* [GIT PULL] TPM DEVICE DRIVER updates for v5.18
@ 2022-03-14 3:36 Jarkko Sakkinen
0 siblings, 0 replies; 8+ messages in thread
From: Jarkko Sakkinen @ 2022-03-14 3:36 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, linux-integrity, keyrings, James Morris,
David Howells, Peter Huewe, Jason Gunthorpe
Hi,
In order to split the work a bit we've aligned with David Howells more or
less that I take more hardware/firmware aligned keyring patches, and he
takes care more of the framework aligned patches.
For TPM the patches worth of highlighting are the fixes for refcounting
provided by Lino Sanfilippo and James Bottomley.
Eric B. has done a bunch obvious (but important) fixes but there's one a
bit controversial: removal of asym_tpm. It was added in 2018 when TPM1
was already declared as insecure and world had moved on to TPM2. I don't
know how this has passed all the filters but I did not have a chance to
see the patches when they were out. I simply cannot commit on
maintaining this because it was from all angles just wrong to take it in
the first place to the mainline kernel. Nobody should use this module
really for anything.
Finally, there is a new keyring ".machine" to hold MOK keys. In the mok
side MokListTrustedRT UEFI variable can be set, from which kernel knows
that MOK keys are kernel trusted keys and they are populated to the machine
keyring. This keyring linked to the secondary trusted keyring, which means
that can be used like any kernel trusted keys. This keyring of course can
be used to hold other MOK'ish keys in other platforms in future.
BR, Jarkko
v2:
* https://lore.kernel.org/all/20220201003414.55380-2-ebiggers@kernel.org/ =>
https://lore.kernel.org/all/20220208052448.409152-2-ebiggers@kernel.org/
The following changes since commit ea4424be16887a37735d6550cfd0611528dbe5d9:
Merge tag 'mtd/fixes-for-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux (2022-03-07 11:43:22 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18-v2
for you to fetch changes up to fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9:
tpm: use try_get_ops() in tpm-space.c (2022-03-10 01:47:25 +0200)
----------------------------------------------------------------
tpmdd updates for Linux v5.18
----------------------------------------------------------------
Andreas Rammhold (1):
KEYS: trusted: Fix trusted key backends when building as module
Dave Kleikamp (1):
KEYS: trusted: Avoid calling null function trusted_key_exit
Eric Biggers (8):
KEYS: fix length validation in keyctl_pkey_params_get_2()
KEYS: x509: clearly distinguish between key and signature algorithms
KEYS: x509: remove unused fields
KEYS: x509: remove never-set ->unsupported_key flag
KEYS: x509: remove dead code that set ->unsupported_sig
KEYS: remove support for asym_tpm keys
KEYS: asymmetric: enforce that sig algo matches key algo
KEYS: asymmetric: properly validate hash_algo and encoding
Eric Snowberg (8):
integrity: Fix warning about missing prototypes
integrity: Introduce a Linux keyring called machine
integrity: add new keyring handler for mok keys
KEYS: store reference to machine keyring
KEYS: Introduce link restriction for machine keys
efi/mokvar: move up init order
integrity: Trust MOK keys if MokListTrustedRT found
