[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 0/5] LivePatch signing support

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Date: Thu, 15 May 2025 10:38:15 +0100
Cc: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
Delivery-date: Thu, 15 May 2025 09:38:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Live patch signing support was mentioned as future work in the design
document several years ago. This series finally implements support for
it since it is a requirement of Secure Boot to prevent loading unsigned
code into Xen.

See the individual patches for what has changed in v2.

Jennifer Herbert (1):
  livepatch: Verify livepatch signatures

Kevin Lampis (1):
  livepatch: Embed public key in Xen

Ross Lagerwall (3):
  docs: Introduce live patch signing
  crypto: Add RSA support
  livepatch: Load built-in key during boot

 docs/misc/livepatch.pandoc      |  106 +-
 xen/common/Kconfig              |   18 +
 xen/common/Makefile             |    1 +
 xen/common/livepatch.c          |  145 +++
 xen/common/livepatch_elf.c      |   55 +
 xen/common/mpi.c                | 1729 +++++++++++++++++++++++++++++++
 xen/crypto/Makefile             |   14 +
 xen/crypto/rsa.c                |  196 ++++
 xen/include/xen/livepatch.h     |   16 +
 xen/include/xen/livepatch_elf.h |   18 +
 xen/include/xen/mpi.h           |   68 ++
 xen/include/xen/rsa.h           |   74 ++
 xen/tools/extract-key.py        |   37 +
 13 files changed, 2425 insertions(+), 52 deletions(-)
 create mode 100644 xen/common/mpi.c
 create mode 100644 xen/crypto/rsa.c
 create mode 100644 xen/include/xen/mpi.h
 create mode 100644 xen/include/xen/rsa.h
 create mode 100755 xen/tools/extract-key.py

-- 
2.49.0

Follow-Ups:
- [PATCH v2 5/5] livepatch: Verify livepatch signatures
  - From: Ross Lagerwall
- [PATCH v2 4/5] livepatch: Load built-in key during boot
  - From: Ross Lagerwall
- [PATCH v2 2/5] livepatch: Embed public key in Xen
  - From: Ross Lagerwall
- [PATCH v2 3/5] crypto: Add RSA support
  - From: Ross Lagerwall
- [PATCH v2 1/5] docs: Introduce live patch signing
  - From: Ross Lagerwall

Prev by Date: Re: [PATCH v2 12/16] xen/riscv: introduce intc_init() and helpers
Next by Date: [PATCH v2 1/5] docs: Introduce live patch signing
Previous by thread: [PATCH] x86/iommu: use rangeset_subtract() in arch_iommu_hwdom_init()
Next by thread: [PATCH v2 1/5] docs: Introduce live patch signing
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.