Re: module signing: Changing to MODULE_SIG_SHA3_512

On Thu, Nov 9, 2023 at 8:29 AM Josh Boyer wrote: > > On Thu, Nov 9, 2023 at 8:23 AM Prarit Bhargava wrote: > > > > On 11/9/23 08:13, Josh Boyer wrote: > > > On Thu, Nov 9, 2023 at 8:03 AM Prarit Bhargava wrote: > > >> > > >> On 11/8/23

Re: module signing: Changing to MODULE_SIG_SHA3_512

On Thu, Nov 9, 2023 at 8:23 AM Prarit Bhargava wrote: > > On 11/9/23 08:13, Josh Boyer wrote: > > On Thu, Nov 9, 2023 at 8:03 AM Prarit Bhargava wrote: > >> > >> On 11/8/23 08:33, Prarit Bhargava wrote: > >>> Hey everyone, >

Re: module signing: Changing to MODULE_SIG_SHA3_512

On Thu, Nov 9, 2023 at 8:03 AM Prarit Bhargava wrote: > > On 11/8/23 08:33, Prarit Bhargava wrote: > > Hey everyone, > > > > The current kernel configs generate > > > > # CONFIG_MODULE_SIG_FORCE is not set > > CONFIG_MODULE_SIG_ALL=y > > # CONFIG_MODULE_SIG_SHA256 is not set > > #

Re: Move xpad in kernel-modules ?

On Wed, Dec 2, 2020 at 4:18 PM Paul Bolle wrote: > > Paul Bolle schreef op wo 02-12-2020 om 21:30 [+0100]: > > Currently there seem to be over 6000 texlive packages. (Quick and dirty > > measurements, sorry.) So splitting the kernel into an absurd number of > > packages for (obscure) modules

Re: Move xpad in kernel-modules ?

On Wed, Dec 2, 2020 at 3:32 PM Paul Bolle wrote: > > Marcelo Ricardo Leitner schreef op wo 02-12-2020 om 17:11 [-0300]: > > Maybe, then taking it to the extreme, less common modules can all have its > > own rpm package ;-) > > Vague ideas like this crossed my mind too. > > The local build I just

Re: Move xpad in kernel-modules ?

On Wed, Dec 2, 2020 at 2:15 PM Matthew Miller wrote: > > On Wed, Dec 02, 2020 at 10:31:17AM -0500, Bastien Nocera wrote: > > You should see the hoops people go through to make their controllers work, > > either installing user-space drivers, or finding out how to solve the > > problem > > by

Re: Upcoming Fedora kernel workflow changes

On Wed, Mar 11, 2020 at 1:26 PM Josh Boyer wrote: > > On Wed, Mar 11, 2020 at 1:21 PM Jeremy Cline wrote: > > > > On Wed, 2020-03-11 at 12:58 -0400, Josh Boyer wrote: > > > On Wed, Mar 11, 2020 at 12:41 PM Jeremy Cline > > > wrote: > > >

Re: Upcoming Fedora kernel workflow changes

On Wed, Apr 15, 2020 at 5:32 AM Thorsten Leemhuis wrote: > > Am 15.04.20 um 00:37 schrieb Jeremy Cline: > > On Tue, 2020-04-07 at 15:33 +, Jeremy Cline wrote: > >> On Wed, 2020-03-11 at 16:40 +, Jeremy Cline wrote: > >> > >> Just a note folks, the plan is to do this starting next week

Re: Upcoming Fedora kernel workflow changes

On Fri, Mar 13, 2020 at 9:49 AM Neal Gompa wrote: > > On Fri, Mar 13, 2020 at 9:42 AM Josh Boyer wrote: > > > > On Fri, Mar 13, 2020 at 7:08 AM Neal Gompa wrote: > > > > > > On Fri, Mar 13, 2020 at 7:02 AM Bastien Nocera wrote: > > > >

Re: Upcoming Fedora kernel workflow changes

On Fri, Mar 13, 2020 at 9:51 AM Peter Robinson wrote: > > > > > > >> The git tags are still signed by Linus. Does that cover your > > > > > >> concerns? > > > > > > > > > > > > Not really, no. I think that multiplying the intermediaries between > > > > > > kernel.org > > > > > > and the Fedora

Re: Upcoming Fedora kernel workflow changes

On Fri, Mar 13, 2020 at 7:08 AM Neal Gompa wrote: > > On Fri, Mar 13, 2020 at 7:02 AM Bastien Nocera wrote: > > > > > > > > - Original Message - > > > > > > > > > On 3/12/20 10:57 AM, Bastien Nocera wrote: > > > > > > > > > > > > - Original Message - > > > > > > > >> The git