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
Gustavo A. R. Silva (1):
tpm: xen-tpmfront: Use struct_size() helper
James Bottomley (1):
tpm: use try_get_ops() in tpm-space.c
Lino Sanfilippo (1):
tpm: fix reference counting for struct tpm_chip
Stefan Berger (1):
selftests: tpm2: Determine available PCR bank
Tadeusz Struk (2):
tpm: Fix error handling in async work
selftests: tpm: add async space test with noneexisting handle
certs/system_keyring.c | 44 +-
crypto/asymmetric_keys/Kconfig | 21 -
crypto/asymmetric_keys/Makefile | 12 -
crypto/asymmetric_keys/asym_tpm.c | 957 ---------------------
crypto/asymmetric_keys/pkcs7_verify.c | 13 +-
crypto/asymmetric_keys/public_key.c | 126 ++-
crypto/asymmetric_keys/tpm.asn1 | 5 -
crypto/asymmetric_keys/tpm_parser.c | 102 ---
crypto/asymmetric_keys/x509.asn1 | 2 +-
crypto/asymmetric_keys/x509_cert_parser.c | 34 +-
crypto/asymmetric_keys/x509_parser.h | 1 -
crypto/asymmetric_keys/x509_public_key.c | 24 -
drivers/char/tpm/tpm-chip.c | 46 +-
drivers/char/tpm/tpm-dev-common.c | 8 +-
drivers/char/tpm/tpm.h | 2 +
drivers/char/tpm/tpm2-space.c | 73 +-
drivers/char/tpm/xen-tpmfront.c | 8 +-
drivers/firmware/efi/mokvar-table.c | 2 +-
include/crypto/asym_tpm_subtype.h | 19 -
include/keys/system_keyring.h | 14 +
security/integrity/Kconfig | 13 +
security/integrity/Makefile | 1 +
security/integrity/digsig.c | 15 +-
security/integrity/integrity.h | 17 +-
.../integrity/platform_certs/keyring_handler.c | 18 +-
.../integrity/platform_certs/keyring_handler.h | 5 +
security/integrity/platform_certs/load_uefi.c | 4 +-
.../integrity/platform_certs/machine_keyring.c | 77 ++
security/keys/keyctl_pkey.c | 14 +-
security/keys/trusted-keys/trusted_core.c | 6 +-
tools/testing/selftests/tpm2/tpm2.py | 31 +
tools/testing/selftests/tpm2/tpm2_tests.py | 45 +-
32 files changed, 486 insertions(+), 1273 deletions(-)
delete mode 100644 crypto/asymmetric_keys/asym_tpm.c
delete mode 100644 crypto/asymmetric_keys/tpm.asn1
delete mode 100644 crypto/asymmetric_keys/tpm_parser.c
delete mode 100644 include/crypto/asym_tpm_subtype.h
create mode 100644 security/integrity/platform_certs/machine_keyring.c
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] TPM DEVICE DRIVER updates for v5.18
2022-03-14 3:32 Jarkko Sakkinen
@ 2022-03-14 3:38 ` Jarkko Sakkinen
0 siblings, 0 replies; 8+ messages in thread
From: Jarkko Sakkinen @ 2022-03-14 3:38 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, linux-integrity, keyrings, James Morris,
David Howells, Peter Huewe, Jason Gunthorpe
On Mon, Mar 14, 2022 at 05:32:39AM +0200, Jarkko Sakkinen wrote:
> The following changes since commit ea4424be16887a37735d6550cfd0611528dbe5d9:
>
> Merge tag 'mtd/fixes-for-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux (2022-03-07 11:43:22 -0800)
>
> are available in the Git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18-v2
>
> for you to fetch changes up to fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9:
>
> tpm: use try_get_ops() in tpm-space.c (2022-03-10 01:47:25 +0200)
>
> ----------------------------------------------------------------
> tpmdd updates for Linux v5.18
>
> ----------------------------------------------------------------
> Andreas Rammhold (1):
> KEYS: trusted: Fix trusted key backends when building as module
