Message ID | 20210712170313.884724-1-mic@digikod.net |
---|---|
Headers | show |
Series | Enable root to update the blacklist keyring | expand |
Hi Jarkko, Since everyone seems OK with this and had plenty of time to complain, could you please take this patch series in your tree? It still applies on v5.16-rc5 and it is really important to us. Please let me know if you need something more. Regards, Mickaël On 12/07/2021 19:03, Mickaël Salaün wrote: > Hi, > > This new patch series is a rebase on v5.14-rc1 . David or Jarkko, if > it's still OK with you, could you please push this to linux-next? > > I successfully tested this patch series with the 211 entries from > https://uefi.org/sites/default/files/resources/dbxupdate_x64.bin > > The goal of these patches is to add a new configuration option to enable the > root user to load signed keys in the blacklist keyring. This keyring is useful > to "untrust" certificates or files. Enabling to safely update this keyring > without recompiling the kernel makes it more usable. > > Previous patch series: > https://lore.kernel.org/lkml/20210312171232.2681989-1-mic@digikod.net/ > > Regards, > > Mickaël Salaün (5): > tools/certs: Add print-cert-tbs-hash.sh > certs: Check that builtin blacklist hashes are valid > certs: Make blacklist_vet_description() more strict > certs: Factor out the blacklist hash creation > certs: Allow root user to append signed hashes to the blacklist > keyring > > MAINTAINERS | 2 + > certs/.gitignore | 1 + > certs/Kconfig | 17 +- > certs/Makefile | 17 +- > certs/blacklist.c | 218 ++++++++++++++---- > crypto/asymmetric_keys/x509_public_key.c | 3 +- > include/keys/system_keyring.h | 14 +- > scripts/check-blacklist-hashes.awk | 37 +++ > .../platform_certs/keyring_handler.c | 26 +-- > tools/certs/print-cert-tbs-hash.sh | 91 ++++++++ > 10 files changed, 346 insertions(+), 80 deletions(-) > create mode 100755 scripts/check-blacklist-hashes.awk > create mode 100755 tools/certs/print-cert-tbs-hash.sh > > > base-commit: e73f0f0ee7541171d89f2e2491130c7771ba58d3 >
On 21/12/2021 09:50, Jarkko Sakkinen wrote: > On Mon, Dec 13, 2021 at 04:30:29PM +0100, Mickaël Salaün wrote: >> Hi Jarkko, >> >> Since everyone seems OK with this and had plenty of time to complain, could >> you please take this patch series in your tree? It still applies on >> v5.16-rc5 and it is really important to us. Please let me know if you need >> something more. >> >> Regards, >> Mickaël > > I'm off-work up until end of the year, i.e. I will address only important > bug fixes and v5.16 up until that. > > If any of the patches is yet missing my ack, feel free to > > Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Thanks Jarkko. Can you please take it into your tree? Regards, Mickaël
On 06/01/2022 20:16, Jarkko Sakkinen wrote: > On Thu, Jan 06, 2022 at 09:12:22PM +0200, Jarkko Sakkinen wrote: >> On Tue, Jan 04, 2022 at 04:56:36PM +0100, Mickaël Salaün wrote: >>> >>> On 21/12/2021 09:50, Jarkko Sakkinen wrote: >>>> On Mon, Dec 13, 2021 at 04:30:29PM +0100, Mickaël Salaün wrote: >>>>> Hi Jarkko, >>>>> >>>>> Since everyone seems OK with this and had plenty of time to complain, could >>>>> you please take this patch series in your tree? It still applies on >>>>> v5.16-rc5 and it is really important to us. Please let me know if you need >>>>> something more. >>>>> >>>>> Regards, >>>>> Mickaël >>>> >>>> I'm off-work up until end of the year, i.e. I will address only important >>>> bug fixes and v5.16 up until that. >>>> >>>> If any of the patches is yet missing my ack, feel free to >>>> >>>> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> >>> >>> Thanks Jarkko. Can you please take it into your tree? >> >> I can yes, as I need to anyway do a revised PR for v5.17, as one commit >> in my first trial had a truncated fixes tag. > > Please check: > > git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git > > /Jarkko Great, thanks!
On 07/01/2022 13:14, Mickaël Salaün wrote: > > On 06/01/2022 20:16, Jarkko Sakkinen wrote: >> On Thu, Jan 06, 2022 at 09:12:22PM +0200, Jarkko Sakkinen wrote: >>> On Tue, Jan 04, 2022 at 04:56:36PM +0100, Mickaël Salaün wrote: >>>> >>>> On 21/12/2021 09:50, Jarkko Sakkinen wrote: >>>>> On Mon, Dec 13, 2021 at 04:30:29PM +0100, Mickaël Salaün wrote: >>>>>> Hi Jarkko, >>>>>> >>>>>> Since everyone seems OK with this and had plenty of time to >>>>>> complain, could >>>>>> you please take this patch series in your tree? It still applies on >>>>>> v5.16-rc5 and it is really important to us. Please let me know if >>>>>> you need >>>>>> something more. >>>>>> >>>>>> Regards, >>>>>> Mickaël >>>>> >>>>> I'm off-work up until end of the year, i.e. I will address only >>>>> important >>>>> bug fixes and v5.16 up until that. >>>>> >>>>> If any of the patches is yet missing my ack, feel free to >>>>> >>>>> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> >>>> >>>> Thanks Jarkko. Can you please take it into your tree? >>> >>> I can yes, as I need to anyway do a revised PR for v5.17, as one commit >>> in my first trial had a truncated fixes tag. >> >> Please check: >> >> git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git >> >> /Jarkko > > Great, thanks! Hi Jarkko, I noticed your commits https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/commit/?id=3ec9c3a0531ac868422be3b12fc17310ed8c07dc are no more referenced in your tree. Is there an issue? Regards, Mickaël