Re: Upcoming Fedora kernel workflow changes

On Wed, Mar 11, 2020 at 1:21 PM Jeremy Cline wrote: > > On Wed, 2020-03-11 at 12:58 -0400, Josh Boyer wrote: > > On Wed, Mar 11, 2020 at 12:41 PM Jeremy Cline > > wrote: > > > Hi folks, > > > > > > This should come as no surprise to those who ha

Re: Upcoming Fedora kernel workflow changes

On Wed, Mar 11, 2020 at 12:41 PM Jeremy Cline wrote: > > Hi folks, > > This should come as no surprise to those who have been following the > kernel list and/or saw Laura's Flock talk last summer, but there are > some changes to the way the Fedora kernel is maintained coming in the > next couple

Re: Discussion: what would not blocking on btrfs look like?

On Wed, Aug 28, 2019 at 2:40 PM Josef Bacik wrote: > > On Wed, Aug 28, 2019 at 02:35:39PM -0400, Laura Abbott wrote: > > On 8/28/19 1:58 PM, Josef Bacik wrote: > > > On Tue, Aug 27, 2019 at 07:53:20AM -0400, Laura Abbott wrote: > > > > On 8/26/19 11:39 PM, Neal Gompa wrote: > > > > > On Mon, Aug

Re: Discussion: what would not blocking on btrfs look like?

On Tue, Aug 27, 2019 at 8:48 AM Neal Gompa wrote: > > On Tue, Aug 27, 2019 at 8:30 AM Josh Boyer wrote: > > > > On Tue, Aug 27, 2019 at 8:10 AM Neal Gompa wrote: > > > > > > On Tue, Aug 27, 2019 at 7:41 AM Josh Boyer > > > wrote: > > >

Re: Discussion: what would not blocking on btrfs look like?

On Tue, Aug 27, 2019 at 8:10 AM Neal Gompa wrote: > > On Tue, Aug 27, 2019 at 7:41 AM Josh Boyer wrote: > > > > On Tue, Aug 27, 2019 at 7:19 AM Neal Gompa wrote: > > > > > > On Tue, Aug 27, 2019 at 5:55 AM wrote: > > > > > > &

Re: Discussion: what would not blocking on btrfs look like?

On Tue, Aug 27, 2019 at 7:19 AM Neal Gompa wrote: > > On Tue, Aug 27, 2019 at 5:55 AM wrote: > > > > On Mon, 2019-08-26 at 23:54 -0400, Neal Gompa wrote: > > > On Mon, Aug 26, 2019 at 7:16 AM wrote: > > > > > > > > I understand them. The point is, for them and even us (the > > > > installer) >

Re: Support buildid in kernel-headers

On Wed, Aug 21, 2019 at 2:47 PM Paul Moore wrote: > > Hello, > > Last year there was a change to how the kernel-headers package is > built, and unfortunately that change made it so that changes to the > kernel's buildid variable do not carryover to the the kernel-header's > build. While I

Re: [PATCH 6/9] Remove some old modalias adjustments

On Thu, Aug 15, 2019 at 3:58 PM Laura Abbott wrote: > > We've come a long way. Let's just leave these drivers alone. Can we not build them at all instead? Or put them in modules-extra if we're too chicken to disable them entirely. josh > Signed-off-by: Laura Abbott > --- >

Re: [PATCH 2/9] Drop cpumask auto select patch

f --git a/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch > b/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch > deleted file mode 100644 > index 5e6d6611e..00000 > --- a/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch > +++ /dev/null > @@ -1,34

Re: [PATCH 9/9] Remove crash driver

On Thu, Aug 15, 2019 at 4:02 PM Laura Abbott wrote: > > This has since been replaced by other in kernel pieces. We > can finally drop it. Which pieces? josh > > Signed-off-by: Laura Abbott > --- > crash-driver.patch | 722 - > kernel.spec|

Re: Certificate used to sign Fedora kernels for UEFI Secure Boot?

On Mon, Aug 12, 2019 at 11:23 AM Paul Moore wrote: > > On Fri, Aug 9, 2019 at 8:31 AM Paul Moore wrote: > > > > Hello all, > > > > I'm not sure if this is the place for this, but if not perhaps you > > could point me in the right direction? > > > > I'm looking for the certificate associated with

Re: [PATCH] Fix cross kernel headers location - rhbz#1642037

On Thu, Oct 25, 2018 at 7:50 AM Nicolas Chauvet wrote: > > Le mar. 23 oct. 2018 à 17:54, Josh Boyer a écrit : > > > > On Tue, Oct 23, 2018 at 11:12 AM Nicolas Chauvet wrote: > > > > > > Cross compiled kernel headers are installed into /usr/*-linux-gnu/includ

Re: [PATCH] Fix cross kernel headers location - rhbz#1642037

On Tue, Oct 23, 2018 at 11:12 AM Nicolas Chauvet wrote: > > Cross compiled kernel headers are installed into /usr/*-linux-gnu/include/ > instead of /usr/*-linux-gnu/sys-root/usr/include/ where they can be > found by default by the Fedora cross compiler toolchain. Is that a new change in how the

Re: Any way to get the source of old fedora kernels?