>
> Dave Kleikamp (1):
> KEYS: trusted: Avoid calling null function trusted_key_exit
>
> Eric Biggers (8):
> KEYS: fix length validation in keyctl_pkey_params_get_2()
> KEYS: x509: clearly distinguish between key and signature algorithms
> KEYS: x509: remove unused fields
> KEYS: x509: remove never-set ->unsupported_key flag
> KEYS: x509: remove dead code that set ->unsupported_sig
> KEYS: remove support for asym_tpm keys
> KEYS: asymmetric: enforce that sig algo matches key algo
> KEYS: asymmetric: properly validate hash_algo and encoding
>
> Eric Snowberg (8):
> integrity: Fix warning about missing prototypes
> integrity: Introduce a Linux keyring called machine
> integrity: add new keyring handler for mok keys
> KEYS: store reference to machine keyring
> KEYS: Introduce link restriction for machine keys
> efi/mokvar: move up init order
> integrity: Trust MOK keys if MokListTrustedRT found
> integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
>
> Gustavo A. R. Silva (1):
> tpm: xen-tpmfront: Use struct_size() helper
>
> James Bottomley (1):
> tpm: use try_get_ops() in tpm-space.c
>
> Lino Sanfilippo (1):
> tpm: fix reference counting for struct tpm_chip
>
> Stefan Berger (1):
> selftests: tpm2: Determine available PCR bank
>
> Tadeusz Struk (2):
> tpm: Fix error handling in async work
> selftests: tpm: add async space test with noneexisting handle
>
> certs/system_keyring.c | 44 +-
> crypto/asymmetric_keys/Kconfig | 21 -
> crypto/asymmetric_keys/Makefile | 12 -
> crypto/asymmetric_keys/asym_tpm.c | 957 ---------------------
> crypto/asymmetric_keys/pkcs7_verify.c | 13 +-
> crypto/asymmetric_keys/public_key.c | 126 ++-
> crypto/asymmetric_keys/tpm.asn1 | 5 -
> crypto/asymmetric_keys/tpm_parser.c | 102 ---
> crypto/asymmetric_keys/x509.asn1 | 2 +-
> crypto/asymmetric_keys/x509_cert_parser.c | 34 +-
> crypto/asymmetric_keys/x509_parser.h | 1 -
> crypto/asymmetric_keys/x509_public_key.c | 24 -
> drivers/char/tpm/tpm-chip.c | 46 +-
> drivers/char/tpm/tpm-dev-common.c | 8 +-
> drivers/char/tpm/tpm.h | 2 +
> drivers/char/tpm/tpm2-space.c | 73 +-
> drivers/char/tpm/xen-tpmfront.c | 8 +-
> drivers/firmware/efi/mokvar-table.c | 2 +-
> include/crypto/asym_tpm_subtype.h | 19 -
> include/keys/system_keyring.h | 14 +
> security/integrity/Kconfig | 13 +
> security/integrity/Makefile | 1 +
> security/integrity/digsig.c | 15 +-
> security/integrity/integrity.h | 17 +-
> .../integrity/platform_certs/keyring_handler.c | 18 +-
> .../integrity/platform_certs/keyring_handler.h | 5 +
> security/integrity/platform_certs/load_uefi.c | 4 +-
> .../integrity/platform_certs/machine_keyring.c | 77 ++
> security/keys/keyctl_pkey.c | 14 +-
> security/keys/trusted-keys/trusted_core.c | 6 +-
> tools/testing/selftests/tpm2/tpm2.py | 31 +
> tools/testing/selftests/tpm2/tpm2_tests.py | 45 +-
> 32 files changed, 486 insertions(+), 1273 deletions(-)
> delete mode 100644 crypto/asymmetric_keys/asym_tpm.c
> delete mode 100644 crypto/asymmetric_keys/tpm.asn1
> delete mode 100644 crypto/asymmetric_keys/tpm_parser.c
> delete mode 100644 include/crypto/asym_tpm_subtype.h
> create mode 100644 security/integrity/platform_certs/machine_keyring.c
An unfortunate mistake (sent by accident). The one with cover letter is
the right one.
