| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Jan 2021 13:10:50 -0500
From: Eric Snowberg <eric.snowberg@...cle.com>
To: dhowells@...hat.com, dwmw2@...radead.org, jarkko@...nel.org,
James.Bottomley@...senPartnership.com
Cc: masahiroy@...nel.org, michal.lkml@...kovi.net, jmorris@...ei.org,
serge@...lyn.com, eric.snowberg@...cle.com, ardb@...nel.org,
zohar@...ux.ibm.com, lszubowi@...hat.com, javierm@...hat.com,
keyrings@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kbuild@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [PATCH v5 0/4] Add EFI_CERT_X509_GUID support for dbx/mokx entries
This is the fifth patch series for adding support for
EFI_CERT_X509_GUID entries [1]. It has been expanded to not only include
dbx entries but also entries in the mokx. Additionally my series to
preload these certificate [2] has also been included.
This series is based on v5.11-rc4.
[1] https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/
[2] https://lore.kernel.org/patchwork/cover/1315485/
Eric Snowberg (4):
certs: Add EFI_CERT_X509_GUID support for dbx entries
certs: Move load_system_certificate_list to a common function
certs: Add ability to preload revocation certs
integrity: Load mokx variables into the blacklist keyring
certs/Kconfig | 8 +++
certs/Makefile | 20 ++++++-
certs/blacklist.c | 49 ++++++++++++++++
certs/blacklist.h | 12 ++++
certs/common.c | 56 +++++++++++++++++++
certs/common.h | 9 +++
certs/revocation_certificates.S | 21 +++++++
certs/system_keyring.c | 55 +++---------------
include/keys/system_keyring.h | 11 ++++
scripts/Makefile | 1 +
.../platform_certs/keyring_handler.c | 11 ++++
security/integrity/platform_certs/load_uefi.c | 20 ++++++-
12 files changed, 222 insertions(+), 51 deletions(-)
create mode 100644 certs/common.c
create mode 100644 certs/common.h
create mode 100644 certs/revocation_certificates.S
base-commit: 19c329f6808995b142b3966301f217c831e7cf31
--
2.18.4
Powered by blists - more mailing lists