[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140709160349.GA5292@pd.tnic>
Date: Wed, 9 Jul 2014 18:03:49 +0200
From: Borislav Petkov <bp@...en8.de>
To: David Howells <dhowells@...hat.com>,
Vivek Goyal <vgoyal@...hat.com>
Cc: keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org,
kexec@...ts.infradead.org, linux-kernel@...r.kernel.org,
x86-ml <x86@...nel.org>
Subject: Re: [PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for
kexec
Hi David,
On Wed, Jul 09, 2014 at 04:15:25PM +0100, David Howells wrote:
> David Howells (16):
> X.509: Add bits needed for PKCS#7
> X.509: Export certificate parse and free functions
> PKCS#7: Implement a parser [RFC 2315]
> PKCS#7: Digest the data in a signed-data message
> PKCS#7: Find the right key in the PKCS#7 key list and verify the signature
> PKCS#7: Verify internal certificate chain
> PKCS#7: Find intersection between PKCS#7 message and known, trusted keys
> PKCS#7: Provide a key type for testing PKCS#7
> KEYS: X.509: Fix a spelling mistake
> Provide PE binary definitions
> pefile: Parse a PE binary to find a key and a signature contained therein
> pefile: Strip the wrapper off of the cert data block
> pefile: Parse the presumed PKCS#7 content of the certificate blob
> pefile: Parse the "Microsoft individual code signing" data blob
> pefile: Digest the PE binary and compare to the PKCS#7 data
> pefile: Validate PKCS#7 trust chain
>
> Vivek Goyal (1):
> pefile: Handle pesign using the wrong OID
let me see if I get this straight:
this current submission is supposed to replace
http://lkml.kernel.org/r/20140708131504.28621.61165.stgit@warthog.procyon.org.uk
and Vivek's one:
http://lkml.kernel.org/r/1404421641-12691-1-git-send-email-vgoyal@redhat.com
(which added those parsers to arch/x86/kernel/ - not a good place anyway.)
?
The kexec bits with the sig verif will come ontop, it seems. What's the
story guys?
Thanks.
--
Regards/Gruss,
Boris.
Sent from a fat crate under my desk. Formatting is fine.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists