[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/4] LivePatch signing support

To: Xen-devel <xen-devel@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Date: Tue, 6 May 2025 15:32:12 +0100
Cc: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
Delivery-date: Tue, 06 May 2025 14:32:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Live patch signing support was mentioned as future work in the design
document several years ago. This series finally implements support for
it since it is a requirement of Secure Boot to prevent loading unsigned
code into Xen.

Note that this series depends on another patch that has not yet been
merged:
xen/lib: Export additional sha256 functions
https://lists.xenproject.org/archives/html/xen-devel/2025-05/msg00222.html

Jennifer Herbert (1):
  livepatch: Verify livepatch signatures

Kevin Lampis (1):
  livepatch: Embed public key in Xen

Ross Lagerwall (2):
  docs: Introduce live patch signing
  crypto: Add RSA support

 docs/misc/livepatch.pandoc      |  104 +-
 xen/common/Kconfig              |   18 +
 xen/common/Makefile             |    1 +
 xen/common/livepatch.c          |  175 ++++
 xen/common/livepatch_elf.c      |   55 +
 xen/common/mpi.c                | 1724 +++++++++++++++++++++++++++++++
 xen/crypto/Makefile             |   13 +
 xen/crypto/rsa.c                |  194 ++++
 xen/include/xen/livepatch.h     |    5 +
 xen/include/xen/livepatch_elf.h |   18 +
 xen/include/xen/mpi.h           |   63 ++
 xen/include/xen/rsa.h           |   72 ++
 xen/tools/extract-key.py        |   37 +
 13 files changed, 2427 insertions(+), 52 deletions(-)
 create mode 100644 xen/common/mpi.c
 create mode 100644 xen/crypto/rsa.c
 create mode 100644 xen/include/xen/mpi.h
 create mode 100644 xen/include/xen/rsa.h
 create mode 100755 xen/tools/extract-key.py

-- 
2.49.0

Follow-Ups:
- Re: [PATCH 0/4] LivePatch signing support
  - From: Marek Marczykowski-Górecki
- [PATCH 3/4] livepatch: Embed public key in Xen
  - From: Ross Lagerwall
- [PATCH 2/4] crypto: Add RSA support
  - From: Ross Lagerwall

Prev by Date: Re: [PATCH 3/6] x86/msr: minimize usage of native_*() msr access functions
Next by Date: [PATCH 2/4] crypto: Add RSA support
Previous by thread: Re: [PATCH v3 04/11] vpci/header: Emulate extended capability list for dom0
Next by thread: [PATCH 2/4] crypto: Add RSA support
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.