lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210122181054.32635-1-eric.snowberg@oracle.com>
Date:   Fri, 22 Jan 2021 13:10:50 -0500
From:   Eric Snowberg <eric.snowberg@...cle.com>
To:     dhowells@...hat.com, dwmw2@...radead.org, jarkko@...nel.org,
        James.Bottomley@...senPartnership.com
Cc:     masahiroy@...nel.org, michal.lkml@...kovi.net, jmorris@...ei.org,
        serge@...lyn.com, eric.snowberg@...cle.com, ardb@...nel.org,
        zohar@...ux.ibm.com, lszubowi@...hat.com, javierm@...hat.com,
        keyrings@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-kbuild@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [PATCH v5 0/4] Add EFI_CERT_X509_GUID support for dbx/mokx entries

This is the fifth patch series for adding support for 
EFI_CERT_X509_GUID entries [1].  It has been expanded to not only include
dbx entries but also entries in the mokx.  Additionally my series to
preload these certificate [2] has also been included.

This series is based on v5.11-rc4.

[1] https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/
[2] https://lore.kernel.org/patchwork/cover/1315485/

Eric Snowberg (4):
  certs: Add EFI_CERT_X509_GUID support for dbx entries
  certs: Move load_system_certificate_list to a common function
  certs: Add ability to preload revocation certs
  integrity: Load mokx variables into the blacklist keyring

 certs/Kconfig                                 |  8 +++
 certs/Makefile                                | 20 ++++++-
 certs/blacklist.c                             | 49 ++++++++++++++++
 certs/blacklist.h                             | 12 ++++
 certs/common.c                                | 56 +++++++++++++++++++
 certs/common.h                                |  9 +++
 certs/revocation_certificates.S               | 21 +++++++
 certs/system_keyring.c                        | 55 +++---------------
 include/keys/system_keyring.h                 | 11 ++++
 scripts/Makefile                              |  1 +
 .../platform_certs/keyring_handler.c          | 11 ++++
 security/integrity/platform_certs/load_uefi.c | 20 ++++++-
 12 files changed, 222 insertions(+), 51 deletions(-)
 create mode 100644 certs/common.c
 create mode 100644 certs/common.h
 create mode 100644 certs/revocation_certificates.S


base-commit: 19c329f6808995b142b3966301f217c831e7cf31
-- 
2.18.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