BR, Jarkko
^ permalink raw reply [flat|nested] 8+ messages in thread
* [GIT PULL] TPM DEVICE DRIVER updates for v5.18
@ 2022-03-14 3:32 Jarkko Sakkinen
2022-03-14 3:38 ` Jarkko Sakkinen
0 siblings, 1 reply; 8+ messages in thread
From: Jarkko Sakkinen @ 2022-03-14 3:32 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, linux-integrity, keyrings, James Morris,
David Howells, Peter Huewe, Jason Gunthorpe
The following changes since commit ea4424be16887a37735d6550cfd0611528dbe5d9:
Merge tag 'mtd/fixes-for-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux (2022-03-07 11:43:22 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18-v2
for you to fetch changes up to fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9:
tpm: use try_get_ops() in tpm-space.c (2022-03-10 01:47:25 +0200)
----------------------------------------------------------------
tpmdd updates for Linux v5.18
----------------------------------------------------------------
Andreas Rammhold (1):
KEYS: trusted: Fix trusted key backends when building as module
Dave Kleikamp (1):
KEYS: trusted: Avoid calling null function trusted_key_exit
Eric Biggers (8):
KEYS: fix length validation in keyctl_pkey_params_get_2()
KEYS: x509: clearly distinguish between key and signature algorithms
KEYS: x509: remove unused fields
KEYS: x509: remove never-set ->unsupported_key flag
KEYS: x509: remove dead code that set ->unsupported_sig
KEYS: remove support for asym_tpm keys
KEYS: asymmetric: enforce that sig algo matches key algo
KEYS: asymmetric: properly validate hash_algo and encoding
Eric Snowberg (8):
integrity: Fix warning about missing prototypes
integrity: Introduce a Linux keyring called machine
integrity: add new keyring handler for mok keys
KEYS: store reference to machine keyring
KEYS: Introduce link restriction for machine keys
efi/mokvar: move up init order
integrity: Trust MOK keys if MokListTrustedRT found
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
Gustavo A. R. Silva (1):
tpm: xen-tpmfront: Use struct_size() helper
James Bottomley (1):
tpm: use try_get_ops() in tpm-space.c
Lino Sanfilippo (1):
tpm: fix reference counting for struct tpm_chip
Stefan Berger (1):
selftests: tpm2: Determine available PCR bank
Tadeusz Struk (2):
tpm: Fix error handling in async work
selftests: tpm: add async space test with noneexisting handle
certs/system_keyring.c | 44 +-
crypto/asymmetric_keys/Kconfig | 21 -
crypto/asymmetric_keys/Makefile | 12 -
crypto/asymmetric_keys/asym_tpm.c | 957 ---------------------
crypto/asymmetric_keys/pkcs7_verify.c | 13 +-
crypto/asymmetric_keys/public_key.c | 126 ++-
crypto/asymmetric_keys/tpm.asn1 | 5 -
crypto/asymmetric_keys/tpm_parser.c | 102 ---
crypto/asymmetric_keys/x509.asn1 | 2 +-
crypto/asymmetric_keys/x509_cert_parser.c | 34 +-
crypto/asymmetric_keys/x509_parser.h | 1 -
crypto/asymmetric_keys/x509_public_key.c | 24 -
drivers/char/tpm/tpm-chip.c | 46 +-
drivers/char/tpm/tpm-dev-common.c | 8 +-
drivers/char/tpm/tpm.h | 2 +
drivers/char/tpm/tpm2-space.c | 73 +-
drivers/char/tpm/xen-tpmfront.c | 8 +-
drivers/firmware/efi/mokvar-table.c | 2 +-
include/crypto/asym_tpm_subtype.h | 19 -
include/keys/system_keyring.h | 14 +
security/integrity/Kconfig | 13 +
security/integrity/Makefile | 1 +
security/integrity/digsig.c | 15 +-
security/integrity/integrity.h | 17 +-
.../integrity/platform_certs/keyring_handler.c | 18 +-
.../integrity/platform_certs/keyring_handler.h | 5 +
security/integrity/platform_certs/load_uefi.c | 4 +-
.../integrity/platform_certs/machine_keyring.c | 77 ++
security/keys/keyctl_pkey.c | 14 +-
security/keys/trusted-keys/trusted_core.c | 6 +-
tools/testing/selftests/tpm2/tpm2.py | 31 +
tools/testing/selftests/tpm2/tpm2_tests.py | 45 +-
32 files changed, 486 insertions(+), 1273 deletions(-)
delete mode 100644 crypto/asymmetric_keys/asym_tpm.c
delete mode 100644 crypto/asymmetric_keys/tpm.asn1
delete mode 100644 crypto/asymmetric_keys/tpm_parser.c
delete mode 100644 include/crypto/asym_tpm_subtype.h
create mode 100644 security/integrity/platform_certs/machine_keyring.c
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] TPM DEVICE DRIVER updates for v5.18
2022-03-09 23:50 ` Jarkko Sakkinen
@ 2022-03-10 4:20 ` Eric Biggers
0 siblings, 0 replies; 8+ messages in thread
From: Eric Biggers @ 2022-03-10 4:20 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: Linus Torvalds, linux-kernel, linux-integrity, keyrings,
James Morris, David Howells, Peter Huewe, Jason Gunthorpe
On Thu, Mar 10, 2022 at 01:50:44AM +0200, Jarkko Sakkinen wrote:
> On Tue, Mar 08, 2022 at 08:50:30PM +0200, Jarkko Sakkinen wrote:
> > On Tue, Mar 08, 2022 at 10:10:31AM -0800, Eric Biggers wrote:
> > > On Tue, Mar 08, 2022 at 02:58:49PM +0200, Jarkko Sakkinen wrote:
> > > > KEYS: asymmetric: enforce that sig algo matches key algo
> > >
> > > It looks like you applied v1 of this patch
> > > (https://lore.kernel.org/r/20220201003414.55380-2-ebiggers@kernel.org) rather
> > > than v2 (https://lore.kernel.org/r/20220208052448.409152-2-ebiggers@kernel.org).
