21
for you to fetch changes up to 3584c1dbfffdabf8e3dc1dd25748bb38dd01cd43:
asymmetric_keys: log on fatal failures in PE/pkcs7 (2023-03-21 16:23:56 +)
keyrings fixes
---------
Baoquan He wrote:
> sed -i "s/the the /the /g" `git grep -l "the the "`
You might want to clarify the first "the" with a preceding boundary marker.
There are some English words ending in "the" that can be used as verbs, though
I'm not sure you'd find any of them here - clothe for example.
David
NG to
verify_pefile_signature().
Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added
to dynamically")
Signed-off-by: Yannik Sembritzki
Signed-off-by: David Howells
cc: kexec@lists.infradead.org
cc: keyri...@vger.kernel.org
cc: linux-security-mod...@vger.kernel.org
cc: sta...@
AKASHI Takahiro wrote:
> > > -static struct kexec_file_ops *kexec_file_loaders[] = {
> > > +struct kexec_file_ops *kexec_file_loaders[] = {
> > > &kexec_elf64_ops,
> > > + NULL
> > > };
const?
David
___
kexec mailing list
kexec@lists.infradead.org
Borislav Petkov wrote:
> "Subject: [PATCH v5 01/32] x86: Add documentation for AMD Secure Memory
> Encryption (SME)"
Or:
x86: Document AMD Secure Memory Encryption (SME) support
David
___
kexec mailing list
kexec@lists.infradead.org
http://
Mimi Zohar wrote:
> From an IMA perspective, either a file hash or signature are valid,
> but for this usage it must be a signature.
Not necessarily. If IMA can guarantee that a module is the same based on its
hash rather than on a key, I would've thought that should be fine.
David
__
Mimi Zohar wrote:
> > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA
> > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?
>
> Not quite, since as Dave pointed out, IMA is policy driven. As a
> policy is installed, we could set a flag.
Does such a flag
Mimi Zohar wrote:
> > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) && kernel_is_locked_down())
> > > + return -EPERM;
> > > +
> > >
>
> IMA can be used to verify file signatures too, based on the LSM hooks
> in kernel_read_file_from_fd(). CONFIG_KEXEC_VERIFY_SIG should not be
> requi
Dave Young wrote:
> > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > we're not
> > > > +* going to verify the signature on them
> > > > +*/
> > > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > > > kernel_is_locked_down())
> > > > +
igned-off-by: David Howells
cc: kexec@lists.infradead.org
---
kernel/kexec_file.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b118735fea9d..f6937eecd1eb 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -268,6 +2
secure_boot flag in original
kernel.
secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub. Fixing this issue by copying secure_boot flag across kexec reboot.
Signed-off-by: Dave Young
Signed-off-by: David Howells
cc: kexec@lists.infradead.org
---
arch/x86/kernel
.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
cc: kexec@lists.infradead.org
---
kernel/kexec.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 980936a90ee6..46de8e6b42f4 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -194,6
Lans Zhang wrote:
> Let me know if I need to add this comment to commit header.
I've done that.
David
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
-off-by: Lans Zhang
Tested-by: Dave Young
Signed-off-by: David Howells
Cc: Baoquan He
Cc: Vivek Goyal
cc: kexec@lists.infradead.org
cc: linux-cry...@vger.kernel.org
---
crypto/asymmetric_keys/mscode_parser.c |7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto
24 4d 85 ff 0f
[ 459.060535] RIP [] pkcs7_verify+0x72c/0x7f0
[ 459.063040] RSP
[ 459.065456] CR2:
[ 459.075998] ---[ end trace c15f0e897cda28dc ]---
Signed-off-by: Lans Zhang
Signed-off-by: David Howells
Cc: Dave Young
Cc: Baoquan He
Cc: Vivek Goyal
cc: linux-cry...@vge
Lans Zhang wrote:
> This fix resolves the following kernel panic if the empty
> AuthorityKeyIdentifier employed.
It should be noted that this is only an issue if DEBUG is #defined at the top
of pkcs7_verify.c as the crash happens in a pr_debug() statement.
