lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ff1e9e427e1011976fcf122fa93c2b35d314f89b.camel@linux.ibm.com>
Date:   Thu, 08 Apr 2021 17:34:53 -0400
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Stefan Berger <stefanb@...ux.ibm.com>, keyrings@...r.kernel.org,
        dhowells@...hat.com, jarkko@...nel.org,
        Herbert Xu <herbert@...dor.hengli.com.au>
Cc:     nayna@...ux.ibm.com, linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] certs: Trigger creation of RSA module signing
 key if it's not an RSA key

On Thu, 2021-04-08 at 15:19 -0400, Stefan Berger wrote:
> On 4/8/21 1:15 PM, Mimi Zohar wrote:
> > On Thu, 2021-04-08 at 11:24 -0400, Stefan Berger wrote:
> >> Address a kbuild issue where a developer created an ECDSA key for signing
> >> kernel modules and then builds an older version of the kernel, when bi-
> >> secting the kernel for example, that does not support ECDSA keys.
> >>
> >> Trigger the creation of an RSA module signing key if it is not an RSA key.
> >>
> >> Fixes: cfc411e7fff3 ("Move certificate handling to its own directory")
> >> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
> > Thanks, Stefan.
> >
> > Reviewed-by: Mimi Zohar <zohar@...ux.ibm.com>
> >
> 
> Via which tree will this go upstream? keyrings?

This patch set originally had a dependency on Nayna's v1 & v2 "ima:
kernel build support for loading the kernel module signing key" patch
set and on Herbert's "ecc" branch.  With v3, the dependency on Nayna's
patch set is gone.

Jarkko, David, Herbert did you want to pick up this patch set or would
you prefer that I did?  Either way is fine.

thanks,

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