> > > I think that v2 is necessary because some callers of
> > > public_key_verify_signature() leave pkey_algo as NULL.
> > >
> > > Sorry for not spotting that you applied v1 earlier.
> > >
> > > - Eric
> >
> > I can do another pull request.
>
> Eric, does 'next' branch in
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
>
> look good to you now?
>
Yes, that looks good, thanks.
- Eric
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] TPM DEVICE DRIVER updates for v5.18
2022-03-08 18:50 ` Jarkko Sakkinen
@ 2022-03-09 23:50 ` Jarkko Sakkinen
2022-03-10 4:20 ` Eric Biggers
0 siblings, 1 reply; 8+ messages in thread
From: Jarkko Sakkinen @ 2022-03-09 23:50 UTC (permalink / raw)
To: Eric Biggers
Cc: Linus Torvalds, linux-kernel, linux-integrity, keyrings,
James Morris, David Howells, Peter Huewe, Jason Gunthorpe
On Tue, Mar 08, 2022 at 08:50:30PM +0200, Jarkko Sakkinen wrote:
> On Tue, Mar 08, 2022 at 10:10:31AM -0800, Eric Biggers wrote:
> > On Tue, Mar 08, 2022 at 02:58:49PM +0200, Jarkko Sakkinen wrote:
> > > KEYS: asymmetric: enforce that sig algo matches key algo
> >
> > It looks like you applied v1 of this patch
> > (https://lore.kernel.org/r/20220201003414.55380-2-ebiggers@kernel.org) rather
> > than v2 (https://lore.kernel.org/r/20220208052448.409152-2-ebiggers@kernel.org).
> > I think that v2 is necessary because some callers of
> > public_key_verify_signature() leave pkey_algo as NULL.
> >
> > Sorry for not spotting that you applied v1 earlier.
> >
> > - Eric
>
> I can do another pull request.
Eric, does 'next' branch in
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
look good to you now?
BR, Jarkko
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] TPM DEVICE DRIVER updates for v5.18
2022-03-08 18:10 ` Eric Biggers
@ 2022-03-08 18:50 ` Jarkko Sakkinen
2022-03-09 23:50 ` Jarkko Sakkinen
0 siblings, 1 reply; 8+ messages in thread
From: Jarkko Sakkinen @ 2022-03-08 18:50 UTC (permalink / raw)
To: Eric Biggers
Cc: Linus Torvalds, linux-kernel, linux-integrity, keyrings,
James Morris, David Howells, Peter Huewe, Jason Gunthorpe
On Tue, Mar 08, 2022 at 10:10:31AM -0800, Eric Biggers wrote:
> On Tue, Mar 08, 2022 at 02:58:49PM +0200, Jarkko Sakkinen wrote:
> > KEYS: asymmetric: enforce that sig algo matches key algo
>
> It looks like you applied v1 of this patch
> (https://lore.kernel.org/r/20220201003414.55380-2-ebiggers@kernel.org) rather
> than v2 (https://lore.kernel.org/r/20220208052448.409152-2-ebiggers@kernel.org).
