lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <223e46039b44b2f31814be02a3c2b75e84af3823.camel@linux.ibm.com>
Date:   Tue, 24 May 2022 16:46:10 -0400
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-integrity <linux-integrity@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] integrity subsystem updates for v5.19

Hi Linus,

New is IMA support for including fs-verity file digests and signatures
in the IMA
measurement list as well as verifying the fs-verity file digest based
signatures, both based on policy.

In addition, are two bug fixes:
- avoid reading UEFI variables, which cause a page fault, on Apple Macs
with T2 chips.
- remove the original "ima" template Kconfig option to address a boot
command line ordering issue.

The rest is a mixture of code/documentation cleanup.

thanks,

Mimi

The following changes since commit 3123109284176b1532874591f7c81f3837bbdc17:

  Linux 5.18-rc1 (2022-04-03 14:08:21 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.19

for you to fetch changes up to 048ae41bb0806cde340f4e5d5030398037ab0be8:

  integrity: Fix sparse warnings in keyring_handler (2022-05-16 17:06:16 -0400)

----------------------------------------------------------------
integrity-v5.19

----------------------------------------------------------------
Aditya Garg (1):
      efi: Do not import certificates from UEFI Secure Boot for T2 Macs

Colin Ian King (1):
      ima: remove redundant initialization of pointer 'file'.

GUO Zihua (1):
      ima: remove the IMA_TEMPLATE Kconfig option

Mimi Zohar (8):
      ima: fix 'd-ng' comments and documentation
      ima: use IMA default hash algorithm for integrity violations
      fs-verity: define a function to return the integrity protected file digest
      ima: define a new template field named 'd-ngv2' and templates
      ima: permit fsverity's file digests in the IMA measurement list
      ima: support fs-verity file digest based version 3 signatures
      fsverity: update the documentation
      Merge branch 'next-integrity.fsverity-v9' into next-integrity

Stefan Berger (3):
      evm: Return INTEGRITY_PASS for enum integrity_status value '0'
      evm: Clean up some variables
      integrity: Fix sparse warnings in keyring_handler

 Documentation/ABI/testing/ima_policy               |  45 +++++++-
 Documentation/admin-guide/kernel-parameters.txt    |   3 +-
 Documentation/filesystems/fsverity.rst             |  35 ++++---
 Documentation/security/IMA-templates.rst           |  11 +-
 fs/verity/Kconfig                                  |   1 +
 fs/verity/fsverity_private.h                       |   7 --
 fs/verity/measure.c                                |  43 ++++++++
 include/linux/fsverity.h                           |  18 ++++
 security/integrity/digsig.c                        |   3 +-
 security/integrity/evm/evm.h                       |   3 -
 security/integrity/evm/evm_crypto.c                |   2 +-
 security/integrity/evm/evm_main.c                  |   2 +-
 security/integrity/ima/Kconfig                     |  14 ++-
 security/integrity/ima/ima_api.c                   |  47 ++++++++-
 security/integrity/ima/ima_appraise.c              | 114 ++++++++++++++++++++-
 security/integrity/ima/ima_main.c                  |   4 +-
 security/integrity/ima/ima_policy.c                |  82 +++++++++++++--
 security/integrity/ima/ima_template.c              |   4 +
 security/integrity/ima/ima_template_lib.c          |  94 ++++++++++++++---
 security/integrity/ima/ima_template_lib.h          |   4 +
 security/integrity/integrity.h                     |  27 ++++-
 .../integrity/platform_certs/keyring_handler.c     |   6 +-
 .../integrity/platform_certs/keyring_handler.h     |   8 ++
 security/integrity/platform_certs/load_uefi.c      |  33 ++++++
 24 files changed, 531 insertions(+), 79 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