All of lore.kernel.org
 help / color / mirror / Atom feed
* [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4
@ 2022-04-20  3:10 Jarkko Sakkinen
  2022-04-20 10:47 ` David Howells
  0 siblings, 1 reply; 3+ messages in thread
From: Jarkko Sakkinen @ 2022-04-20  3:10 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: linux-kernel, linux-integrity, keyrings, James Morris,
	David Howells, Peter Huewe, Jason Gunthorpe,
	Mickaël Salaün

Hi,

Mickaël's patches to add signed hash to the blacklist keyring that were
left out from the original v5.18 PR. They should be safe to include to
rc4 as they've been in circulation for ages, and have been tested
throughly.

BR, Jarkko

The following changes since commit b7f73403a3e922c20bb278ba3cfcc3c61930d82a:

  Merge tag 'spi-fix-v5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi (2022-04-19 10:30:43 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18-rc4

for you to fetch changes up to fad7eba9464e58146ccc458afcf6f0667b5b27f8:

  certs: Explain the rationale to call panic() (2022-04-19 22:11:56 +0300)

----------------------------------------------------------------
tpmdd updates for Linux v5.18-rc4

----------------------------------------------------------------
Mickaël Salaün (6):
      tools/certs: Add print-cert-tbs-hash.sh
      certs: Factor out the blacklist hash creation
      certs: Make blacklist_vet_description() more strict
      certs: Check that builtin blacklist hashes are valid
      certs: Allow root user to append signed hashes to the blacklist keyring
      certs: Explain the rationale to call panic()

 MAINTAINERS                                        |   2 +
 certs/.gitignore                                   |   1 +
 certs/Kconfig                                      |  17 +-
 certs/Makefile                                     |  14 +-
 certs/blacklist.c                                  | 227 ++++++++++++++++-----
 crypto/asymmetric_keys/x509_public_key.c           |   3 +-
 include/keys/system_keyring.h                      |  14 +-
 scripts/check-blacklist-hashes.awk                 |  37 ++++
 .../integrity/platform_certs/keyring_handler.c     |  26 +--
 tools/certs/print-cert-tbs-hash.sh                 |  91 +++++++++
 10 files changed, 352 insertions(+), 80 deletions(-)
 create mode 100755 scripts/check-blacklist-hashes.awk
 create mode 100755 tools/certs/print-cert-tbs-hash.sh

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4
  2022-04-20  3:10 [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4 Jarkko Sakkinen
@ 2022-04-20 10:47 ` David Howells
  2022-04-21 15:14   ` Jarkko Sakkinen
  0 siblings, 1 reply; 3+ messages in thread
From: David Howells @ 2022-04-20 10:47 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: dhowells, Linus Torvalds, linux-kernel, linux-integrity,
	keyrings, James Morris, Peter Huewe, Jason Gunthorpe,
	=?iso-8859-1?Q?Micka=EBl_Sala=FCn?=

Jarkko Sakkinen <jarkko@kernel.org> wrote:

> Mickaël's patches to add signed hash to the blacklist keyring that were
> left out from the original v5.18 PR. They should be safe to include to
> rc4 as they've been in circulation for ages, and have been tested
> throughly.

Barring a bit in patch 3 where I think strncmp() would be better employed for
checking prefixes (and can be fixed up later):

Reviewed-by: David Howells <dhowells@redhat.com>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4
  2022-04-20 10:47 ` David Howells
@ 2022-04-21 15:14   ` Jarkko Sakkinen
  0 siblings, 0 replies; 3+ messages in thread
From: Jarkko Sakkinen @ 2022-04-21 15:14 UTC (permalink / raw)
  To: David Howells
  Cc: Linus Torvalds, linux-kernel, linux-integrity, keyrings,
	James Morris, Peter Huewe, Jason Gunthorpe,
	=?iso-8859-1?Q?Micka=EBl_Sala=FCn?=

On Wed, Apr 20, 2022 at 11:47:58AM +0100, David Howells wrote:
> Jarkko Sakkinen <jarkko@kernel.org> wrote:
> 
> > Mickaël's patches to add signed hash to the blacklist keyring that were
> > left out from the original v5.18 PR. They should be safe to include to
> > rc4 as they've been in circulation for ages, and have been tested
> > throughly.
> 
> Barring a bit in patch 3 where I think strncmp() would be better employed for
> checking prefixes (and can be fixed up later):
> 
> Reviewed-by: David Howells <dhowells@redhat.com>

Thanks David.

BR, Jarkko

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-21 15:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-20  3:10 [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4 Jarkko Sakkinen
2022-04-20 10:47 ` David Howells
2022-04-21 15:14   ` Jarkko Sakkinen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.