From: David Howells <dhowells@redhat.com>
To: Eric Snowberg <eric.snowberg@oracle.com>
Cc: "Jarkko Sakkinen" <jarkko.sakkinen@linux.intel.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
keyrings@vger.kernel.org,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Mickaël Salaün" <mic@digikod.net>,
"Jarkko Sakkinen" <jarkko@kernel.org>,
"Arnd Bergmann" <arnd@kernel.org>,
dhowells@redhat.com, "Jarkko Sakkinen" <jarkko@kernel.org>,
"Mickaël Salaün" <mic@digikod.net>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 0/4] keys: Add EFI_CERT_X509_GUID support for dbx/mokx entries
Date: Thu, 25 Feb 2021 20:58:32 +0000 [thread overview]
Message-ID: <161428671215.677100.6372209948022011988.stgit@warthog.procyon.org.uk> (raw)
Here's my take on v5 of Eric Snowberg's patches[1]:
This series of patches adds support for EFI_CERT_X509_GUID entries [2]. It has
been expanded to not only include dbx entries but also entries in the mokx.
Additionally Eric included his patches to preload these certificate [3].
The patches can be found on the following branch:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-cve-2020-26541-branch
Changes:
- I've modified the first patch in the series to fix a configuration
problem[4][5], to move the added functions to a more logical place within the
file and to add kerneldoc comments.
Link: https://lore.kernel.org/r/20210122181054.32635-1-eric.snowberg@oracle.com [1]
Link: https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/ [2]
Link: https://lore.kernel.org/patchwork/cover/1315485/ [3]
Link: https://lore.kernel.org/r/bc2c24e3-ed68-2521-0bf4-a1f6be4a895d@infradead.org/ [4]
Link: https://lore.kernel.org/r/20210225125638.1841436-1-arnd@kernel.org/ [5]
David
---
Eric Snowberg (4):
certs: Add EFI_CERT_X509_GUID support for dbx entries
certs: Move load_system_certificate_list to a common function
certs: Add ability to preload revocation certs
integrity: Load mokx variables into the blacklist keyring
certs/Kconfig | 8 +++
certs/Makefile | 20 ++++++-
certs/blacklist.c | 17 ++++++
certs/common.c | 56 +++++++++++++++++++
certs/common.h | 9 +++
certs/revocation_certificates.S | 21 +++++++
certs/system_keyring.c | 49 +---------------
scripts/Makefile | 1 +
security/integrity/platform_certs/load_uefi.c | 20 ++++++-
9 files changed, 150 insertions(+), 51 deletions(-)
create mode 100644 certs/common.c
create mode 100644 certs/common.h
create mode 100644 certs/revocation_certificates.S
next reply other threads:[~2021-02-25 21:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-25 20:58 David Howells [this message]
2021-02-25 20:58 ` [PATCH 1/4] certs: Add EFI_CERT_X509_GUID support for dbx entries David Howells
2021-02-25 20:58 ` [PATCH 2/4] certs: Move load_system_certificate_list to a common function David Howells
2021-02-25 20:58 ` [PATCH 3/4] certs: Add ability to preload revocation certs David Howells
2021-03-03 18:11 ` Nathan Chancellor
2021-02-25 20:59 ` [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring David Howells
2021-03-12 18:39 ` Dimitri John Ledkov
2021-03-12 21:49 ` Eric Snowberg
2021-03-12 23:53 ` Dimitri John Ledkov
2021-03-13 2:36 ` Eric Snowberg
2021-03-13 8:13 ` David Howells
2021-03-13 14:40 ` Eric Snowberg
2021-05-05 10:00 ` Dimitri John Ledkov
2021-03-13 20:27 ` David Howells
2021-02-26 2:50 ` [PATCH 0/4] keys: Add EFI_CERT_X509_GUID support for dbx/mokx entries Eric Snowberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=161428671215.677100.6372209948022011988.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=arnd@kernel.org \
--cc=eric.snowberg@oracle.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=rdunlap@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.