On Sun, Jul 22, 2018 at 10:54 AM stan wrote: > > I've been having an issue with Fedora virtual consoles coming up with > the wrong color scheme for a while. Instead of coming up with white on > black, they come up as grey on white. When I startx, X resets the > parameters and they revert to

Re: Can't capture vmcore?

On Tue, Jan 9, 2018 at 1:51 PM, Maxim Burgerhout wrote: > I'm getting kernel panics in a VM that functions as a hypervisor, the moment > I spin up the nested guest (on AMD ThreadRipper / Fedora 27). That is > annoying, of course, so I try to be a good citizen and file a bug. > >

Re: Current specfile misapplies v4.14.10 stable update for fc26

On Tue, Jan 2, 2018 at 4:55 PM, Paul Bolle wrote: > On Tue, 2018-01-02 at 12:32 -0800, Laura Abbott wrote: >> On 01/02/2018 08:35 AM, Paul Bolle wrote: >> > A bit off topic: I suppose at the ultimate goal is to do rpmbuild from >> > within >> > a proper git clone of the

Re: Current specfile misapplies v4.14.10 stable update for fc26

On Tue, Jan 2, 2018 at 4:35 PM, Paul Bolle <pebo...@tiscali.nl> wrote: > On Tue, 2018-01-02 at 16:28 -0500, Josh Boyer wrote: >> So if you want to use git apply instead of patch, I have no objections >> that I can remember. It'll just require some extra work to make sure >

Re: Current specfile misapplies v4.14.10 stable update for fc26

On Sun, Dec 31, 2017 at 9:13 PM, Laura Abbott wrote: > On 12/30/2017 04:52 AM, Paul Bolle wrote: >> >> 0) The v4.14.10 stable updates adds a new executable (tools/objtool/sync- >> check.sh). Somehow this was added non-executable during my local build of >> v4.14.10 (on fc26,

Re: Adding virtualbox guest driver to Fedora kernels (revisited)

On Tue, Dec 19, 2017 at 6:03 AM, Hans de Goede wrote: > Hi All, > > Good news, the vboxguest driver has been queued for > upstream merging in char-misc-next. This just happened > so I want to wait for a couple of days to make sure > they stick and they do not get reverted for

Re: RFC: Moving kernel-tools out of kernel.spec

On Wed, Nov 29, 2017 at 10:16 AM, Prarit Bhargava <pra...@redhat.com> wrote: > > > On 11/29/2017 10:07 AM, Josh Boyer wrote: >> On Wed, Nov 29, 2017 at 9:58 AM, Prarit Bhargava <pra...@redhat.com> wrote: >>> On 11/28/2017 09:16 PM, Josh Boyer wrote: >>

Re: RFC: Moving kernel-tools out of kernel.spec

On Wed, Nov 29, 2017 at 9:58 AM, Prarit Bhargava <pra...@redhat.com> wrote: > On 11/28/2017 09:16 PM, Josh Boyer wrote: >> On Tue, Nov 28, 2017 at 5:03 PM, Laura Abbott <labb...@redhat.com> wrote: >>> Like all good bits of software, the kernel.spec has grown over tim

Re: RFC: Moving kernel-tools out of kernel.spec

On Tue, Nov 28, 2017 at 5:03 PM, Laura Abbott wrote: > Like all good bits of software, the kernel.spec has grown over time. > Part of this growth has come from building more of the userspace > tools that live under the tools directory of the kernel. I've been > experimenting

Re: Deprecating old networking protocols

On Wed, Nov 15, 2017 at 6:09 PM, R P Herrold wrote: > On Tue, 14 Nov 2017, Steven Whitehouse wrote: > >> I think it is probably overdue in the DECnet case, however I >> did get a very happy with it for the most part. Anyway it is >> clear that nobody is maintaining it and it

Re: Reviving the hardware census

On Wed, Nov 8, 2017 at 2:14 PM, Don Zickus <dzic...@redhat.com> wrote: > On Wed, Nov 08, 2017 at 01:48:36PM -0500, Josh Boyer wrote: >> >> [1] https://github.com/npmccallum/census >> >> [2] https://github.com/npmccallum/census/blob/master/client/plugins/ >&g