> I think that v2 is necessary because some callers of
> public_key_verify_signature() leave pkey_algo as NULL.
>
> Sorry for not spotting that you applied v1 earlier.
>
> - Eric
I can do another pull request.
Linus, please ignore this first one.
BR, Jarkko
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] TPM DEVICE DRIVER updates for v5.18
2022-03-08 12:58 Jarkko Sakkinen
@ 2022-03-08 18:10 ` Eric Biggers
2022-03-08 18:50 ` Jarkko Sakkinen
0 siblings, 1 reply; 8+ messages in thread
From: Eric Biggers @ 2022-03-08 18:10 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: Linus Torvalds, linux-kernel, linux-integrity, keyrings,
James Morris, David Howells, Peter Huewe, Jason Gunthorpe
On Tue, Mar 08, 2022 at 02:58:49PM +0200, Jarkko Sakkinen wrote:
> KEYS: asymmetric: enforce that sig algo matches key algo
It looks like you applied v1 of this patch
(https://lore.kernel.org/r/20220201003414.55380-2-ebiggers@kernel.org) rather
than v2 (https://lore.kernel.org/r/20220208052448.409152-2-ebiggers@kernel.org).
I think that v2 is necessary because some callers of
public_key_verify_signature() leave pkey_algo as NULL.
Sorry for not spotting that you applied v1 earlier.
- Eric
^ permalink raw reply [flat|nested] 8+ messages in thread
* [GIT PULL] TPM DEVICE DRIVER updates for v5.18
@ 2022-03-08 12:58 Jarkko Sakkinen
2022-03-08 18:10 ` Eric Biggers
0 siblings, 1 reply; 8+ messages in thread
From: Jarkko Sakkinen @ 2022-03-08 12:58 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, linux-integrity, keyrings, James Morris,
David Howells, Peter Huewe, Jason Gunthorpe
Hi,
In order to split the work a bit we've aligned with David Howells more or
less that I take more hardware/firmware aligned keyring patches, and he
takes care more of the framework aligned patches.
For TPM the patches worth of highlighting are the fixes for refcounting
provided by Lino Sanfilippo and James Bottomley.
Eric B. has done a bunch obvious (but important) fixes but there's one a
bit controversial: removal of asym_tpm. It was added in 2018 when TPM1
was already declared as insecure and world had moved on to TPM2. I don't
know how this has passed all the filters but I did not have a chance to
see the patches when they were out. I simply cannot commit on
maintaining this because it was from all angles just wrong to take it in
the first place to the mainline kernel. Nobody should use this module
really for anything.
Finally, there is a new keyring ".machine" to hold MOK keys. In the mok
side MokListTrustedRT UEFI variable can be set, from which kernel knows
that MOK keys are kernel trusted keys and they are populated to the machine
keyring. This keyring linked to the secondary trusted keyring, which means
that can be used like any kernel trusted keys. This keyring of course can
be used to hold other MOK'ish keys in other platforms in future.
