ed-off-by: "Lee, Chun-Yi"
---
certs/blacklist.c | 3 +-
security/integrity/platform_certs/load_uefi.c | 40 +++
2 files changed, 31 insertions(+), 12 deletions(-)
diff --git a/certs/blacklist.c b/certs/blacklist.c
index 3a507b9e
function instead of inline.
Cc: Ard Biesheuvel
Cc: Kees Cook
Cc: Anton Vorontsov
Cc: Colin Cross
Cc: Tony Luck
Signed-off-by: "Lee, Chun-Yi"
---
include/linux/efi.h | 28
1 file changed, 28 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/e
This function can be used to transfer EFI status code to string
for printing out debug message. Using this function can improve
the readability of log.
Cc: Ard Biesheuvel
Cc: Kees Cook
Cc: Anton Vorontsov
Cc: Colin Cross
Cc: Tony Luck
Signed-off-by: "Lee, Chun-Yi"
---
include/l
he MODSIGN messagse level to debug.
Link:
https://forums.opensuse.org/showthread.php/535324-MODSIGN-Couldn-t-get-UEFI-db-list?p=2897516#post2897516
Cc: James Morris
Cc: Serge E. Hallyn"
Cc: David Howells
Cc: Nayna Jain
Cc: Josh Boyer
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
This function can be used to transfer EFI status code to string
for printing out debug message. Using this function can improve
the readability of log.
Cc: Ard Biesheuvel
Cc: Kees Cook
Cc: Anton Vorontsov
Cc: Colin Cross
Cc: Tony Luck
Signed-off-by: "Lee, Chun-Yi"
---
include/l
ltered out it.
Link:
https://forums.opensuse.org/showthread.php/535324-MODSIGN-Couldn-t-get-UEFI-db-list?p=2897516#post2897516
Cc: James Morris
Cc: Serge E. Hallyn"
Cc: David Howells
Cc: Nayna Jain
Cc: Josh Boyer
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
---
security
This function can be used to transfer EFI status code to string
for printing out debug message. Using this function can improve
the readability of log.
Cc: Ard Biesheuvel
Cc: Kees Cook
Cc: Anton Vorontsov
Cc: Colin Cross
Cc: Tony Luck
Signed-off-by: "Lee, Chun-Yi"
---
include/l
Cc: Ard Biesheuvel
Cc: David Howells
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/kernel-parameters.txt | 6 +
drivers/firmware/efi/Kconfig| 8 ++
drivers/firmware/efi/efi-secure-key.c | 33 +++
Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: Ard Biesheuvel
Cc: David Howells
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi-secure-key.c| 21 +
include/keys/efi-type.h | 7 +++
security/keys/encrypted-keys/encrypted
ells
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/cpuflags.c | 2 +-
arch/x86/boot/compressed/eboot.c| 2 +
arch/x86/boot/compressed/efi_root_key.c | 212
a
iesheuvel
Cc: David Howells
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
---
include/linux/efi.h | 26 ++
1 file changed, 26 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 56add823f190..744cf92fe18e 100644
--- a/include/linux/efi.h
+++ b/
Cc: Ard Biesheuvel
Cc: David Howells
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi-secure-key.c | 636 ++
include/keys/efi-type.h | 50 +++
2 files changed, 686 insertions(+)
create mode 100644 include/ke
Peter Anvin"
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: Ard Biesheuvel
Cc: David Howells
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
Lee, Chun-Yi (6):
x86/KASLR: make getting random long number function public
efi:
c: Oliver Neukum
Cc: Ryan Chen
Cc: Ard Biesheuvel
Cc: David Howells
Cc: Mimi Zohar
Signed-off-by: "Lee, Chun-Yi"
---
arch/x86/boot/compressed/kaslr.c | 21 -
arch/x86/boot/compressed/misc.c | 17 ++
arch/x86/boot/compressed/misc.h | 6
arch/x8
lt;ard.biesheu...@linaro.org>
Cc: Takashi Iwai <ti...@suse.de>
Cc: Vivek Goyal <vgo...@redhat.com>
Cc: Ingo Molnar <mi...@redhat.com>
Tested-by: Randy Wright <rwri...@hpe.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
drivers/firmware/efi/memmap.c
;rwri...@hpe.com>
Cc: Takashi Iwai <ti...@suse.de>
Cc: Vivek Goyal <vgo...@redhat.com>
Cc: Ingo Molnar <mi...@redhat.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/
message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates list
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by:
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi"
or not, the hash can be
compared by kernel.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
we trust it.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
certs/load_uefi.c | 35 +++-
owe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: Lee, Chun-Yi <j...
message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates list
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
-
or not, the hash can be
compared by kernel.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
kernel/module_signing.c | 62 +++--
1 file changed, 60 inserti
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
owe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459
. Or
revoking a kernel module that it was signed by a unsecure key.
Except MOKx, this patch set fixs another two issues: The MOK/MOKx should
not be loaded when secure boot is disabled. And, modified error message
prints out appropriate status string for reading by human being.