Re: Reviving the hardware census

On Wed, Nov 8, 2017 at 12:34 PM, Don Zickus wrote: > On Tue, Nov 07, 2017 at 10:49:02PM +, Jeremy Cline wrote: >> Hey folks, >> >> For some time now, Fedora has operated without a database of hardware >> users have. Smolt, the old hardware database, was retired in 2012[0]

Re: [X86] x86 Architecture SIG

On Mon, Sep 11, 2017 at 1:22 PM, Justin Forbes wrote: > On Fri, Sep 8, 2017 at 9:41 PM, Jeff Backus wrote: > >> (Apologies - resending because I wasn't subscribed earlier) >> >> Hi list, >> >> I'm contacting you on behalf of the x86 SIG. Today FESCo

Re: Kernel 4.13 rebase plans

On Tue, Sep 5, 2017 at 6:25 PM, James Hogarth wrote: > > > On 5 September 2017 at 22:40, Chris Murphy wrote: >> >> On Tue, Sep 5, 2017 at 3:38 PM, Chris Murphy >> wrote: >> >> > FWIW, you can just download the F27

Re: [PATCH] disable SWIOTLB on Power (#1480380)

On Fri, Aug 11, 2017 at 6:25 AM, Dan Horák wrote: > All supported platforms have IOMMU, thus disable. > --- > baseconfig/powerpc/CONFIG_SWIOTLB | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) I fixed this up to have a blurb in the kernel.spec changelog and pushed it to

Re: [PATCH] Enforce kernel-devel-uname-r >= uname-r if any kernel-devel-uname-r - rhbz#1450577

On Mon, Jul 24, 2017 at 9:40 AM, Nicolas Chauvet <kwiz...@gmail.com> wrote: > 2017-07-24 15:28 GMT+02:00 Josh Boyer <jwbo...@fedoraproject.org>: >> On Mon, Jul 24, 2017 at 9:20 AM, Nicolas Chauvet <kwiz...@gmail.com> wrote: >> >> Please add a descriptive ch

Re: kernel-4.13-rc0 question

On Fri, Jul 14, 2017 at 7:46 AM, Sérgio Basto wrote: > Hi, > I have a bug report that can't build virtualbox kmods for kernels on > rawhide > > Larry Finger for opensuse wrote: > > Yes, it does not work for kernel 4.11. The "#ifndef" will eventually be > replaced > by "#if

Re: ppisar pushed to kernel (master). "perl dependency renamed to perl-interpreter "

On Thu, Jul 13, 2017 at 8:24 AM, Petr Pisar <ppi...@redhat.com> wrote: > On Thu, Jul 13, 2017 at 08:15:14AM -0400, Josh Boyer wrote: >> On Thu, Jul 13, 2017 at 3:54 AM, <notificati...@fedoraproject.org> wrote: >> > From 575a9e2f6afcad8fa21ca7b0c38278730e2670db Mon

Re: ppisar pushed to kernel (master). "perl dependency renamed to perl-interpreter "

On Thu, Jul 13, 2017 at 3:54 AM, wrote: > From 575a9e2f6afcad8fa21ca7b0c38278730e2670db Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= > Date: Thu, 13 Jul 2017 09:54:13 +0200 > Subject: perl dependency renamed to

Re: Building kernel with fedpkg and custom config

On Fri, Jun 9, 2017 at 9:02 AM, wrote: > > Hi Laura, > > Thanks for the reply, and indeed it works like a charm when I put that > #x86_64 header in the config file, likewise the kernel-local file also works > perfectly, when I keep the header in the file. > > One of

Re: [PATCH] Drop kernel-devel virtual provide rhbz#1420754

On Tue, Feb 28, 2017 at 4:02 AM, Nicolas Chauvet wrote: > 2017-02-16 19:33 GMT+01:00 Nicolas Chauvet : >> 2017-02-16 19:26 GMT+01:00 Nicolas Chauvet : >>> --- >>> kernel.spec | 1 - >>> 1 file changed, 1 deletion(-) >>> >>> diff --git

Re: [PATCH] set zEC12 as minimum hw level for s390x

On Fri, Feb 3, 2017 at 2:13 PM, Justin Forbes <jfor...@redhat.com> wrote: > On Fri, Feb 3, 2017 at 11:08 AM, Josh Boyer <jwbo...@fedoraproject.org> > wrote: >> >> On Thu, Feb 2, 2017 at 11:53 AM, Dan Horák <d...@danny.cz> wrote: >> >> Ack. We did s

Re: [PATCH] set zEC12 as minimum hw level for s390x

On Thu, Feb 2, 2017 at 11:53 AM, Dan Horák wrote: Ack. We did similar changes in rpm macros already so that gcc builds for this platform by default. Glibc will be making equivalent changes as well. josh > --- > baseconfig/s390x/CONFIG_MARCH_Z900 | 1 - >