BR, Jarkko
The following changes since commit ea4424be16887a37735d6550cfd0611528dbe5d9:
Merge tag 'mtd/fixes-for-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux (2022-03-07 11:43:22 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18
for you to fetch changes up to f4fe76112c8fbe0a2d2e3ebd94ff2cfe22977e39:
tpm: use try_get_ops() in tpm-space.c (2022-03-08 14:29:25 +0200)
----------------------------------------------------------------
tpmdd updates for Linux v5.18
----------------------------------------------------------------
Andreas Rammhold (1):
KEYS: trusted: Fix trusted key backends when building as module
Dave Kleikamp (1):
KEYS: trusted: Avoid calling null function trusted_key_exit
Eric Biggers (8):
KEYS: fix length validation in keyctl_pkey_params_get_2()
KEYS: x509: clearly distinguish between key and signature algorithms
KEYS: x509: remove unused fields
KEYS: x509: remove never-set ->unsupported_key flag
KEYS: x509: remove dead code that set ->unsupported_sig
KEYS: remove support for asym_tpm keys
KEYS: asymmetric: enforce that sig algo matches key algo
KEYS: asymmetric: properly validate hash_algo and encoding
Eric Snowberg (8):
integrity: Fix warning about missing prototypes
integrity: Introduce a Linux keyring called machine
integrity: add new keyring handler for mok keys
KEYS: store reference to machine keyring
KEYS: Introduce link restriction for machine keys
efi/mokvar: move up init order
integrity: Trust MOK keys if MokListTrustedRT found
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
Gustavo A. R. Silva (1):
tpm: xen-tpmfront: Use struct_size() helper
James Bottomley (1):
tpm: use try_get_ops() in tpm-space.c
Lino Sanfilippo (1):
tpm: fix reference counting for struct tpm_chip
Stefan Berger (1):
selftests: tpm2: Determine available PCR bank
Tadeusz Struk (2):
tpm: Fix error handling in async work
selftests: tpm: add async space test with noneexisting handle
certs/system_keyring.c | 44 +-
crypto/asymmetric_keys/Kconfig | 21 -
crypto/asymmetric_keys/Makefile | 12 -
crypto/asymmetric_keys/asym_tpm.c | 957 ---------------------
crypto/asymmetric_keys/pkcs7_verify.c | 13 +-
crypto/asymmetric_keys/public_key.c | 126 ++-
crypto/asymmetric_keys/tpm.asn1 | 5 -
crypto/asymmetric_keys/tpm_parser.c | 102 ---
crypto/asymmetric_keys/x509.asn1 | 2 +-
crypto/asymmetric_keys/x509_cert_parser.c | 34 +-
crypto/asymmetric_keys/x509_parser.h | 1 -
crypto/asymmetric_keys/x509_public_key.c | 24 -
drivers/char/tpm/tpm-chip.c | 46 +-
drivers/char/tpm/tpm-dev-common.c | 8 +-
drivers/char/tpm/tpm.h | 2 +
drivers/char/tpm/tpm2-space.c | 73 +-
drivers/char/tpm/xen-tpmfront.c | 8 +-
drivers/firmware/efi/mokvar-table.c | 2 +-
include/crypto/asym_tpm_subtype.h | 19 -
include/keys/system_keyring.h | 14 +
security/integrity/Kconfig | 13 +
security/integrity/Makefile | 1 +
security/integrity/digsig.c | 15 +-
security/integrity/integrity.h | 17 +-
.../integrity/platform_certs/keyring_handler.c | 18 +-
.../integrity/platform_certs/keyring_handler.h | 5 +
security/integrity/platform_certs/load_uefi.c | 4 +-
.../integrity/platform_certs/machine_keyring.c | 77 ++
security/keys/keyctl_pkey.c | 14 +-
security/keys/trusted-keys/trusted_core.c | 6 +-
tools/testing/selftests/tpm2/tpm2.py | 31 +
tools/testing/selftests/tpm2/tpm2_tests.py | 45 +-
32 files changed, 486 insertions(+), 1273 deletions(-)
delete mode 100644 crypto/asymmetric_keys/asym_tpm.c
delete mode 100644 crypto/asymmetric_keys/tpm.asn1
delete mode 100644 crypto/asymmetric_keys/tpm_parser.c
delete mode 100644 include/crypto/asym_tpm_subtype.h
create mode 100644 security/integrity/platform_certs/machine_keyring.c
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-03-14 3:38 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-14 3:36 [GIT PULL] TPM DEVICE DRIVER updates for v5.18 Jarkko Sakkinen
-- strict thread matches above, loose matches on Subject: below --
2022-03-14 3:32 Jarkko Sakkinen
2022-03-14 3:38 ` Jarkko Sakkinen
2022-03-08 12:58 Jarkko Sakkinen
2022-03-08 18:10 ` Eric Biggers
2022-03-08 18:50 ` Jarkko Sakkinen
2022-03-09 23:50 ` Jarkko Sakkinen
2022-03-10 4:20 ` Eric Biggers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.