Lee, Chun-Yi (4
not be loaded when secure boot is disabled. And, modified error message
prints out appropriate status string for reading by human being.
Lee, Chun-Yi (4):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates list
flag can be kept when
the secure mode is not _unset_. Therefore the flag value from EFI stub
can also be kept.
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1418360
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
Cc: Matt Fleming <m...@codeblueprint.co.uk>
Cc
-off-by: Lee, Chun-Yi j...@suse.com
---
drivers/firmware/efi/efi-hibernate_keys.c | 3 +++
kernel/power/Kconfig | 3 ++-
kernel/power/snapshot.c | 8 ++--
kernel/power/user.c | 6 +-
4 files changed, 16 insertions(+), 4 deletions
Reviewed-by: Jiri Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
Documentation/power/swsusp-signature-verify.txt | 86 +
1 file changed, 86 insertions(+)
create mode 100644 Documentation/power/swsusp-signature
protocol. The separate codes
can avoid impacting aslr function.
Reviewed-by: Jiri Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/efi_random.c | 80
To grab random numbers through EFI protocol as one of the entropies
source of swsusp key, this patch adds the logic for accessing EFI RNG
(random number generator) protocol that's introduced since UEFI 2.4.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/efi_random.c | 209
...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/eboot.c | 4
arch/x86/boot/compressed/head_32.S | 6 +++---
arch/x86/boot/compressed/head_64.S | 8
arch/x86/include/asm/efi.h | 2 ++
4 files changed, 13
declaration.
- Moved set_hibernation_key_regen_flag to user.c
Lee, Chun-Yi (16):
PM / hibernate: define HMAC algorithm and digest size of hibernation
x86/efi: Add get and set variable to EFI services pointer table
x86/boot: Public getting random boot function
x86/efi: Generating random number
declaration.
- Moved set_hibernation_key_regen_flag to user.c
Lee, Chun-Yi (16):
PM / hibernate: define HMAC algorithm and digest size of hibernation
x86/efi: Add get and set variable to EFI services pointer table
x86/boot: Public getting random boot function
x86/efi: Generating random number
code uses it.
Add HIBERNATE_VERIFICATION kernel config for using by later hibernate
signature verification code.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
include/linux/suspend.h | 5 +
kernel/power/Kconfig| 13 +
kernel/power/power.h| 3 ++-
3 files changed, 20
...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/eboot.c | 4
arch/x86/boot/compressed/head_32.S | 6 +++---
arch/x86/boot/compressed/head_64.S | 8
arch/x86/include/asm/efi.h | 2 ++
4 files changed, 13
Moved the function of transferring EFI status to kernel error for
later used by EFI stub.
Reviewed-by: Jiri Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
drivers/firmware/efi/vars.c | 33 -
include
Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/eboot.c | 19 ---
arch/x86/power/hibernate_keys.c | 2 ++
drivers/firmware/Makefile | 1 +
drivers/firmware/efi/Kconfig
-b8a3-878a5dc9ef21.
Reviewed-by: Jiri Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/eboot.c | 60
arch/x86/include/asm/suspend.h | 9 ++
include/linux/suspend.h
For forwarding hibernation key from EFI stub to boot kernel, this patch
allocates setup data for carrying hibernation key, size and the status
of efi operating.
Reviewed-by: Jiri Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch
Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/power/hibernate_keys.c | 15 +++
kernel/power/power.h| 3 +++
kernel/power/snapshot.c | 6 ++
3 files changed, 24 insertions(+)
diff --git a/arch
that is unsigned or has a signature for which we don't
have the key. When the enforce flag is enabled, then the hibernate
restoring process will be failed and boot as normal.
Reviewed-by: Jiri Kosina jkos...@suse.com
Tested-by: Jiri Kosina jkos...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
m...@codeblueprint.co.uk
Cc: Borislav Petkov b...@alien8.de
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/platform/efi/efi_64.c | 32
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi
key when queried flag.
To aviod the swsusp key changes in hibernating cycle that causes hiberne
restoring failed, this flag is only available when system runs normal
reboot or shutdown. The hibernate code will clean the flag when it raised
in a hiberante cycle.
Signed-off-by: Lee, Chun-Yi j
codes will asking key handler to fill forward
informations to buffer page. Then restoring swsusp key data to key page,
and cleaning this page buffer for next cycle.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/power/hibernate_keys.c | 63 +
kernel
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
Documentation/power/swsusp-signature-verify.txt | 86 +
1 file changed, 86 insertions(+)
create mode 100644 Documentation/power/swsusp-signature-verify.txt
diff --git a/Documentation/power/swsusp-signature-verify.txt
b
by memblock.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/include/asm/suspend.h | 4 +++
arch/x86/kernel/setup.c | 21 ++-
arch/x86/power/Makefile | 1 +
arch/x86/power/hibernate_keys.c | 79 +
kernel/power/power.h
The HMAC key should only resides in kernel memory space but not leak
to outside. To avoid including swsusp key in hibernate snapshot image,
this patch adds the checking block in the code for asking saveable
pages to make sure the key page should not marked as saveable.
