|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2 4/5] livepatch: Load built-in key during boot
On 15.05.2025 11:38, Ross Lagerwall wrote:
> @@ -73,6 +75,10 @@ static struct livepatch_work livepatch_work;
> static DEFINE_PER_CPU(bool, work_to_do);
> static DEFINE_PER_CPU(struct tasklet, livepatch_tasklet);
>
> +#ifdef CONFIG_PAYLOAD_VERIFY
> +static struct rsa_public_key builtin_payload_key;
__read_mostly or even __ro_after_init?
> @@ -2287,6 +2293,31 @@ static void cf_check livepatch_printall(unsigned char
> key)
> spin_unlock(&payload_lock);
> }
>
> +static int __init load_builtin_payload_key(void)
> +{
> +#ifdef CONFIG_PAYLOAD_VERIFY
> + const uint8_t *ptr;
> + uint32_t len;
> +
> + rsa_public_key_init(&builtin_payload_key);
> +
> + ptr = xen_livepatch_key_data;
> +
> + memcpy(&len, ptr, sizeof(len));
Doesn't this (and the similar one further down) need to be an endian-
ness conversion? In fact, seeing how the data is being built, it's
not really clear to me what endian-ness the field would be written
in, when build host and target host endianness differ.
> + ptr += sizeof(len);
> + builtin_payload_key.n = mpi_read_raw_data(ptr, len);
Whether there are endianness concerns here I also don't know.
> @@ -2305,6 +2336,11 @@ static struct notifier_block cpu_nfb = {
> static int __init cf_check livepatch_init(void)
> {
> unsigned int cpu;
> + int err;
> +
> + err = load_builtin_payload_key();
> + if (err)
Nit (style): Missing blanks.
Jan
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |