From: Mimi Zohar <zohar@linux.ibm.com>
To: Stefan Berger <stefanb@linux.ibm.com>,
keyrings@vger.kernel.org, dhowells@redhat.com, jarkko@kernel.org,
Herbert Xu <herbert@gondor.hengli.com.au>
Cc: nayna@linux.ibm.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] certs: Trigger creation of RSA module signing key if it's not an RSA key
Date: Thu, 08 Apr 2021 17:34:53 -0400 [thread overview]
Message-ID: <ff1e9e427e1011976fcf122fa93c2b35d314f89b.camel@linux.ibm.com> (raw)
In-Reply-To: <b04939a3-c9e5-faf2-ec7b-27127b2ab41d@linux.ibm.com>
On Thu, 2021-04-08 at 15:19 -0400, Stefan Berger wrote:
> On 4/8/21 1:15 PM, Mimi Zohar wrote:
> > On Thu, 2021-04-08 at 11:24 -0400, Stefan Berger wrote:
> >> Address a kbuild issue where a developer created an ECDSA key for signing
> >> kernel modules and then builds an older version of the kernel, when bi-
> >> secting the kernel for example, that does not support ECDSA keys.
> >>
> >> Trigger the creation of an RSA module signing key if it is not an RSA key.
> >>
> >> Fixes: cfc411e7fff3 ("Move certificate handling to its own directory")
> >> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> > Thanks, Stefan.
> >
> > Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> >
>
> Via which tree will this go upstream? keyrings?
This patch set originally had a dependency on Nayna's v1 & v2 "ima:
kernel build support for loading the kernel module signing key" patch
set and on Herbert's "ecc" branch. With v3, the dependency on Nayna's
patch set is gone.
Jarkko, David, Herbert did you want to pick up this patch set or would
you prefer that I did? Either way is fine.
thanks,
Mimi
next prev parent reply other threads:[~2021-04-08 21:35 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-08 15:24 [PATCH v2 0/2] Add support for ECDSA-signed kernel modules Stefan Berger
2021-04-08 15:24 ` [PATCH v2 1/2] certs: Trigger creation of RSA module signing key if it's not an RSA key Stefan Berger
2021-04-08 17:15 ` Mimi Zohar
2021-04-08 19:19 ` Stefan Berger
2021-04-08 21:34 ` Mimi Zohar [this message]
2021-04-08 15:24 ` [PATCH v2 2/2] certs: Add support for using elliptic curve keys for signing modules Stefan Berger
2021-04-08 17:15 ` Mimi Zohar
2021-04-20 14:03 ` Jessica Yu
2021-04-20 21:02 ` Stefan Berger
2021-04-21 12:52 ` Jessica Yu
2021-04-21 12:54 ` Stefan Berger
2021-04-21 12:58 ` Jessica Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff1e9e427e1011976fcf122fa93c2b35d314f89b.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.hengli.com.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.