All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: Eric Snowberg <eric.snowberg@oracle.com>
Cc: "Jarkko Sakkinen" <jarkko.sakkinen@linux.intel.com>,
	"Randy Dunlap" <rdunlap@infradead.org>,
	keyrings@vger.kernel.org,
	"James Bottomley" <James.Bottomley@HansenPartnership.com>,
	"Mickaël Salaün" <mic@digikod.net>,
	"Jarkko Sakkinen" <jarkko@kernel.org>,
	"Arnd Bergmann" <arnd@kernel.org>,
	dhowells@redhat.com, "Jarkko Sakkinen" <jarkko@kernel.org>,
	"Mickaël Salaün" <mic@digikod.net>,
	keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 0/4] keys: Add EFI_CERT_X509_GUID support for dbx/mokx entries
Date: Thu, 25 Feb 2021 20:58:32 +0000	[thread overview]
Message-ID: <161428671215.677100.6372209948022011988.stgit@warthog.procyon.org.uk> (raw)


Here's my take on v5 of Eric Snowberg's patches[1]:

This series of patches adds support for EFI_CERT_X509_GUID entries [2].  It has
been expanded to not only include dbx entries but also entries in the mokx.
Additionally Eric included his patches to preload these certificate [3].

The patches can be found on the following branch:

	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-cve-2020-26541-branch

Changes:
 - I've modified the first patch in the series to fix a configuration
   problem[4][5], to move the added functions to a more logical place within the
   file and to add kerneldoc comments.

Link: https://lore.kernel.org/r/20210122181054.32635-1-eric.snowberg@oracle.com [1]
Link: https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/ [2]
Link: https://lore.kernel.org/patchwork/cover/1315485/ [3]
Link: https://lore.kernel.org/r/bc2c24e3-ed68-2521-0bf4-a1f6be4a895d@infradead.org/ [4]
Link: https://lore.kernel.org/r/20210225125638.1841436-1-arnd@kernel.org/ [5]

David
---
Eric Snowberg (4):
      certs: Add EFI_CERT_X509_GUID support for dbx entries
      certs: Move load_system_certificate_list to a common function
      certs: Add ability to preload revocation certs
      integrity: Load mokx variables into the blacklist keyring


 certs/Kconfig                                 |  8 +++
 certs/Makefile                                | 20 ++++++-
 certs/blacklist.c                             | 17 ++++++
 certs/common.c                                | 56 +++++++++++++++++++
 certs/common.h                                |  9 +++
 certs/revocation_certificates.S               | 21 +++++++
 certs/system_keyring.c                        | 49 +---------------
 scripts/Makefile                              |  1 +
 security/integrity/platform_certs/load_uefi.c | 20 ++++++-
 9 files changed, 150 insertions(+), 51 deletions(-)
 create mode 100644 certs/common.c
 create mode 100644 certs/common.h
 create mode 100644 certs/revocation_certificates.S



             reply	other threads:[~2021-02-25 21:03 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-25 20:58 David Howells [this message]
2021-02-25 20:58 ` [PATCH 1/4] certs: Add EFI_CERT_X509_GUID support for dbx entries David Howells
2021-02-25 20:58 ` [PATCH 2/4] certs: Move load_system_certificate_list to a common function David Howells
2021-02-25 20:58 ` [PATCH 3/4] certs: Add ability to preload revocation certs David Howells
2021-03-03 18:11   ` Nathan Chancellor
2021-02-25 20:59 ` [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring David Howells
2021-03-12 18:39   ` Dimitri John Ledkov
2021-03-12 21:49     ` Eric Snowberg
2021-03-12 23:53       ` Dimitri John Ledkov
2021-03-13  2:36         ` Eric Snowberg
2021-03-13  8:13         ` David Howells
2021-03-13 14:40           ` Eric Snowberg
2021-05-05 10:00             ` Dimitri John Ledkov
2021-03-13 20:27           ` David Howells
2021-02-26  2:50 ` [PATCH 0/4] keys: Add EFI_CERT_X509_GUID support for dbx/mokx entries Eric Snowberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=161428671215.677100.6372209948022011988.stgit@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=arnd@kernel.org \
    --cc=eric.snowberg@oracle.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@digikod.net \
    --cc=rdunlap@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.