[PATCH] drivers: crypto: geode-aes: fixed coding style warnings and error

fixed WARNING: Block comments should align the * on each line fixed WARNINGs: Missing a blank line after declarations fixed ERROR: space prohibited before that ',' (ctx:WxE) Signed-off-by: Chris Gorman --- drivers/crypto/geode-aes.c | 17 ++--- 1 file

[PATCH v3 7/7] ima: Support module-style appended signatures for appraisal

This patch introduces the modsig keyword to the IMA policy syntax to specify that a given hook should expect the file to have the IMA signature appended to it. Here is how it can be used in a rule: appraise func=KEXEC_KERNEL_CHECK appraise_type=modsig|imasig With this rule, IMA will accept

[PATCH v3 6/7] ima: Store measurement after appraisal

When module-style signatures appended at the end of files are supported for IMA appraisal, the code will fallback to the xattr signature if the appended one fails to verify. The problem is that we don't know whether we need to fallback to the xattr signature until the appraise step, and by then

[PATCH v3 4/7] integrity: Introduce integrity_keyring_from_id

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig.c| 28 +++-

[PATCH v3 2/7] MODSIGN: Export module signature definitions.

IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use

[PATCH v3 5/7] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v3 1/7] integrity: Introduce struct evm_hmac_xattr

Even though struct evm_ima_xattr_data includes a fixed-size array to hold a SHA1 digest, most of the code ignores the array and uses the struct to mean "type indicator followed by data of unspecified size" and tracks the real size of what the struct represents in a separate length variable. The

[PATCH v3 0/7] Appended signatures support for IMA appraisal

Hello, The main change in this version is that the process of first trying to verify a modsig and then trying an xattr sig if the former fails is now done in ima_appraise_measurement instead of process_measurement. As a result, the changes needed in the latter are small. This is possible because

[PATCH v3 3/7] PKCS#7: Introduce verify_pkcs7_message_sig

Add function verify_pkcs7_message_signature which takes a struct pkcs7_message for verification isntead of the raw bytes that verify_pkcs7_signature takes. This will be used by IMA to verify files with module-style appended signatures. Signed-off-by: Thiago Jung Bauermann

Re: [PATCH v2 2/3] crypto: ccp - Introduce the AMD Secure Processor device

Hi Brijesh, [auto build test ERROR on cryptodev/master] [also build test ERROR on next-20170705] [cannot apply to v4.12] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

[bug report] crypto: inside-secure - add SafeXcel EIP197 crypto engine driver

Hello Antoine Tenart, The patch 1b44c5a60c13: "crypto: inside-secure - add SafeXcel EIP197 crypto engine driver" from May 24, 2017, leads to the following static checker warning: drivers/crypto/inside-secure/safexcel_hash.c:890 safexcel_hmac_sha1_setkey() error: buffer overflow

Re: [PATCH v2 2/3] crypto: ccp - Introduce the AMD Secure Processor device

On 7/6/17 3:37 AM, kbuild test robot wrote: > Hi Brijesh, > > [auto build test ERROR on cryptodev/master] > [also build test ERROR on next-20170705] > [cannot apply to v4.12] > [if your patch is applied to the wrong git tree, please drop us a note to > help improve the system] > > url: >

Re: [PATCH v3 net-next 0/4] kernel TLS

Dave, On Wed, Jun 14, 2017 at 8:36 PM, Dave Watson wrote: > Documentation/networking/tls.txt | 135 +++ > MAINTAINERS| 10 + > include/linux/socket.h | 1 + > include/net/inet_connection_sock.h | 4 + > include/net/tcp.h

Re: [PATCH v3 net-next 0/4] kernel TLS

Hi Richard, On 07/06/17 04:30 PM, Richard Weinberger wrote: > Dave, > > On Wed, Jun 14, 2017 at 8:36 PM, Dave Watson wrote: > > Documentation/networking/tls.txt | 135 +++ > > MAINTAINERS| 10 + > > include/linux/socket.h | 1 +

[PATCH v4 0/5] Introduce AMD Secure Processor device

CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor, which is not dedicated solely to crypto. The AMD Secure Processor includes CCP and PSP (Platform Secure Processor) devices. This patch series adds a framework that allows functional component of the AMD Secure Processor to be

[PATCH v4 3/5] crypto: cpp - Abstract interrupt registeration

The CCP and PSP devices part of AMD Secure Procesor may share the same interrupt. Hence we expand the SP device to register a common interrupt handler and provide functions to CCP and PSP devices to register their interrupt callback which will be invoked upon interrupt. Signed-off-by: Brijesh

[PATCH v4 5/5] crypto: ccp - remove ccp_present() check from device initialize

Since SP device driver supports multiples devices (e.g CCP, PSP), we should not fail the driver init just because CCP device is not found. Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- drivers/crypto/ccp/sp-dev.c | 12 1 file

[PATCH v4 2/5] crypto: ccp - Introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh

[PATCH v4 4/5] crypto: ccp - rename ccp driver initialize files as sp device

CCP device initializes is now integerated into higher level SP device, to avoid the confusion lets rename the ccp driver initialization files (ccp-platform.c->sp-platform.c, ccp-pci.c->sp-pci.c). The patch does not make any functional changes other than renaming file and structures Signed-off-by:

[PATCH v4 1/5] crypto: ccp - Use devres interface to allocate PCI/iomap and cleanup

Update pci and platform files to use devres interface to allocate the PCI and iomap resources. Also add helper functions to consolicate module init, exit and power mangagement code duplication. Signed-off-by: Brijesh Singh Acked-by: Gary R Hook ---