Re: Adding out-of-tree wifi drivers to the Fedora kernel pkg

On Wed, Jan 18, 2017 at 9:28 AM, Hans de Goede <hdego...@redhat.com> wrote: > Hi, > > > On 18-01-17 13:10, Josh Boyer wrote: >> >> On Wed, Jan 18, 2017 at 5:18 AM, Hans de Goede <hdego...@redhat.com> >>> And I still end up at my original unanswered ques

Re: Adding out-of-tree wifi drivers to the Fedora kernel pkg

On Wed, Jan 18, 2017 at 5:18 AM, Hans de Goede wrote: > Hi, > > > On 17-01-17 21:59, Laura Abbott wrote: >> >> On 01/17/2017 05:19 AM, Hans de Goede wrote: >>> >>> Hi, >>> >>> On 17-01-17 14:12, Thorsten Leemhuis wrote: Lo! Three quick question from someone who for

Re: Repository of Kernels for Fedora

On Thu, Jan 12, 2017 at 8:47 AM, Benson Muite <benson_mu...@emailplus.org> wrote: > > > On 01/12/2017 03:32 PM, Josh Boyer wrote: >> >> On Thu, Jan 12, 2017 at 8:22 AM, Benson Muite >> <benson_mu...@emailplus.org> wrote: >>> >>> Hi

Re: Repository of Kernels for Fedora

On Thu, Jan 12, 2017 at 8:22 AM, Benson Muite wrote: > Hi, > > Is there a repository of compiled linux kernels for Fedora similar to that > for Ubunutu at: > http://kernel.ubuntu.com/~kernel-ppa/mainline/ Nothing quite like that, no. All the kernels built and shipped

Re: Fedora kernels should disable CONFIG_IWLWIFI_PCIE_RTPM

On Tue, Dec 20, 2016 at 1:18 PM, Jóhann B. Guðmundsson <johan...@gmail.com> wrote: > On 12/15/2016 12:01 PM, Josh Boyer wrote: > >> On Thu, Dec 15, 2016 at 5:37 AM, Hans de Goede <hdego...@redhat.com> >> wrote: >>> >>> Hi, >>> >>

Re: Fedora kernels should disable CONFIG_IWLWIFI_PCIE_RTPM

On Thu, Dec 15, 2016 at 5:37 AM, Hans de Goede wrote: > Hi, > > I stumbled over this while looking into something completely different, > according to: > > https://bugzilla.kernel.org/show_bug.cgi?id=172411 > > As this point in time it is better to not enable >

Re: [PATCH] config: Enable CONFIG_MODVERSIONS

On Thu, Dec 1, 2016 at 9:58 AM, Don Zickus wrote: > On Thu, Dec 01, 2016 at 07:53:06AM -0600, Justin Forbes wrote: >> On Wed, Nov 30, 2016 at 8:03 PM, Don Zickus wrote: >> >> > On Wed, Nov 30, 2016 at 04:25:30PM -0800, Laura Abbott wrote: >> > > > I don't

Re: [PATCH] config: Enable CONFIG_MODVERSIONS

On Wed, Nov 30, 2016 at 6:19 PM, Justin Forbes <jfor...@redhat.com> wrote: > On Wed, Nov 30, 2016 at 4:33 PM, Josh Boyer <jwbo...@fedoraproject.org> > wrote: >> >> On Wed, Nov 30, 2016 at 5:29 PM, Paul Bolle <pebo...@tiscali.nl> wrote: >> > On Wed

Re: [PATCH] config: Enable CONFIG_MODVERSIONS

On Wed, Nov 30, 2016 at 5:29 PM, Paul Bolle wrote: > On Wed, 2016-11-30 at 17:15 -0500, Don Zickus wrote: >> I noticed that CONFIG_MODVERSIONS was not enabled in Fedora. I do not know >> the history and would be curious to know if someone knew. >> >> Otherwise, I would like

Re: arm64: F26 vs F25 kernel config for 4.9 (48-bit VA)

On Tue, Nov 22, 2016 at 2:14 PM, Jon Masters wrote: > Hi Folks, > > A quick reminder that, while 48-bit VA is enabled in rawhide/26: > > commit c0f22caded1d549e532d2ab3ce767f8f3d2206f8 > Author: Peter Robinson > Date: Mon Oct 31 15:45:58 2016

Re: [PATCH] set z10 as minimum architecture level for s390x

On Tue, Nov 15, 2016 at 6:11 AM, Dan Horák wrote: > This is intended for f26/rawhide only. > > > Dan > > On Tue, 15 Nov 2016 11:38:25 +0100 > Dan Horák wrote: > >> --- >> config-s390x | 4 +--- >> 1 file changed, 1 insertion(+), 3 deletions(-) >> >>

