from:"Mehmet Kayaalp"

[Kernel-packages] [Bug 1584195] Re: IMA-appraisal is still unusable in Ubuntu 16.04

2016-05-24 Thread Mehmet Kayaalp

I submitted them on April 8. I will resubmit in a couple of weeks for
the next -rc period. But when it reaches linux-next is up to the
keyrings maintainer (David Howells ).

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584195

Title:
  IMA-appraisal is still unusable in Ubuntu 16.04

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Xenial:
  Triaged

Bug description:
  A recent bug (Bug #1558553) that renders IMA and trusted keyrings
  unusable was prematurely marked as fixed. The bug report was missing a
  couple of minor fixes which are attached. These patches are also
  submitted to LSM and keyrings mailing lists to be upstreamed.

  * KEYS: Insert incompressible bytes to vmlinux to reserve space in bzImage
  * KEYS: Print insert-sys-cert information to stout instead of stderr

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584195/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584195] [NEW] IMA-appraisal is still unusable in Ubuntu 16.04

2016-05-20 Thread Mehmet Kayaalp

Public bug reported:

A recent bug (Bug #1558553) that renders IMA and trusted keyrings
unusable was prematurely marked as fixed. The bug report was missing a
couple of minor fixes which are attached. These patches are also
submitted to LSM and keyrings mailing lists to be upstreamed.

* KEYS: Insert incompressible bytes to vmlinux to reserve space in bzImage
* KEYS: Print insert-sys-cert information to stout instead of stderr

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: Incomplete

** Patch added: "KEYS: Insert incompressible bytes to vmlinux to reserve space 
in bzImage"
   
https://bugs.launchpad.net/bugs/1584195/+attachment/4667148/+files/0001-KEYS-Insert-incompressible-bytes-to-vmlinux-to-reser.patch

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584195

Title:
  IMA-appraisal is still unusable in Ubuntu 16.04

Status in linux package in Ubuntu:
  Incomplete

Bug description:
  A recent bug (Bug #1558553) that renders IMA and trusted keyrings
  unusable was prematurely marked as fixed. The bug report was missing a
  couple of minor fixes which are attached. These patches are also
  submitted to LSM and keyrings mailing lists to be upstreamed.

  * KEYS: Insert incompressible bytes to vmlinux to reserve space in bzImage
  * KEYS: Print insert-sys-cert information to stout instead of stderr

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584195/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584195] Re: IMA-appraisal is still unusable in Ubuntu 16.04

2016-05-20 Thread Mehmet Kayaalp

** Patch added: "KEYS: Print insert-sys-cert information to stout instead of 
stderr"
   
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584195/+attachment/4667149/+files/0002-KEYS-Print-insert-sys-cert-information-to-stout-inst.patch

** Description changed:

- A recent bug (#1558553) that renders IMA and trusted keyrings unusable
- was prematurely marked as fixed. The bug report was missing a couple of
- minor fixes which are attached. These patches are also submitted to LSM
- and keyrings mailing lists to be upstreamed.
+ A recent bug (Bug #1558553) that renders IMA and trusted keyrings
+ unusable was prematurely marked as fixed. The bug report was missing a
+ couple of minor fixes which are attached. These patches are also
+ submitted to LSM and keyrings mailing lists to be upstreamed.
  
  * KEYS: Insert incompressible bytes to vmlinux to reserve space in bzImage
  * KEYS: Print insert-sys-cert information to stout instead of stderr
- 
- Bug #1558553:
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558553

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584195

Title:
  IMA-appraisal is still unusable in Ubuntu 16.04

Status in linux package in Ubuntu:
  Incomplete

Bug description:
  A recent bug (Bug #1558553) that renders IMA and trusted keyrings
  unusable was prematurely marked as fixed. The bug report was missing a
  couple of minor fixes which are attached. These patches are also
  submitted to LSM and keyrings mailing lists to be upstreamed.

  * KEYS: Insert incompressible bytes to vmlinux to reserve space in bzImage
  * KEYS: Print insert-sys-cert information to stout instead of stderr

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584195/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1558553] Re: IMA-appraisal is unusable in Ubuntu 16.04

2016-04-08 Thread Mehmet Kayaalp

This trivial patch reduces the clutter from build output.

