From: Michael Ellerman <mpe@ellerman.id.au>
To: Mimi Zohar <zohar@linux.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Kerr <jk@ozlabs.org>,
Matthew Garret <matthew.garret@nebula.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
George Wilson <gcwilson@linux.ibm.com>,
Elaine Palmer <erpalmer@us.ibm.com>,
Eric Ricther <erichte@linux.ibm.com>,
Oliver O'Halloran <oohall@gmail.com>,
Josh Boyer <jwboyer@fedoraproject.org>,
David Howells <dhowells@redhat.com>
Subject: Re: [PATCH v3 3/4] x86/efi: move common keyring handler functions to new file
Date: Thu, 05 Sep 2019 13:59:33 +1000 [thread overview]
Message-ID: <87blvzpf4q.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <1567551071.4937.5.camel@linux.ibm.com>
Mimi Zohar <zohar@linux.ibm.com> writes:
> (Cc'ing Josh Boyer, David Howells)
>
> On Mon, 2019-09-02 at 21:55 +1000, Michael Ellerman wrote:
>> Nayna Jain <nayna@linux.ibm.com> writes:
>>
>> > The handlers to add the keys to the .platform keyring and blacklisted
>> > hashes to the .blacklist keyring is common for both the uefi and powerpc
>> > mechanisms of loading the keys/hashes from the firmware.
>> >
>> > This patch moves the common code from load_uefi.c to keyring_handler.c
>> >
>> > Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
>
> Acked-by: Mimi Zohar <zohar@linux.ibm.com>
>
>> > ---
>> > security/integrity/Makefile | 3 +-
>> > .../platform_certs/keyring_handler.c | 80 +++++++++++++++++++
>> > .../platform_certs/keyring_handler.h | 32 ++++++++
>> > security/integrity/platform_certs/load_uefi.c | 67 +---------------
>> > 4 files changed, 115 insertions(+), 67 deletions(-)
>> > create mode 100644 security/integrity/platform_certs/keyring_handler.c
>> > create mode 100644 security/integrity/platform_certs/keyring_handler.h
>>
>> This has no acks from security folks, though I'm not really clear on who
>> maintains those files.
>
> I upstreamed David's, Josh's, and Nayna's patches, so that's probably
> me.
>
>> Do I take it because it's mostly just code movement people are OK with
>> it going in via the powerpc tree?
>
> Yes, the only reason for splitting load_uefi.c is for powerpc. These
> patches should be upstreamed together.
Thanks.
cheers
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: Mimi Zohar <zohar@linux.ibm.com>,
Nayna Jain <nayna@linux.ibm.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>,
Josh Boyer <jwboyer@fedoraproject.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Eric Ricther <erichte@linux.ibm.com>,
linux-kernel@vger.kernel.org,
Claudio Carvalho <cclaudio@linux.ibm.com>,
Matthew Garret <matthew.garret@nebula.com>,
Paul Mackerras <paulus@samba.org>, Jeremy Kerr <jk@ozlabs.org>,
Elaine Palmer <erpalmer@us.ibm.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Oliver O'Halloran <oohall@gmail.com>,
George Wilson <gcwilson@linux.ibm.com>
Subject: Re: [PATCH v3 3/4] x86/efi: move common keyring handler functions to new file
Date: Thu, 05 Sep 2019 13:59:33 +1000 [thread overview]
Message-ID: <87blvzpf4q.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <1567551071.4937.5.camel@linux.ibm.com>
Mimi Zohar <zohar@linux.ibm.com> writes:
> (Cc'ing Josh Boyer, David Howells)
>
> On Mon, 2019-09-02 at 21:55 +1000, Michael Ellerman wrote:
>> Nayna Jain <nayna@linux.ibm.com> writes:
>>
>> > The handlers to add the keys to the .platform keyring and blacklisted
>> > hashes to the .blacklist keyring is common for both the uefi and powerpc
>> > mechanisms of loading the keys/hashes from the firmware.
