| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Aug 2023 20:19:35 +0000
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Jarkko Sakkinen <jarkko@...nel.org>,
Peter Huewe <peterhuewe@....de>,
Jason Gunthorpe <jgg@...pe.ca>,
David Howells <dhowells@...hat.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
Nayna Jain <nayna@...ux.ibm.com>,
Eric Snowberg <eric.snowberg@...cle.com>,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
keyrings@...r.kernel.org
Subject: [GIT PULL] tpmdd changes for v6.6
Merge tag 'nfsd-6.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux (2023-08-17 16:38:48 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-v6.6
for you to fetch changes up to 218a2680624cba1611e3dfc7d9b646d240e5f855:
certs: Reference revocation list for all keyrings (2023-08-17 20:12:41 +0000)
----------------------------------------------------------------
Hi,
Contents:
- Restrict linking of keys to .ima and .evm keyrings based on
digitalSignature attribute in the certificate.
- PowerVM: load machine owner keys into the .machine [1] keyring.
- PowerVM: load module signing keys into the secondary trusted keyring
(keys blessed by the vendor).
- tpm_tis_spi: half-duplex transfer mode
- tpm_tis: retry corrupted transfers
- Apply revocation list (.mokx) to an all system keyrings (e.g. .machine
keyring).
[1] https://blogs.oracle.com/linux/post/the-machine-keyring
BR, Jarkko
----------------------------------------------------------------
Alexander Steffen (3):
tpm_tis: Move CRC check to generic send routine
tpm_tis: Use responseRetry to recover from data transfer errors
tpm_tis: Resend command to recover from data transfer errors
Azeem Shaikh (1):
KEYS: Replace all non-returning strlcpy with strscpy
Colin Ian King (1):
tpm: remove redundant variable len
Eric Snowberg (3):
KEYS: DigitalSignature link restriction
integrity: Enforce digitalSignature usage in the ima and evm keyrings
certs: Reference revocation list for all keyrings
Jarkko Sakkinen (1):
tpm_tis: Revert "tpm_tis: Disable interrupts on ThinkPad T490s"
Krishna Yarlagadda (1):
tpm_tis_spi: Add hardware wait polling
Li Zetao (1):
tpm/tpm_tis_synquacer: Use module_platform_driver macro to simplify the code
Nayna Jain (6):
integrity: PowerVM support for loading CA keys on machine keyring
integrity: ignore keys failing CA restrictions on non-UEFI platform
integrity: remove global variable from machine_keyring.c
integrity: check whether imputed trust is enabled
integrity: PowerVM machine keyring enablement
integrity: PowerVM support for loading third party code signing keys
Documentation/admin-guide/kernel-parameters.txt | 7 ++
certs/system_keyring.c | 91 +++++++++++++++++++--
crypto/asymmetric_keys/restrict.c | 44 ++++++++++
drivers/char/tpm/eventlog/tpm1.c | 3 +-
drivers/char/tpm/tpm_tis.c | 93 +---------------------
drivers/char/tpm/tpm_tis_core.c | 60 ++++++++++----
drivers/char/tpm/tpm_tis_core.h | 1 +
drivers/char/tpm/tpm_tis_spi_main.c | 91 ++++++++++++++++++++-
drivers/char/tpm/tpm_tis_synquacer.c | 18 +----
include/crypto/public_key.h | 12 +++
include/keys/system_keyring.h | 14 ++++
security/integrity/Kconfig | 4 +-
security/integrity/digsig.c | 6 +-
security/integrity/evm/Kconfig | 3 +-
security/integrity/ima/Kconfig | 3 +-
security/integrity/integrity.h | 5 +-
.../integrity/platform_certs/keyring_handler.c | 19 ++++-
.../integrity/platform_certs/keyring_handler.h | 10 +++
security/integrity/platform_certs/load_powerpc.c | 34 ++++++++
.../integrity/platform_certs/machine_keyring.c | 22 ++++-
security/keys/request_key_auth.c | 2 +-
21 files changed, 394 insertions(+), 148 deletions(-)
Powered by blists - more mailing lists