h 6qmNSlRU7Ksg/rNroUDh+eKhwj8+sBpNk4i5P/TkWF3Pp4pJLaGRco2c2F7wpA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=co01dxvIFWtkmzMGUBe0JJ0whr193iX3Ll+T6RjyBMU=; b=bEppHdnlxpvy3m7oFR2YBsCtCjTREF5/5uSe5duOhyg3S0XxgXU4LtbYlykc9tTHgO6Ibx csrqBtCXrUrD4UAA== Date: Thu, 05 Mar 2026 10:31:43 +0100 Subject: [PATCH v3 7/8] sign-file: use 'struct module_signature' from the UAPI headers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-7-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=3380; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=zLOR26cLBLYh5Klh+Pn0d+Hj/jKctPEuA5Lkndxr7M8=; b=cbKMWPxLR0aa06YPMJMNH+3sP2FeyyExCNDYs8ZhrAmgMGdFUszFLlFGXUBMFrAX7ZUpY1tuP TT9qQLgbqBID7uuHWdtKTfOJ/DTI7Hziz33pfmvgOnHWrkQKgvv0/7w X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Now that the UAPI headers provide the required definitions, use those. Some symbols have been renamed, adapt to those. Also adapt the include path for the custom sign-file rule in the bpf selftests. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- scripts/Makefile | 1 + scripts/sign-file.c | 19 ++++--------------- tools/testing/selftests/bpf/Makefile | 1 + 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/scripts/Makefile b/scripts/Makefile index 0941e5ce7b57..3434a82a119f 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -35,6 +35,7 @@ HOSTCFLAGS_sorttable.o =3D -I$(srctree)/tools/include HOSTLDLIBS_sorttable =3D -lpthread HOSTCFLAGS_asn1_compiler.o =3D -I$(srctree)/include HOSTCFLAGS_sign-file.o =3D $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2>= /dev/null) +HOSTCFLAGS_sign-file.o +=3D -I$(srctree)/tools/include/uapi/ HOSTLDLIBS_sign-file =3D $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /de= v/null || echo -lcrypto) =20 ifdef CONFIG_UNWINDER_ORC diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 73fbefd2e540..86b010ac1514 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -40,19 +40,7 @@ #endif #include "ssl-common.h" =20 -struct module_signature { - uint8_t algo; /* Public-key crypto algorithm [0] */ - uint8_t hash; /* Digest algorithm [0] */ - uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ - uint8_t signer_len; /* Length of signer's name [0] */ - uint8_t key_id_len; /* Length of key identifier [0] */ - uint8_t __pad[3]; - uint32_t sig_len; /* Length of signature data */ -}; - -#define PKEY_ID_PKCS7 2 - -static char magic_number[] =3D "~Module signature appended~\n"; +#include =20 static __attribute__((noreturn)) void format(void) @@ -197,7 +185,7 @@ static X509 *read_x509(const char *x509_name) =20 int main(int argc, char **argv) { - struct module_signature sig_info =3D { .id_type =3D PKEY_ID_PKCS7 }; + struct module_signature sig_info =3D { .id_type =3D MODULE_SIGNATURE_TYPE= _PKCS7 }; char *hash_algo =3D NULL; char *private_key_name =3D NULL, *raw_sig_name =3D NULL; char *x509_name, *module_name, *dest_name; @@ -357,7 +345,8 @@ int main(int argc, char **argv) sig_size =3D BIO_number_written(bd) - module_size; sig_info.sig_len =3D htonl(sig_size); ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); - ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest= _name); + ERR(BIO_write(bd, MODULE_SIGNATURE_MARKER, sizeof(MODULE_SIGNATURE_MARKER= ) - 1) < 0, + "%s", dest_name); =20 ERR(BIO_free(bd) !=3D 1, "%s", dest_name); =20 diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests= /bpf/Makefile index 6776158f1f3e..2b1080892208 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -270,6 +270,7 @@ $(OUTPUT)/urandom_read: urandom_read.c urandom_read_aux= .c $(OUTPUT)/liburandom_r $(OUTPUT)/sign-file: ../../../../scripts/sign-file.c $(call msg,SIGN-FILE,,$@) $(Q)$(CC) $(shell $(PKG_CONFIG) --cflags libcrypto 2> /dev/null) \ + -I$(srctree)/tools/include/uapi/ \ $< -o $@ \ $(shell $(PKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto) =20 --=20 2.53.0 From nobody Thu Apr 9 23:25:15 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A257137A492; Thu, 5 Mar 2026 