Skip to content

Commit 78a3d9b

Browse files
rlmengejslobodzian
rlmenge
authored and
jslobodzian
committed
Update kernel-64k to have kexec signature verification (#11569)
Update kernel-64k to include kexec_sig verification. Bump all other relevant kernel specs
1 parent dd652a9 commit 78a3d9b

13 files changed

Lines changed: 37 additions & 15 deletions

File tree

SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
Summary: Signed Linux Kernel for %{buildarch} systems
88
Name: kernel-64k-signed-%{buildarch}
99
Version: 6.6.57.1
10-
Release: 5%{?dist}
10+
Release: 6%{?dist}
1111
License: GPLv2
1212
Vendor: Microsoft Corporation
1313
Distribution: Azure Linux
@@ -105,6 +105,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
105105
%exclude /module_info.ld
106106

107107
%changelog
108+
* Wed Dec 18 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-6
109+
- Bump release to match kernel-64k
110+
108111
* Thu Nov 07 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-5
109112
- Original version for Azure Linux
110113
- Starting with release 5 to align with kernel release.

SPECS-SIGNED/kernel-signed/kernel-signed.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
Summary: Signed Linux Kernel for %{buildarch} systems
1111
Name: kernel-signed-%{buildarch}
1212
Version: 6.6.57.1
13-
Release: 5%{?dist}
13+
Release: 6%{?dist}
1414
License: GPLv2
1515
Vendor: Microsoft Corporation
1616
Distribution: Azure Linux
@@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
145145
%exclude /module_info.ld
146146

147147
%changelog
148+
* Wed Dec 18 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-6
149+
- Bump release to match kernel-64k
150+
148151
* Mon Nov 25 2024 Chris Co <chrco@microsoft.com> - 6.6.57.1-5
149152
- Bump release to match kernel
150153

SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
Summary: Signed Unified Kernel Image for %{buildarch} systems
77
Name: kernel-uki-signed-%{buildarch}
88
Version: 6.6.57.1
9-
Release: 5%{?dist}
9+
Release: 6%{?dist}
1010
License: GPLv2
1111
Vendor: Microsoft Corporation
1212
Distribution: Azure Linux
@@ -68,6 +68,9 @@ popd
6868
/boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
6969

7070
%changelog
71+
* Wed Dec 18 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-6
72+
- Bump release to match kernel-64k
73+
7174
* Mon Nov 25 2024 Chris Co <chrco@microsoft.com> - 6.6.57.1-5
7275
- Bump release to match kernel
7376

SPECS/kernel-64k/config_aarch64

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -275,7 +275,8 @@ CONFIG_KEXEC_CORE=y
275275
CONFIG_HAVE_IMA_KEXEC=y
276276
# CONFIG_KEXEC is not set
277277
CONFIG_KEXEC_FILE=y
278-
# CONFIG_KEXEC_SIG is not set
278+
CONFIG_KEXEC_SIG=y
279+
CONFIG_KEXEC_IMAGE_VERIFY_SIG=y
279280
CONFIG_CRASH_DUMP=y
280281
# end of Kexec and crash features
281282
# end of General setup
@@ -10782,7 +10783,7 @@ CONFIG_X509_CERTIFICATE_PARSER=y
1078210783
# CONFIG_PKCS8_PRIVATE_KEY_PARSER is not set
1078310784
CONFIG_PKCS7_MESSAGE_PARSER=y
1078410785
# CONFIG_PKCS7_TEST_KEY is not set
10785-
# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
10786+
CONFIG_SIGNED_PE_FILE_VERIFICATION=y
1078610787
# CONFIG_FIPS_SIGNATURE_SELFTEST is not set
1078710788

1078810789
#

SPECS/kernel-64k/kernel-64k.signatures.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"Signatures": {
33
"azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b",
4-
"config_aarch64": "81527e718a88af9535ed5184f8c4d70eeece5374b197c9bade7cb6c818759cf8",
4+
"config_aarch64": "2e511edb6a5a6236c6f7307f070df422bd6032b1e572f8f44ef4134ecea7d5b7",
55
"cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
66
"cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
77
"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",

SPECS/kernel-64k/kernel-64k.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
Summary: Linux Kernel
2626
Name: kernel-64k
2727
Version: 6.6.57.1
28-
Release: 5%{?dist}
28+
Release: 6%{?dist}
2929
License: GPLv2
3030
Vendor: Microsoft Corporation
3131
Distribution: Azure Linux
@@ -370,6 +370,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
370370
%{_sysconfdir}/bash_completion.d/bpftool
371371

372372
%changelog
373+
* Wed Dec 18 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-6
374+
- Enable kexec signature verification
375+
373376
* Thu Nov 07 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-5
374377
- Initial CBL-Mariner import from Photon (license: Apache2).
375378
- Starting with release 5 to align with kernel release.

SPECS/kernel-headers/kernel-headers.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
Summary: Linux API header files
1515
Name: kernel-headers
1616
Version: 6.6.57.1
17-
Release: 5%{?dist}
17+
Release: 6%{?dist}
1818
License: GPLv2
1919
Vendor: Microsoft Corporation
2020
Distribution: Azure Linux
@@ -75,6 +75,9 @@ done
7575
%endif
7676

7777
%changelog
78+
* Wed Dec 18 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-6
79+
- Bump release to match kernel-64k
80+
7881
* Mon Nov 25 2024 Chris Co <chrco@microsoft.com> - 6.6.57.1-5
7982
- Bump release to match kernel
8083

SPECS/kernel/kernel-uki.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
Summary: Unified Kernel Image
1414
Name: kernel-uki
1515
Version: 6.6.57.1
16-
Release: 5%{?dist}
16+
Release: 6%{?dist}
1717
License: GPLv2
1818
Vendor: Microsoft Corporation
1919
Distribution: Azure Linux
@@ -70,6 +70,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu
7070
/boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
7171

7272
%changelog
73+
* Wed Dec 18 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-6
74+
- Bump release to match kernel-64k
75+
7376
* Mon Nov 25 2024 Chris Co <chrco@microsoft.com> - 6.6.57.1-5
7477
- Bump release to match kernel
7578

SPECS/kernel/kernel.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
Summary: Linux Kernel
3131
Name: kernel
3232
Version: 6.6.57.1
33-
Release: 5%{?dist}
33+
Release: 6%{?dist}
3434
License: GPLv2
3535
Vendor: Microsoft Corporation
3636
Distribution: Azure Linux
@@ -424,6 +424,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
424424
%{_sysconfdir}/bash_completion.d/bpftool
425425

426426
%changelog
427+
* Wed Dec 18 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.57.1-6
428+
- Bump release to match kernel-64k
429+
427430
* Mon Nov 25 2024 Chris Co <chrco@microsoft.com> - 6.6.57.1-5
428431
- Enable ICE ethernet driver
429432

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
filesystem-1.1-21.azl3.aarch64.rpm
2-
kernel-headers-6.6.57.1-5.azl3.noarch.rpm
2+
kernel-headers-6.6.57.1-6.azl3.noarch.rpm
33
glibc-2.38-8.azl3.aarch64.rpm
44
glibc-devel-2.38-8.azl3.aarch64.rpm
55
glibc-i18n-2.38-8.azl3.aarch64.rpm

0 commit comments

Comments
 (0)