David
___
Lans Zhang wrote:
> The commit e68503bd forgot to set digest_len and thus cause the following
> error reported by kexec when launching a crash kernel:
> "kexec_file_load failed: Bad message"
You need to put the commit ID in a "Fixes:" line as per SubmittingPatches.
David
__
Lans Zhang wrote:
> - } else {
> - auth = sig->auth_ids[1];
> + } else if ((auth = sig->auth_ids[1])) {
Better to say:
} else if (auth) {
auth = sig->auth_ids[1];
David
___
kexec ma
Palmer Dabbelt wrote:
> +#ifdef CONFIG_COMPAT
> +/* It actually takes struct sockaddr_atmsvc, not struct atm_iobuf */
> +#define COMPAT_ATM_ADDPARTY _IOW('a', ATMIOC_SPECIAL+4, struct
> compat_atm_iobuf)
> +#endif
I wonder if it would hurt to ditch the conditionals entirely. It only eats
cpp n
Arnd Bergmann wrote:
> That seems unlikely to work, so I suspect it gets a different definition.
> If it uses this definition and it does work, we can probably use
>
> #if defined(__KERNEL__) && defined(CONFIG_HAVE_MIXED_BREAKPOINTS_REGS)
>
> but that requires a comment explaining exactly why t
Palmer Dabbelt wrote:
> I tried to fix all the users of "struct elf_prstatus" that should now
> be using "struct elf_fdpic_prstatus". The only testing I did here was
> to build a Blackfin defconfig with "struct elf_prstatus" not defined,
> and to build an x86 defconfig with "struct elf_fdpic_prs
Josh Triplett wrote:
> > Sure. And 0 is perfectly fine value for the flag. Like with MAP_FILE.
>
> Rephrasing: the flag should always exist with the correct value.
> Whether the kernel handles it or not, the kernel *headers* shouldn't
> change to match the kernel, not least of which because they
issuer and subject are mandatory fields in the ASN.1 and so their existence
needn't be tested for. They are guaranteed to end up with an empty string if
the name material has nothing we can use (see x509_fabricate_name()).
Reported-by: Dan Carpenter
Signed-off-by: David Howells
---
c
valdis.kletni...@vt.edu wrote:
> > Verify certificate chain in the X.509 certificates contained within the
> > PKCS#7 message as far as possible. If any signature that we should be
> > able to verify fails, we reject the whole lot.
>
> What happens if we see a signature that we shouldn't be able
Borislav Petkov wrote:
> let me see if I get this straight:
>
> this current submission is supposed to replace
>
> http://lkml.kernel.org/r/20140708131504.28621.61165.st...@warthog.procyon.org.uk
Yes. It's an extension of that. Plus I did it wrong and managed to lose the
actual first patch,
Verify certificate chain in the X.509 certificates contained within the PKCS#7
message as far as possible. If any signature that we should be able to verify
fails, we reject the whole lot.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys
and are tagged with:
keys-pefile-20140709
David
---
David Howells (16):
X.509: Add bits needed for PKCS#7
X.509: Export certificate parse and free functions
PKCS#7: Implement a parser [RFC 2315]
PKCS#7: Digest the data in a signed-data message
PKCS#7: Find t
The certificate data block in a PE binary has a wrapper around the PKCS#7
signature we actually want to get at. Strip this off and check that we've got
something that appears to be a PKCS#7 signature.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
c
Digest the signed parts of the PE binary, canonicalising the section table
before we need it, and then compare the the resulting digest to the one in the
PKCS#7 signed content.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys
The pesign utility had a bug where it was using OID_msIndividualSPKeyPurpose
instead of OID_msPeImageDataObjId - so allow both OIDs.
