---
 arch/x86/include/asm/kexec-bzimage.h |    3 ++-
 arch/x86/kernel/kexec-bzimage.c      |    7 +++++++
 arch/x86/kernel/machine_kexec_64.c   |   17 ++++++++++++++++-
 include/linux/kexec.h                |    3 +++
 kernel/kexec.c                       |   12 ++++++++++++
 5 files changed, 40 insertions(+), 2 deletions(-)

Index: linux-2.6/kernel/kexec.c
===================================================================
--- linux-2.6.orig/kernel/kexec.c	2014-06-17 09:12:19.167966012 -0400
+++ linux-2.6/kernel/kexec.c	2014-06-17 09:16:06.797979422 -0400
@@ -334,6 +334,13 @@ arch_kexec_kernel_image_probe(struct kim
 	return -ENOEXEC;
 }
 
+int __attribute__ ((weak))
+arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
+				unsigned long buf_len)
+{
+	return -EKEYREJECTED;
+}
+
 void *__attribute__ ((weak))
 arch_kexec_kernel_image_load(struct kimage *image, char *kernel,
 		unsigned long kernel_len, char *initrd,
@@ -410,6 +417,11 @@ static int kimage_file_prepare_segments(
 	if (ret)
 		goto out;
 
+	ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
+						image->kernel_buf_len);
+	if (ret)
+		goto out;
+
 	ret = copy_file_from_fd(initrd_fd, &image->initrd_buf,
 					&image->initrd_buf_len);
 	if (ret)
Index: linux-2.6/arch/x86/kernel/machine_kexec_64.c
===================================================================
--- linux-2.6.orig/arch/x86/kernel/machine_kexec_64.c	2014-06-17 09:12:19.167966012 -0400
+++ linux-2.6/arch/x86/kernel/machine_kexec_64.c	2014-06-17 09:16:06.798979422 -0400
@@ -25,7 +25,8 @@
 
 /* arch dependent functionality related to kexec file based syscall */
 static struct kexec_file_type kexec_file_type[] = {
-	{"bzImage64", bzImage64_probe, bzImage64_load, bzImage64_cleanup},
+	{"bzImage64", bzImage64_probe, bzImage64_load, bzImage64_cleanup,
+	 bzImage64_verify_sig},
 };
 
 static int nr_file_types = sizeof(kexec_file_type)/sizeof(kexec_file_type[0]);
@@ -349,6 +350,20 @@ int arch_kexec_kernel_image_probe(struct
 	return ret;
 }
 
+int arch_kexec_kernel_verify_sig(struct kimage *image, void *kernel,
+					unsigned long kernel_len)
+{
+	int idx = image->file_handler_idx;
+
+	if (idx < 0)
+		return -ENOEXEC;
+
+	if (!kexec_file_type[idx].verify_sig)
+		return -EKEYREJECTED;
+
+	return kexec_file_type[idx].verify_sig(image, kernel, kernel_len);
+}
+
 void *arch_kexec_kernel_image_load(struct kimage *image, char *kernel,
 			unsigned long kernel_len, char *initrd,
 			unsigned long initrd_len, char *cmdline,
Index: linux-2.6/include/linux/kexec.h
===================================================================
--- linux-2.6.orig/include/linux/kexec.h	2014-06-17 09:12:19.167966012 -0400
+++ linux-2.6/include/linux/kexec.h	2014-06-17 09:16:06.817979423 -0400
@@ -191,12 +191,15 @@ typedef void *(kexec_load_t)(struct kima
 				unsigned long initrd_len, char *cmdline,
 				unsigned long cmdline_len);
 typedef int (kexec_cleanup_t)(struct kimage *image);
+typedef int (kexec_verify_sig_t)(struct kimage *image, const char *kernel_buf,
+					unsigned long kernel_len);
 
 struct kexec_file_type {
 	const char *name;
 	kexec_probe_t *probe;
 	kexec_load_t *load;
 	kexec_cleanup_t *cleanup;
+	kexec_verify_sig_t *verify_sig;
 };
 
 /* kexec interface functions */
Index: linux-2.6/arch/x86/kernel/kexec-bzimage.c
===================================================================
--- linux-2.6.orig/arch/x86/kernel/kexec-bzimage.c	2014-06-17 09:12:19.167966012 -0400
+++ linux-2.6/arch/x86/kernel/kexec-bzimage.c	2014-06-17 09:16:06.817979423 -0400
@@ -21,6 +21,7 @@
 #include <asm/setup.h>
 #include <asm/crash.h>
 #include <asm/efi.h>
+#include "pefile_parser.h"
 
 #define MAX_ELFCOREHDR_STR_LEN	30	/* elfcorehdr=0x<64bit-value> */
 
@@ -311,4 +312,10 @@ int bzImage64_cleanup(struct kimage *ima
 	return 0;
 }
 
+int bzImage64_verify_sig(struct kimage *image, const char *kernel,
+				unsigned long kernel_len)
+{
+	return pefile_parse_verify_sig(kernel, kernel_len);
+}
+
 #endif /* CONFIG_X86_64 */
Index: linux-2.6/arch/x86/include/asm/kexec-bzimage.h
===================================================================
--- linux-2.6.orig/arch/x86/include/asm/kexec-bzimage.h	2014-06-17 09:12:19.167966012 -0400
+++ linux-2.6/arch/x86/include/asm/kexec-bzimage.h	2014-06-17 09:16:06.817979423 -0400
@@ -7,5 +7,6 @@ extern void *bzImage64_load(struct kimag
 		unsigned long initrd_len, char *cmdline,
 		unsigned long cmdline_len);
 extern int bzImage64_cleanup(struct kimage *image);
-
+extern int bzImage64_verify_sig(struct kimage *image, const char *buf,
+				unsigned long len);
 #endif  /* _ASM_BZIMAGE_H */