lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wj-BW=C8mFr5mWEYyjgngLoq2N6PZ-RKtiL7X-e93poHw@mail.gmail.com>
Date:   Sat, 30 Nov 2019 14:42:45 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Michael Ellerman <mpe@...erman.id.au>,
        Mimi Zohar <zohar@...ux.ibm.com>
Cc:     ajd@...ux.ibm.com, alastair@...ilva.org,
        "Aneesh Kumar K.V" <aneesh.kumar@...ux.ibm.com>,
        asteinhauser@...gle.com, Bjorn Helgaas <bhelgaas@...gle.com>,
        Qian Cai <cai@....pw>, chris.packham@...iedtelesis.co.nz,
        chris.smart@...anservices.gov.au,
        Christophe Leroy <christophe.leroy@....fr>, clg@...d.org,
        cmr@...ormatik.wtf, David Hildenbrand <david@...hat.com>,
        debmc@...ux.vnet.ibm.com,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        gwalbon@...ux.ibm.com, harish@...ux.ibm.com,
        hbathini@...ux.ibm.com, Christoph Hellwig <hch@....de>,
        krzk@...nel.org, leonardo@...ux.ibm.com,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        linuxppc-dev@...ts.ozlabs.org, linuxram@...ibm.com,
        madalin.bucur@....com, Mathieu Malaterre <malat@...ian.org>,
        msuchanek@...e.de, Nathan Chancellor <natechancellor@...il.com>,
        nathanl@...ux.ibm.com, Nayna Jain <nayna@...ux.ibm.com>,
        Nick Piggin <npiggin@...il.com>,
        "Oliver O'Halloran" <oohall@...il.com>, oss@...error.net,
        ravi.bangoria@...ux.ibm.com, Russell Currey <ruscur@...sell.cc>,
        sbobroff@...ux.ibm.com, thuth@...hat.com, tyreld@...ux.ibm.com,
        vaibhav@...ux.ibm.com, valentin@...gchamp.me, yanaijie@...wei.com,
        YueHaibing <yuehaibing@...wei.com>
Subject: Re: [GIT PULL] Please pull powerpc/linux.git powerpc-5.5-1 tag

[ Only tangentially related to the power parts ]

On Sat, Nov 30, 2019 at 2:41 AM Michael Ellerman <mpe@...erman.id.au> wrote:
>
> There's some changes in security/integrity as part of the secure boot work. They
> were all either written by or acked/reviewed by Mimi.

  -#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390)
  +#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) \
  + || defined(CONFIG_PPC_SECURE_BOOT)

This clearly should be its own CONFIG variable, and be generated by
having the different architectures just select it.

IOW, IMA should probably have a

   config IMA_SECURE_BOOT

and then s390 would just do the select unconditionally, while x86 and
ppc would do

  select IMA_SECURE_BOOT if EFI

and

  select IMA_SECURE_BOOT if PPC_SECURE_BOOT

respectively.

And then we wouldn't have random architectures adding random "me me me
tooo!!!" type code.

               Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