>> >
>> > This patch moves the common code from load_uefi.c to keyring_handler.c
>> >
>> > Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
>
> Acked-by: Mimi Zohar <zohar@linux.ibm.com>
>
>> > ---
>> > security/integrity/Makefile | 3 +-
>> > .../platform_certs/keyring_handler.c | 80 +++++++++++++++++++
>> > .../platform_certs/keyring_handler.h | 32 ++++++++
>> > security/integrity/platform_certs/load_uefi.c | 67 +---------------
>> > 4 files changed, 115 insertions(+), 67 deletions(-)
>> > create mode 100644 security/integrity/platform_certs/keyring_handler.c
>> > create mode 100644 security/integrity/platform_certs/keyring_handler.h
>>
>> This has no acks from security folks, though I'm not really clear on who
>> maintains those files.
>
> I upstreamed David's, Josh's, and Nayna's patches, so that's probably
> me.
>
>> Do I take it because it's mostly just code movement people are OK with
>> it going in via the powerpc tree?
>
> Yes, the only reason for splitting load_uefi.c is for powerpc. These
> patches should be upstreamed together.
Thanks.
cheers
next prev parent reply other threads:[~2019-09-05 3:59 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-26 13:23 [PATCH v3 0/4] powerpc: expose secure variables to the kernel and userspace Nayna Jain
2019-08-26 13:23 ` Nayna Jain
2019-08-26 13:23 ` [PATCH v3 1/4] powerpc/powernv: Add OPAL API interface to access secure variable Nayna Jain
2019-08-26 13:23 ` Nayna Jain
2019-08-26 13:23 ` [PATCH v3 2/4] powerpc: expose secure variables to userspace via sysfs Nayna Jain
2019-08-26 13:23 ` Nayna Jain
2019-08-26 14:01 ` Greg Kroah-Hartman
2019-08-26 14:01 ` Greg Kroah-Hartman
2019-08-26 14:12 ` Nayna
2019-08-26 14:12 ` Nayna
2019-08-26 15:01 ` [PATCH] sysfs: add BIN_ATTR_WO() macro Greg Kroah-Hartman
2019-08-26 15:01 ` Greg Kroah-Hartman
2019-09-03 3:37 ` Michael Ellerman
2019-09-03 3:37 ` Michael Ellerman
2019-09-04 11:36 ` Greg Kroah-Hartman
2019-09-04 11:36 ` Greg Kroah-Hartman
2019-10-01 18:08 ` Nayna
2019-10-01 18:16 ` Greg Kroah-Hartman
2019-10-01 18:55 ` Nayna
2019-08-26 14:56 ` [PATCH v3 2/4] powerpc: expose secure variables to userspace via sysfs Greg Kroah-Hartman
2019-08-26 14:56 ` Greg Kroah-Hartman
2019-08-26 15:46 ` Nayna
2019-08-26 15:46 ` Nayna
2019-08-26 15:57 ` Greg Kroah-Hartman
2019-08-26 15:57 ` Greg Kroah-Hartman
2019-08-26 13:23 ` [PATCH v3 3/4] x86/efi: move common keyring handler functions to new file Nayna Jain
2019-08-26 13:23 ` Nayna Jain
2019-09-02 11:55 ` Michael Ellerman
2019-09-02 11:55 ` Michael Ellerman
2019-09-03 22:51 ` Mimi Zohar
2019-09-03 22:51 ` Mimi Zohar
2019-09-05 3:59 ` Michael Ellerman [this message]
2019-09-05 3:59 ` Michael Ellerman
2019-08-26 13:23 ` [PATCH v3 4/4] powerpc: load firmware trusted keys/hashes into kernel keyring Nayna Jain
2019-08-26 13:23 ` Nayna Jain
2019-09-03 22:54 ` Mimi Zohar
2019-09-03 22:54 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87blvzpf4q.fsf@mpe.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=cclaudio@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=erichte@linux.ibm.com \
--cc=erpalmer@us.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jk@ozlabs.org \
--cc=jwboyer@fedoraproject.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=matthew.garret@nebula.com \
--cc=nayna@linux.ibm.com \
--cc=oohall@gmail.com \
--cc=paulus@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.