** Patch added: 
"0002-KEYS-Print-insert-sys-cert-information-to-stout-inst.patch"
   
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558553/+attachment/4629381/+files/0002-KEYS-Print-insert-sys-cert-information-to-stout-inst.patch

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1558553

Title:
  IMA-appraisal is unusable in Ubuntu 16.04

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  At some point, the IMA keyring changed from _ima to a trusted .ima
  keyring.   At that point, we couldn't add keys to the IMA keyring.
  Other distros import UEFI keys onto the system keyring.  Another
  method of loading keys on the system keyring is needed, which doesn't
  require the UEFI keys or rebuilding the kernel.

  To resolve this problem, the kernel should be built so that
  certificate memory is reserved and randomized.   Two patches are being
  upstreamed in this open window (linux-4.6):

  8e16789 KEYS: Use the symbol value for list size, updated by 
scripts/insert-sys-cert
  c4c3610 KEYS: Reserve an extra certificate symbol for inserting without 
recompiling

  We need to include these Kconfig options to reserve the memory:

  CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
  CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096

  An additional patch, which will be upstreamed, is needed to fill the
  reserved memory with random data before it is compressed.  (The patch
  is attached.)  After compiling the kernel with the reserved memory,
  the following build step is required:

  scripts/insert-sys-cert -b vmlinux -c /dev/null

  If you want to add a cert, the following command will unpack a
  bzImage, install the cert (DER format) in the vmlinuz, and repack the
  bzImage.

  scripts/insert-sys-cert -s  -z  -c 

  Contact Information = George Wilson  / Mimi Zohar
  

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558553/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1558553] Re: IMA-appraisal is unusable in Ubuntu 16.04

2016-04-08 Thread Mehmet Kayaalp

This bug is not fixed yet, since the random bytes are not added to the
build. The attached patch fixes it by adding the step for inserting the
null key during build.

** Patch added: 
"0001-KEYS-Insert-incompressible-bytes-to-vmlinux-to-reser.patch"
   
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558553/+attachment/4629379/+files/0001-KEYS-Insert-incompressible-bytes-to-vmlinux-to-reser.patch

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1558553

Title:
  IMA-appraisal is unusable in Ubuntu 16.04

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  At some point, the IMA keyring changed from _ima to a trusted .ima
  keyring.   At that point, we couldn't add keys to the IMA keyring.
  Other distros import UEFI keys onto the system keyring.  Another
  method of loading keys on the system keyring is needed, which doesn't
  require the UEFI keys or rebuilding the kernel.

  To resolve this problem, the kernel should be built so that
  certificate memory is reserved and randomized.   Two patches are being
  upstreamed in this open window (linux-4.6):

  8e16789 KEYS: Use the symbol value for list size, updated by 
scripts/insert-sys-cert
  c4c3610 KEYS: Reserve an extra certificate symbol for inserting without 
recompiling

  We need to include these Kconfig options to reserve the memory:

  CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
  CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096

  An additional patch, which will be upstreamed, is needed to fill the
  reserved memory with random data before it is compressed.  (The patch
  is attached.)  After compiling the kernel with the reserved memory,
  the following build step is required:

  scripts/insert-sys-cert -b vmlinux -c /dev/null

  If you want to add a cert, the following command will unpack a
  bzImage, install the cert (DER format) in the vmlinuz, and repack the
  bzImage.

  scripts/insert-sys-cert -s  -z  -c 

  Contact Information = George Wilson  / Mimi Zohar
  

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558553/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584195] Re: IMA-appraisal is still unusable in Ubuntu 16.04

[Kernel-packages] [Bug 1584195] [NEW] IMA-appraisal is still unusable in Ubuntu 16.04

[Kernel-packages] [Bug 1584195] Re: IMA-appraisal is still unusable in Ubuntu 16.04

[Kernel-packages] [Bug 1558553] Re: IMA-appraisal is unusable in Ubuntu 16.04

[Kernel-packages] [Bug 1558553] Re: IMA-appraisal is unusable in Ubuntu 16.04

5 matches

Site Navigation

Mail list logo

Footer information