Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Stefan Berger <stefanb@linux.ibm.com>,
	keyrings@vger.kernel.org, dhowells@redhat.com, jarkko@kernel.org,
	Herbert Xu <herbert@gondor.hengli.com.au>
Cc: nayna@linux.ibm.com, linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] certs: Trigger creation of RSA module signing key if it's not an RSA key
Date: Thu, 08 Apr 2021 17:34:53 -0400
Message-ID: <ff1e9e427e1011976fcf122fa93c2b35d314f89b.camel@linux.ibm.com> (raw)
In-Reply-To: <b04939a3-c9e5-faf2-ec7b-27127b2ab41d@linux.ibm.com>

On Thu, 2021-04-08 at 15:19 -0400, Stefan Berger wrote:
> On 4/8/21 1:15 PM, Mimi Zohar wrote:
> > On Thu, 2021-04-08 at 11:24 -0400, Stefan Berger wrote:
> >> Address a kbuild issue where a developer created an ECDSA key for signing
> >> kernel modules and then builds an older version of the kernel, when bi-
> >> secting the kernel for example, that does not support ECDSA keys.
> >>
> >> Trigger the creation of an RSA module signing key if it is not an RSA key.
> >>
> >> Fixes: cfc411e7fff3 ("Move certificate handling to its own directory")
> >> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> > Thanks, Stefan.
> >
> > Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> >
> 
> Via which tree will this go upstream? keyrings?

This patch set originally had a dependency on Nayna's v1 & v2 "ima:
kernel build support for loading the kernel module signing key" patch
set and on Herbert's "ecc" branch.  With v3, the dependency on Nayna's
patch set is gone.

Jarkko, David, Herbert did you want to pick up this patch set or would
you prefer that I did?  Either way is fine.

thanks,

Mimi


  reply index

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-08 15:24 [PATCH v2 0/2] Add support for ECDSA-signed kernel modules Stefan Berger
2021-04-08 15:24 ` [PATCH v2 1/2] certs: Trigger creation of RSA module signing key if it's not an RSA key Stefan Berger
2021-04-08 17:15   ` Mimi Zohar
2021-04-08 19:19     ` Stefan Berger
2021-04-08 21:34       ` Mimi Zohar [this message]
2021-04-08 15:24 ` [PATCH v2 2/2] certs: Add support for using elliptic curve keys for signing modules Stefan Berger
2021-04-08 17:15   ` Mimi Zohar
2021-04-20 14:03   ` Jessica Yu
2021-04-20 21:02     ` Stefan Berger
2021-04-21 12:52       ` Jessica Yu
2021-04-21 12:54         ` Stefan Berger
2021-04-21 12:58           ` Jessica Yu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ff1e9e427e1011976fcf122fa93c2b35d314f89b.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.hengli.com.au \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=nayna@linux.ibm.com \
    --cc=stefanb@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git