09:31:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703107; cv=none; b=uxXEMDETzc1xd8qlETYbVVf8JtGul4SPAmuF7WZPOPjoEACp5wJVca8iVEeIk9zwfGtxOuspUg4BFsn/j1vdGCVbcO6TeL5otV55DqifrYM8OU+d7i17eZpx6d8wAfNXHs5jcYreG2jEoRmXSeN+TsjmkcdvMeZQWMrDIB2OucQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772703107; c=relaxed/simple; bh=MilPBKT5qdBGv3KAqViaqGXVrPTSiq77sK756EO+4xk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=fO1KKUIp2epjBtf92z8DplHqPs0jpVzBuNxYcVFBvuZluC94fe9WLYDV6sYISRxF35Cqlp0BuxZ2TqSsmNnDZHqcPlii9WS18VlVvTxBm0dA1pqHOsmrdUMpPDWUZR1P8mwVj4ITxxBsFnRuL76OFrXNw9/JKs/4XfGNnMiftas= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=p9C5y9rw; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=/OGcQce9; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="p9C5y9rw"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="/OGcQce9" From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1772703103; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+RqUxSzmka9uuI1Wx1AJs8zJfLvQqhjOS+vbWhu9tD0=; b=p9C5y9rwFEmnAp2CGqAtFKMjnqIe1zdQ4+nOtpBSsamNDNzfKJgdqzAeQDDsLd4DJF+kgZ 6sNvKLC3RvhGMB3hVQwOQ6ekuINp+DWT3tlf4gywh84hFHdri/uBlqAJNeU8UFgPnlbnNW EvtRJDgwGFT1FOe57Z5Ea3hK3zv4JW3VUCJ79ZXL9XpWUYFxehI00gpyoMxHx5fUbLqiOM b1X+UVgjJ+fmT1tLUJ98b0nMgyhY5il29ACDOPkGI5fCRopEXXYwtoWpU5UeKzMtwr4rRm bwezwyrPY9P3y/HIfrI1KsUx3TVUwMvGvdIxhHY5SxLrtqgRT7HzC5V4mr+1uQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1772703103; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+RqUxSzmka9uuI1Wx1AJs8zJfLvQqhjOS+vbWhu9tD0=; b=/OGcQce9mannqgNlVUhX9Q2OG9BZlxlgOuGhkqtIhPYabSxY7r4FrUr3NWSidwwpjnL85d IQvqXwinNVdG3rCA== Date: Thu, 05 Mar 2026 10:31:44 +0100 Subject: [PATCH v3 8/8] selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260305-module-signature-uapi-v3-8-92f45ea6028c@linutronix.de> References: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> In-Reply-To: <20260305-module-signature-uapi-v3-0-92f45ea6028c@linutronix.de> To: David Howells , David Woodhouse , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , Paul Moore , James Morris , "Serge E. Hallyn" , Nathan Chancellor , Nicolas Schier , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-s390@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Developer-Signature: v=1; a=ed25519-sha256; t=1772703098; l=2348; i=thomas.weissschuh@linutronix.de; s=20240209; h=from:subject:message-id; bh=MilPBKT5qdBGv3KAqViaqGXVrPTSiq77sK756EO+4xk=; b=rKfAFWzdoNIT7gthnby0DUqAt4PvCm+Oyhh6b2OsiAR4IYV2cjqpGSAzej9eSAFHoarRyr7W8 1JYGHvD0QNQA34xWrSWMB2K3+eZa4zH/T3ZRUnvHW48bm8RU3tfyNrX X-Developer-Key: i=thomas.weissschuh@linutronix.de; a=ed25519; pk=pfvxvpFUDJV2h2nY0FidLUml22uGLSjByFbM6aqQQws= Now that the UAPI headers provide the required definitions, use those. Some symbols have been renamed, adapt to those. Signed-off-by: Thomas Wei=C3=9Fschuh Reviewed-by: Petr Pavlu Reviewed-by: Nicolas Schier --- .../selftests/bpf/prog_tests/verify_pkcs7_sig.c | 28 +++---------------= ---- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c b/to= ols/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c index 4d69d9d55e17..f327feb8e38c 100644 --- a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c +++ b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c @@ -18,6 +18,7 @@ #include #include #include +#include #include =20 #include "test_verify_pkcs7_sig.skel.h" @@ -33,29 +34,6 @@ #define SHA256_DIGEST_SIZE 32 #endif =20 -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" - -/* - * Module signature information block. - * - * The constituents of the signature section are, in order: - * - * - Signer's name - * - Key identifier - * - Signature data - * - Information block - */ -struct module_signature { - __u8 algo; /* Public-key crypto algorithm [0] */ - __u8 hash; /* Digest algorithm [0] */ - __u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ - __u8 signer_len; /* Length of signer's name [0] */ - __u8 key_id_len; /* Length of key identifier [0] */ - __u8 __pad[3]; - __be32 sig_len; /* Length of signature data */ -}; - struct data { __u8 data[MAX_DATA_SIZE]; __u32 data_len; @@ -215,7 +193,7 @@ static int populate_data_item_mod(struct data *data_ite= m) return 0; =20 modlen =3D st.st_size; - marker_len =3D sizeof(MODULE_SIG_STRING) - 1; + marker_len =3D sizeof(MODULE_SIGNATURE_MARKER) - 1; =20 fd =3D open(mod_path, O_RDONLY); if (fd =3D=3D -1) @@ -228,7 +206,7 @@ static int populate_data_item_mod(struct data *data_ite= m) if (mod =3D=3D MAP_FAILED) return -errno; =20 - if (strncmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len)) { + if (strncmp(mod + modlen - marker_len, MODULE_SIGNATURE_MARKER, marker_le= n)) { ret =3D -EINVAL; goto out; } --=20 2.53.0