Re: [PATCH 1/5] Run oldnoconfig make targets silently

On Mon, Nov 14, 2016 at 2:08 PM, Paul Bolle <pebo...@tiscali.nl> wrote: > On Thu, 2016-11-10 at 19:38 -0500, Josh Boyer wrote: >> [...] but it can't be at the expense of people that have >> to do things with this package multiple times a day. > > Sure. > > But -

Re: [PATCH 1/5] Run oldnoconfig make targets silently

On Thu, Nov 10, 2016 at 4:03 PM, Peter Robinson wrote: > On Thu, Nov 10, 2016 at 8:59 PM, Paul Bolle wrote: >> On Thu, 2016-11-10 at 20:28 +, Peter Robinson wrote: >>> I agree with Josh, what is it that you're actually trying to achieve here? >> >>

Re: [PATCH 3/5] Only run listnewconfig and oldnoconfig for one arch

On Thu, Nov 10, 2016 at 11:08 AM, Paul Bolle wrote: > During the %prep phase we run "make listnewconfig" and "make oldnoconfig" for > all six supported architectures (arm64, arm, i386, powerpc, s390, and x86_64). > We only care about the set of .configs that is relevant for

Re: [PATCH 5/5] Remove references to (31 bits) s390

On Thu, Nov 10, 2016 at 11:08 AM, Paul Bolle wrote: > We don't build for (31 bits) s390 but only for (64 bits) s390x. So remove a > few > irrelevant references to s390. > > Signed-off-by: Paul Bolle Seems fine. josh > --- > kernel.spec | 8 >

[PATCH 19/20] MODSIGN: Support not importing certs from db

If a user tells shim to not use the certs/hashes in the UEFI db variable for verification purposes, shim will set a UEFI variable called MokIgnoreDB. Have the uefi import code look for this and not import things from the db variable. Signed-off-by: Josh Boyer <jwbo...@fedoraproject.

[PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot

certificates into the newly introduced system blacklist keyring and forbid any module signed with those from loading. Signed-off-by: Josh Boyer <jwbo...@fedoraproject.org> --- certs/system_keyring.c| 13 ++ include/keys/system_keyring.h | 1 + init/Kconfig

[PATCH 17/20] KEYS: Add a system blacklist keyring

. Signed-off-by: Josh Boyer <jwbo...@fedoraproject.org> --- certs/system_keyring.c| 22 ++ include/keys/system_keyring.h | 4 init/Kconfig | 9 + 3 files changed, 35 insertions(+) diff --git a/certs/system_keyring.c b

[PATCH 20/20] Add sysrq option to disable secure boot mode

From: Kyle McMartin Bugzilla: N/A Upstream-status: Fedora mustard --- arch/x86/kernel/setup.c | 36 drivers/input/misc/uinput.c | 1 + drivers/tty/sysrq.c | 19 +-- include/linux/input.h | 5 +

[PATCH 16/20] Add an EFI signature blob parser and key loader.

From: Dave Howells X.509 certificates are loaded into the specified keyring as asymmetric type keys. [labb...@fedoraproject.org: Drop KEY_ALLOC_TRUSTED] Signed-off-by: David Howells --- crypto/asymmetric_keys/Kconfig | 8 +++

[PATCH 09/20] x86: Restrict MSR access when module loading is restricted

From: Matthew Garrett Writing to MSRs should not be allowed if module loading is restricted, since it could lead to execution of arbitrary code in kernel mode. Based on a patch by Kees Cook. Cc: Kees Cook Signed-off-by: Matthew Garrett

[PATCH 15/20] Add EFI signature data types

From: Dave Howells Add the data types that are used for containing hashes, keys and certificates for cryptographic verification. Bugzilla: N/A Upstream-status: Fedora mustard for now Signed-off-by: David Howells --- include/linux/efi.h | 17

[PATCH 14/20] hibernate: Disable in a signed modules environment

There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it in a secure modules environment. Signed-off-by: Josh Boyer <jwbo...@fedoraproject.

[PATCH 13/20] efi: Add EFI_SECURE_BOOT bit

UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit for use with efi_enabled. Signed-off-by: Josh Boyer <jwbo...@fedoraproject.org> --- arch/x86/kernel/setup.c | 2 ++ include/linux/efi.h | 1 + 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/set

[PATCH 12/20] efi: Disable secure boot if shim is in insecure mode

boot mode if that variable is set. Signed-off-by: Josh Boyer <jwbo...@fedoraproject.org> --- arch/x86/boot/compressed/eboot.c | 20 +++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c

[PATCH 10/20] Add option to automatically enforce module signatures when in Secure Boot mode

From: Matthew Garrett UEFI Secure Boot provides a mechanism for ensuring that the firmware will only load signed bootloaders and kernels. Certain use cases may also require that all kernel modules also be signed. Add a configuration option that enforces this

