kexec: verify the signature of signed PE bzImage

[pandora-kernel.git] / arch / x86 / kernel / machine_kexec_64.c

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 9330434..8b04018 100644 (file)
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -372,6 +372,17 @@ int arch_kimage_file_post_load_cleanup(struct kimage *image)
        return image->fops->cleanup(image->image_loader_data);
 }
 
+int arch_kexec_kernel_verify_sig(struct kimage *image, void *kernel,
+                                unsigned long kernel_len)
+{
+       if (!image->fops || !image->fops->verify_sig) {
+               pr_debug("kernel loader does not support signature verification.");
+               return -EKEYREJECTED;
+       }
+
+       return image->fops->verify_sig(kernel, kernel_len);
+}
+
 /*
  * Apply purgatory relocations.
  *