Signed-off-by: Vivek Goyal
Acked-by: Vivek Goyal
---
crypto/asymmetric_keys/mscode_parser.c |8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
dif
Validate the PKCS#7 trust chain against the contents of the system keyring.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
---
crypto/asymmetric_keys/verify_pefile.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/verify_pefile.c
b/crypto
The PKCS#7 certificate should contain a "Microsoft individual code signing"
data blob as its signed content. This blob contains a digest of the signed
content of the PE binary and the OID of the digest algorithm used (typically
SHA256).
Signed-off-by: David Howells
Acked-by: V
Parse the content of the certificate blob, presuming it to be PKCS#7 format.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/verify_pefile.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a
Parse a PE binary to find a key and a signature contained therein. Later
patches will check the signature and add the key if the signature checks out.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/Kconfig |9 ++
crypto
Provide some PE binary structural and constant definitions as taken from the
pesign package sources.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
include/linux/pe.h | 448
1 file changed, 448 insertions
-config key3.genkey \
-keyout key3.priv \
-out key3.x509
key3.genkey:
@echo Generating X.509 key generation config
@echo >$@ "[ req ]"
@echo >>$@ "default_bits = 4096"
@echo >>$@ "d
Implement a parser for a PKCS#7 signed-data message as described in part of
RFC 2315.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/Kconfig|9 +
crypto/asymmetric_keys/Makefile | 13 +
crypto/asymmetric_keys/pkcs7
Digest the data in a PKCS#7 signed-data message and attach to the
public_key_signature struct contained in the pkcs7_message struct.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/Makefile |3 -
crypto/asymmetric_keys
Find the intersection between the X.509 certificate chain contained in a PKCS#7
message and a set of keys that we already know and trust.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/Makefile |1
crypto/asymmetric_keys
PKCS#7 validation requires access to the serial number and the raw names in an
X.509 certificate.
Signed-off-by: David Howells
Reviewed-by: Kees Cook
Reviewed-by: Josh Boyer
---
crypto/asymmetric_keys/x509.asn1 |2 +-
crypto/asymmetric_keys/x509_cert_parser.c | 17
Signed-off-by: David Howells
Acked-by: Vivek Goyal
---
crypto/asymmetric_keys/Kconfig |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index b6df198..14cac28 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b
Find the appropriate key in the PKCS#7 key list and verify the signature with
it. There may be several keys in there forming a chain. Any link in that
chain or the root of that chain may be in our keyrings.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
Export certificate parse and free functions for use by modules.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
Reviewed-by: Josh Boyer
---
crypto/asymmetric_keys/x509_cert_parser.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/asymmetric_keys
Find the intersection between the X.509 certificate chain contained in a PKCS#7
message and a set of keys that we already know and trust.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/Makefile |1
crypto/asymmetric_keys
nt into the key.
They can be found on this branch also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-modsign.git/log/?h=pkcs7
and are tagged with:
keys-pkcs7-20140708
David
---
David Howells (7):
X.509: Export certificate parse and free functions
PKCS
Verify certificate chain in the X.509 certificates contained within the PKCS#7
message as far as possible. If any signature that we should be able to verify
fails, we reject the whole lot.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys
-config key3.genkey \
-keyout key3.priv \
-out key3.x509
key3.genkey:
@echo Generating X.509 key generation config
@echo >$@ "[ req ]"
@echo >>$@ "default_bits = 4096"
@echo >>$@ "d
Digest the data in a PKCS#7 signed-data message and attach to the
public_key_signature struct contained in the pkcs7_message struct.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/Makefile |3 -
crypto/asymmetric_keys
Implement a parser for a PKCS#7 signed-data message as described in part of
RFC 2315.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
---
crypto/asymmetric_keys/Kconfig|9 +
crypto/asymmetric_keys/Makefile | 13 +
crypto/asymmetric_keys/pkcs7
Find the appropriate key in the PKCS#7 key list and verify the signature with
it. There may be several keys in there forming a chain. Any link in that
chain or the root of that chain may be in our keyrings.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
Export certificate parse and free functions for use by modules.
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook
Reviewed-by: Josh Boyer
---
crypto/asymmetric_keys/x509_cert_parser.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/asymmetric_keys
51 matches
Mail list logo