[PATCH 11/20] efi: Add SHIM and image security database GUID definitions

Add the definitions for shim and image security database, both of which are used widely in various Linux distros. Signed-off-by: Josh Boyer <jwbo...@fedoraproject.org> --- include/linux/efi.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/efi.h b/include/linux/efi.h

[PATCH 04/20] ACPI: Limit access to custom_method

From: Matthew Garrett custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. Disable it if any such restrictions have been enabled. Signed-off-by: Matthew Garrett

[PATCH 08/20] kexec: Disable at runtime if the kernel enforces module loading restrictions

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that module signing enforcement is meant to prevent. It makes sense to disable kexec in this situation. Signed-off-by: Matthew Garrett

[PATCH 05/20] asus-wmi: Restrict debugfs interface when module loading is restricted

From: Matthew Garrett We have no way of validating what all of the Asus WMI methods do on a given machine, and there's a risk that some will allow hardware state to be manipulated in such a way that arbitrary code can be executed in the kernel, circumventing module

[PATCH 02/20] PCI: Lock down BAR access when module security is enabled

From: Matthew Garrett Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to modify kernel code, allowing them to circumvent disabled module loading or module signing. Default to

[PATCH 01/20] Add secure_modules() call

From: Matthew Garrett Provide a single call to allow kernel code to determine whether the system has been configured to either disable module loading entirely or to load only modules signed with a trusted key. Bugzilla: N/A Upstream-status: Fedora mustard. Replaced

[PATCH 03/20] x86: Lock down IO port access when module security is enabled

From: Matthew Garrett IO port access would permit users to gain access to PCI configuration registers, which in turn (on a lot of hardware) give access to MMIO register space. This would potentially permit root to trigger arbitrary DMA, so lock it down by default.

Refresh Secure Boot patchset

The upstream 0-day bot found an issue with the existing patchset in the rawhide kernel. Everything builds fine as a whole, but if one were to bisect the patches, a build would break because the shim GUID is used in a patch before it is actually defined. Fix this by inserting a patch in the

Re: realtek wireless modules

On Mon, Oct 10, 2016 at 2:02 PM, Peter Robinson wrote: > Hi Laura, Justin, et el, > > I've been playing with a handful of cheap USB wireless modules for > support on the Raspberry Pi and other similar devices. > > I've noticed that there's a bunch of overlap regarding usb

Re: The future of secure boot patches in Fedora

On Mon, Aug 22, 2016 at 9:18 PM, Jarod Wilson <ja...@redhat.com> wrote: > On Mon, Aug 22, 2016 at 08:34:02PM -0400, Josh Boyer wrote: >> On Mon, Aug 22, 2016 at 8:22 PM, Jarod Wilson <ja...@redhat.com> wrote: >> > On Mon, Aug 22, 2016 at 03:50:22PM -0600, Chris Murp

Re: The future of secure boot patches in Fedora

On Tue, Aug 23, 2016 at 4:05 AM, Peter Robinson wrote: The secure boot patches have been around in the Fedora tree for a while now. They work well enough but there has not been much active work in getting them accepted

Re: The future of secure boot patches in Fedora

On Mon, Aug 22, 2016 at 8:22 PM, Jarod Wilson wrote: > On Mon, Aug 22, 2016 at 03:50:22PM -0600, Chris Murphy wrote: >> On Mon, Aug 22, 2016 at 3:14 PM, Laura Abbott wrote: >> > On 08/22/2016 01:16 PM, Chris Murphy wrote: >> >> >> >> On Mon, Aug 22, 2016 at

Re: Kernel 4.7 rebase plans

On Mon, Aug 22, 2016 at 6:05 AM, Edward O'Callaghan wrote: > Hi, > > Is there any movement on this? Sorry to rush but, without 4.7, polaris GPU's > are unsupported. Thus the changesets in amdgpu are critical for that hw > bringup, hence *really* looking forward to

Re: building the rawhide kernel with cgroup-v2 cpu controller patches

On Tue, Aug 16, 2016 at 9:31 PM, Zbigniew Jędrzejewski-Szmek wrote: > Unfortunately, due to the disagreements in the kernel development > community, CPU controller cgroup v2 support has not been merged and > enabling it requires applying two small out-of-tree kernel > patches.

