lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 18 May 2015 17:45:23 -0700
From:	"Luis R. Rodriguez" <mcgrof@...not-panic.com>
To:	ming.lei@...onical.com
Cc:	rusty@...tcorp.com.au, torvalds@...ux-foundation.org,
	dhowells@...hat.com, seth.forshee@...onical.com,
	linux-kernel@...r.kernel.org, pebolle@...cali.nl,
	linux-wireless@...r.kernel.org, gregkh@...uxfoundation.org,
	jlee@...e.com, tiwai@...e.de, casey@...aufler-ca.com,
	keescook@...omium.org, mjg59@...f.ucam.org,
	akpm@...ux-foundation.org, "Luis R. Rodriguez" <mcgrof@...e.com>
Subject: [RFC v3 0/2] firmware: add PKCS#7 firmware signature support

From: "Luis R. Rodriguez" <mcgrof@...e.com>

This is the third iteration of RFCs for firmware signature suppport.
Upon review through discussions on the threads and IRC it seems folks are
generally OK with this now. This is rebased on top of David's latest pkcs7
branch but also depends on a series of patches which Rusty has said he
already applied but not yet visible on linux-next. It also has a series of
fixes posted by not yet in any tree nor has anyone claimed. Since the delta
is quite big in order to help folks review and test I've put up a branch
with all pending patches and requirements merged, you should use the
fw-signing-v3-20150518 branch on this tree:

https://git.kernel.org/cgit/linux/kernel/git/mcgrof/linux.git/

This is based on Linus' tree as base.

Changes on this v3 since the last v2 series:

  * Updated to David's latest pkcs7 branch
  * Dropped patches based on the above re-work
  * Avoid recommending use of scripts/sign-file to sign
    firmware as openssl can be used directly
  * Change expected file extension to be foo.bin.p7s, and
    update documentation to reflect this and how folks
    can let the kernel trust a key for fw signing.
  * Drop crypto qat work arounds - no longer needed

Luis R. Rodriguez (2):
  firmware: generalize reading file contents as a helper
  firmware: add firmware signature checking support

 Documentation/firmware_class/signing.txt |  90 ++++++++++++
 drivers/base/Kconfig                     |  18 +++
 drivers/base/firmware_class.c            | 236 +++++++++++++++++++++++++++++--
 3 files changed, 334 insertions(+), 10 deletions(-)
 create mode 100644 Documentation/firmware_class/signing.txt

-- 
2.3.2.209.gd67f9d5.dirty

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