[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <41707c7dd9705b8bb04a6d56aee349ff17c4af50.camel@linux.ibm.com>
Date: Mon, 10 Jan 2022 17:02:02 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-integrity <linux-integrity@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] integrity subsystem updates for v5.17
Hi Linus,
The few changes are all kexec related:
- The MOK keys are loaded onto the .platform keyring in order to verify
the kexec kernel image signature. However, the MOK keys should only be
trusted when secure boot is enable. Before loading the MOK keys onto
the .platform keyring, make sure the system is booted in secure boot
mode.
- When carrying the IMA measurement list across kexec, limit dumping
the measurement list to when dynamic debug or CONFIG_DEBUG is enabled.
- kselftest: add kexec_file_load selftest support for PowerNV and other
cleanup.
thanks,
Mimi
The following changes since commit 136057256686de39cc3a07c2e39ef6bc43003ff6:
Linux 5.16-rc2 (2021-11-21 13:47:39 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.17
for you to fetch changes up to 65e38e32a959dbbb0bf5cf1ae699789f81759be6:
selftests/kexec: Enable secureboot tests for PowerPC (2022-01-05 11:44:57 -0500)
----------------------------------------------------------------
integrity-v5.17
----------------------------------------------------------------
Bruno Meneguele (1):
ima: silence measurement list hexdump during kexec
Lee, Chun-Yi (1):
integrity: Do not load MOK and MOKx when secure boot be disabled
Mimi Zohar (2):
selftest/kexec: fix "ignored null byte in input" warning
selftests/kexec: update searching for the Kconfig
Nageswara R Sastry (1):
selftests/kexec: Enable secureboot tests for PowerPC
Takashi Iwai (1):
ima: Fix undefined arch_ima_get_secureboot() and co
include/linux/ima.h | 30 ++++++-------
security/integrity/ima/ima_kexec.c | 6 +--
security/integrity/platform_certs/load_uefi.c | 5 +++
tools/testing/selftests/kexec/Makefile | 2 +-
tools/testing/selftests/kexec/kexec_common_lib.sh | 51 +++++++++++++++++-----
.../selftests/kexec/test_kexec_file_load.sh | 13 ++++--
6 files changed, 74 insertions(+), 33 deletions(-)
Powered by blists - more mailing lists