lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200515204700.GC11244@42.do-not-panic.com>
Date:   Fri, 15 May 2020 20:47:00 +0000
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Mimi Zohar <zohar@...nel.org>
Cc:     Scott Branden <scott.branden@...adcom.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        David Brown <david.brown@...aro.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Shuah Khan <shuah@...nel.org>, bjorn.andersson@...aro.org,
        Shuah Khan <skhan@...uxfoundation.org>,
        Arnd Bergmann <arnd@...db.de>,
        "Rafael J . Wysocki" <rafael@...nel.org>,
        linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org,
        linux-fsdevel@...r.kernel.org,
        BCM Kernel Feedback <bcm-kernel-feedback-list@...adcom.com>,
        Olof Johansson <olof@...om.net>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Colin Ian King <colin.king@...onical.com>,
        Kees Cook <keescook@...omium.org>,
        Takashi Iwai <tiwai@...e.de>, linux-kselftest@...r.kernel.org,
        Andy Gross <agross@...nel.org>
Subject: Re: [PATCH v5 0/7] firmware: add partial read support in
 request_firmware_into_buf

On Wed, May 13, 2020 at 12:23:59PM -0400, Mimi Zohar wrote:
> Hi Scott,
> 
> On Thu, 2020-05-07 at 17:27 -0700, Scott Branden wrote:
> > Please consider this version series ready for upstream acceptance.
> > 
> > This patch series adds partial read support in request_firmware_into_buf.
> > In order to accept the enhanced API it has been requested that kernel
> > selftests and upstreamed driver utilize the API enhancement and so
> > are included in this patch series.
> > 
> > Also in this patch series is the addition of a new Broadcom VK driver
> > utilizing the new request_firmware_into_buf enhanced API.
> 
> Up to now, the firmware blob was read into memory allowing IMA to
> verify the file signature.  With this change, ima_post_read_file()
> will not be able to verify the file signature.
> 
> (I don't think any of the other LSMs are on this hook, but you might
> want to Cc the LSM or integrity mailing list.)

Scott, so it sounds we need a resolution for pread for IMA for file
signature verification. It seems that can be addressed though. Feel
free to submit the u32 flag changes which you picked up on though in
the meantime.

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