lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Yl95wykQMHc/tIq8@kernel.org>
Date:   Wed, 20 Apr 2022 06:10:59 +0300
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org,
        keyrings@...r.kernel.org, James Morris <jmorris@...ei.org>,
        David Howells <dhowells@...hat.com>,
        Peter Huewe <peterhuewe@....de>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Mickaël Salaün <mic@...ux.microsoft.com>
Subject: [GIT PULL] TPM DEVICE DRIVER updates for tpmdd-next-v5.18-rc4

Hi,

Mickaël's patches to add signed hash to the blacklist keyring that were
left out from the original v5.18 PR. They should be safe to include to
rc4 as they've been in circulation for ages, and have been tested
throughly.

BR, Jarkko

The following changes since commit b7f73403a3e922c20bb278ba3cfcc3c61930d82a:

  Merge tag 'spi-fix-v5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi (2022-04-19 10:30:43 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18-rc4

for you to fetch changes up to fad7eba9464e58146ccc458afcf6f0667b5b27f8:

  certs: Explain the rationale to call panic() (2022-04-19 22:11:56 +0300)

----------------------------------------------------------------
tpmdd updates for Linux v5.18-rc4

----------------------------------------------------------------
Mickaël Salaün (6):
      tools/certs: Add print-cert-tbs-hash.sh
      certs: Factor out the blacklist hash creation
      certs: Make blacklist_vet_description() more strict
      certs: Check that builtin blacklist hashes are valid
      certs: Allow root user to append signed hashes to the blacklist keyring
      certs: Explain the rationale to call panic()

 MAINTAINERS                                        |   2 +
 certs/.gitignore                                   |   1 +
 certs/Kconfig                                      |  17 +-
 certs/Makefile                                     |  14 +-
 certs/blacklist.c                                  | 227 ++++++++++++++++-----
 crypto/asymmetric_keys/x509_public_key.c           |   3 +-
 include/keys/system_keyring.h                      |  14 +-
 scripts/check-blacklist-hashes.awk                 |  37 ++++
 .../integrity/platform_certs/keyring_handler.c     |  26 +--
 tools/certs/print-cert-tbs-hash.sh                 |  91 +++++++++
 10 files changed, 352 insertions(+), 80 deletions(-)
 create mode 100755 scripts/check-blacklist-hashes.awk
 create mode 100755 tools/certs/print-cert-tbs-hash.sh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