From: Jarkko Sakkinen <jarkko@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
keyrings@vger.kernel.org, "James Morris" <jmorris@namei.org>,
"David Howells" <dhowells@redhat.com>,
"Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4
Date: Wed, 20 Apr 2022 06:10:59 +0300 [thread overview]
Message-ID: <Yl95wykQMHc/tIq8@kernel.org> (raw)
Hi,
Mickaël's patches to add signed hash to the blacklist keyring that were
left out from the original v5.18 PR. They should be safe to include to
rc4 as they've been in circulation for ages, and have been tested
throughly.
BR, Jarkko
The following changes since commit b7f73403a3e922c20bb278ba3cfcc3c61930d82a:
Merge tag 'spi-fix-v5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi (2022-04-19 10:30:43 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18-rc4
for you to fetch changes up to fad7eba9464e58146ccc458afcf6f0667b5b27f8:
certs: Explain the rationale to call panic() (2022-04-19 22:11:56 +0300)
----------------------------------------------------------------
tpmdd updates for Linux v5.18-rc4
----------------------------------------------------------------
Mickaël Salaün (6):
tools/certs: Add print-cert-tbs-hash.sh
certs: Factor out the blacklist hash creation
certs: Make blacklist_vet_description() more strict
certs: Check that builtin blacklist hashes are valid
certs: Allow root user to append signed hashes to the blacklist keyring
certs: Explain the rationale to call panic()
MAINTAINERS | 2 +
certs/.gitignore | 1 +
certs/Kconfig | 17 +-
certs/Makefile | 14 +-
certs/blacklist.c | 227 ++++++++++++++++-----
crypto/asymmetric_keys/x509_public_key.c | 3 +-
include/keys/system_keyring.h | 14 +-
scripts/check-blacklist-hashes.awk | 37 ++++
.../integrity/platform_certs/keyring_handler.c | 26 +--
tools/certs/print-cert-tbs-hash.sh | 91 +++++++++
10 files changed, 352 insertions(+), 80 deletions(-)
create mode 100755 scripts/check-blacklist-hashes.awk
create mode 100755 tools/certs/print-cert-tbs-hash.sh
next reply other threads:[~2022-04-20 3:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-20 3:10 Jarkko Sakkinen [this message]
2022-04-20 10:47 ` [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4 David Howells
2022-04-21 15:14 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yl95wykQMHc/tIq8@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mic@linux.microsoft.com \
--cc=peterhuewe@gmx.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.