Xen project Mailing List

Re: [PATCH v2 2/5] livepatch: Embed public key in Xen

To: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>

Date: Sun, 18 May 2025 13:58:06 +0200

Cc: Kevin Lampis <kevin.lampis@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Sun, 18 May 2025 11:58:22 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 15.05.2025 11:38, Ross Lagerwall wrote: > --- a/xen/crypto/Makefile > +++ b/xen/crypto/Makefile > @@ -1,2 +1,15 @@ > obj-y += rijndael.o > obj-y += vmac.o > + > +obj-$(CONFIG_PAYLOAD_VERIFY) += builtin_payload_key.o For new files please prefer dashes over underscores in their names. > +ifeq ($(CONFIG_PAYLOAD_VERIFY),y) This isn't needed, is it? > +key_path := $(objtree)/$(patsubst "%",%,$(CONFIG_PAYLOAD_VERIFY_KEY)) Since they can be used there, dashes imo also want preferring for new make variables (unless they need exporting to the shell). > @@ -143,6 +144,11 @@ struct payload; > int revert_payload(struct payload *data); > void revert_payload_tail(struct payload *data); > > +#ifdef CONFIG_PAYLOAD_VERIFY > +/* The public key data contained with Xen used to verify payload signatures. > */ > +extern const uint8_t __initconst xen_livepatch_key_data[]; Nit: Section placement annotations are generally meaningless on declarations, and hence want omitting from there. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.