Re: fedora.git upstream 0-Day build testing

On Tue, Aug 9, 2016 at 2:32 PM, Josh Boyer <jwbo...@fedoraproject.org> wrote: > Hi kernel people, > > Recently the upstream 0-Day build testing project started building the > exploded kernel git tree for Fedora on kernel.org: > > https://git.kernel.org/cgit/linux/kerne

fedora.git upstream 0-Day build testing

Hi kernel people, Recently the upstream 0-Day build testing project started building the exploded kernel git tree for Fedora on kernel.org: https://git.kernel.org/cgit/linux/kernel/git/jwboyer/fedora.git/ That was somewhat of a surprise. It has found a few things here and there, mostly in

Re: [PATCH] Add touchscreen and pen driver for the Surface 3

On Fri, Jul 29, 2016 at 9:03 AM, Bastien Nocera wrote: > Yes, see the upstream "Input: surface3_spi - add surface pen support for > Surface 3" patch. > But that's just the tip of the pen, the button at the top of it is a > Bluetooth device, so if you want to be more precise

Re: [PATCH] Add CrystalCove PWM support, for CherryTrail devices

On Thu, Jul 28, 2016 at 7:35 AM, Bastien Nocera wrote: > From: Bastien Nocera > > --- > config-x86-generic | 2 +- > kernel.spec| 5 - > 2 files changed, 5 insertions(+), 2 deletions(-) Fixed up to apply and pushed. A small comment below. >

Re: 3 patches for various skylake issues

On Sat, Jul 16, 2016 at 6:29 AM, Hans de Goede <hdego...@redhat.com> wrote: > Hi, > > On 14-07-16 15:31, Josh Boyer wrote: >> >> On Thu, Jul 14, 2016 at 8:48 AM, Hans de Goede <hdego...@redhat.com> >> wrote: >>> >>> Hi Kernel-team, >>

Re: 3 patches for various skylake issues

On Thu, Jul 14, 2016 at 8:48 AM, Hans de Goede wrote: > Hi Kernel-team, > > I'm going on vacation for 2 weeks starting tomorrow, so I do > not have time to do proper follow-up on these 3 patches, > but IMHO it would be good to include these in the next > Fedora kernel build:

Re: F25 Kernel Version

On Thu, Jun 30, 2016 at 8:21 AM, Christopher Covington wrote: > Hi, > > Apologies if this is already documented somewhere, but I wasn't able to > find it. What upstream kernel version(s) might Fedora 25 use? We don't know yet. It depends on the upstream kernel release

Re: Backporting skl_update_other_pipe_wm intel drm fixes to the Fedora 4.6 kernel

On Fri, Jun 17, 2016 at 1:54 PM, Hans de Goede wrote: > Hi, > > On 17-06-16 18:35, Peter Robinson wrote: >> >> On Fri, Jun 17, 2016 at 5:21 PM, Justin Forbes wrote: >>> >>> This does indeed sound like a good plan, and would be much appreciated. >> >> >>

Re: Problem with MODULE_SIG=y

On Wed, Jun 15, 2016 at 11:29 AM, Jiri Pirko wrote: > Wed, Jun 15, 2016 at 05:22:23PM CEST, ido...@idosch.org wrote: >>Wed, Jun 15, 2016 at 06:15:29PM IDT, labb...@redhat.com wrote: >>>On 06/15/2016 02:55 AM, Ido Schimmel wrote: Hi, I work on a driver

Re: [PATCH] fast-build.sh rpmbuild combo for faster compilation

On Tue, Jun 14, 2016 at 3:47 PM, Laura Abbott wrote: > On 06/13/2016 12:54 PM, Paul Bolle wrote: >> >> On vr, 2016-06-10 at 12:42 -0700, Miguel Flores Silverio wrote: >>> >>> +rpmbuild --target $1 --without debuginfo --without perf --without tools >>> --rebuild $2 >> >> >>

Re: [PATCH] fast-build.sh rpmbuild combo for faster compilation

On Mon, Jun 13, 2016 at 4:34 PM, Prarit Bhargava <pra...@redhat.com> wrote: > > > On 06/13/2016 03:35 PM, Laura Abbott wrote: >> On 06/13/2016 11:41 AM, Josh Boyer wrote: >>> On Mon, Jun 13, 2016 at 2:32 PM, Prarit Bhargava <pra...@redhat.com> wrote: >&g

Re: [PATCH 2/4] Removes bumpspecfile.py

On Fri, Jun 10, 2016 at 3:23 PM, Miguel Flores Silverio wrote: > No longer needed. Use rpmdev-bumpspec instead. Ack. Not too long ago rpmdev-bumpspec didn't actually parse the kernel spec's macro handling so it wouldn't work. That has been fixed for a while though.

Re: [PATCH] Removes allarchconfig.sh

On Fri, Jun 10, 2016 at 3:30 PM, Miguel Flores Silverio wrote: > Functionality already implemented in kernel.spec file. Ack. For the history inclined, DaveJ tried to speed up 'make prep' in the kernel spec by removing this functionality and only doing it for the current

  1   2   3   4   5   6   >