Signed-off-by: Lee, Chun-Yi
This patch moves the getting random boot function from aslr to misc
for later used by EFI stub to generate the first entropy of hmac key
for signing hibernate snapshot image.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/aslr.c | 55
Add get variable and set variable function to EFI services pointer
table for supporting later functions of hibernate signature
verification to keep the HMAC key in efi boot service veriable.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/eboot.c | 4
arch/x86/boot
option or sigenforce kernel parameter to force hibernate
recovery process stop when verification failed. It allows user to trigger the
key re-generating process in EFI stub through SNAPSHOT_REGENERATE_KEY ioctl.
Lee, Chun-Yi (16):
PM / hibernate: define HMAC algorithm and digest size of swsusp
Moved the function of transferring EFI status to kernel error for
later used by EFI stub.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
drivers/firmware/efi/vars.c | 33 -
include/linux/efi.h | 33 +
2 files changed, 33
protocol. The separate codes
can avoid impacting aslr function.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/efi_random.c | 88 +++
arch/x86/boot/compressed/misc.c | 4 +-
arch/x86/boot
To grab random numbers through EFI protocol as one of the entropies
source of swsusp key, this patch adds the logic for accessing EFI RNG
(random number generator) protocol that's introduced since UEFI 2.4.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/efi_random.c | 193
...@intel.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
drivers/firmware/efi/efi.c | 15 +++
drivers/firmware/efi/efivars.c | 1 +
2 files changed, 16 insertions(+)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index eff1a2f..6fee86b 100644
--- a/drivers
, and
register a corresponding platform device whenever EFI runtime services
are available. This should trigger udev to load them.
Cc: Ben Hutchings b...@decadent.org.uk
Cc: Matt Fleming matt.flem...@intel.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/platform/efi/efi.c| 15
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
init/main.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/init/main.c b/init/main.c
index febc511..b6d93c8 100644
--- a/init/main.c
+++ b/init/main.c
@@ -565,6 +565,7 @@ asmlinkage void __init start_kernel(void
the mechanism for adjust system
time and block CMOS interface.
About the definition of timezone and the format transformation between ACPI,
EFI and tm_gmtoff of GNU. Please check the rtc-tz.txt document in patch.
Jan Beulich (1):
x86-64/efi: Use EFI to deal with platform wall clock (again)
Lee, Chun
Compared with the logic in rtc_year_days of efirtc.c, the code in
rtc-efi decreases value of day twice when it computing year days.
That's becase rtc_year_days in rtc-lib.c already decrease day for
return the year days from 0 to 365.
---
drivers/rtc/rtc-efi.c |2 +-
1 files changed, 1
-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/kernel/rtc.c | 20
drivers/rtc/rtc-cmos.c |9 +
2 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/rtc.c b/arch/x86/kernel/rtc.c
index ca9622a..9b6c568 100644
--- a/arch/x86/kernel/rtc.c
the mechanism for adjust system
time and block CMOS interface.
About the definition of timezone and the format transformation between ACPI,
EFI and tm_gmtoff of GNU. Please check the rtc-tz.txt document in patch.
Jan Beulich (1):
x86-64/efi: Use EFI to deal with platform wall clock (again)
Lee, Chun
-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/kernel/rtc.c | 20
drivers/rtc/rtc-cmos.c |9 +
2 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/rtc.c b/arch/x86/kernel/rtc.c
index ca9622a..9b6c568 100644
--- a/arch/x86/kernel/rtc.c
Due to rtc-acpid and efi time used the same logic for computing
week day, so this patch moves code to rtc.h header file.
Additionally using a leap year algorithm to replace the for-loop
block in compute_wday for improve the performance. The first
version of algorithm is from Oliver Neukum.
---
When CMOS RTC Not Present git set in FADT, system should not access CMOS
interface for time. This patch move get/set rtc time function from CMOS
to EFI runtime on x86_64 machine. And, it also set the BUG_ON check in
rtc_cmos_read/write function to avoid access it.
Signed-off-by: Lee, Chun-Yi j
There have some functions, e.g. compute_yday, compute_wday, convert efi
time... are duplicated in efirtc, rtc-efi and will also used in rtc.c.
So this patch moved those functions of access efi time to efi.h header
file for sharing.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
drivers/char
This patch add rtc-tz.txt document to explain the RTC driver of
ACPI TAD, EFI TIME. It focus on the timezone field and CMOS RTC Not
Present bit of ACPI 5.0.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
Documentation/rtc-tz.txt | 510 ++
1 files
follow EFI spec to interpret the RTC time as a local time
if timezone value is EFI_UNSPECIFIED_TIMEZONE, that's because Linux stored
UTC to BIOS on shipped UEFI machines.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/platform/efi/efi.c | 37 +
include
This patch add the RTC driver of ACPI TAD to provide userspace access
ACPI time through RTC interface.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
drivers/rtc/Kconfig | 10 ++
drivers/rtc/Makefile |1 +
drivers/rtc/rtc-acpitad.c | 294
EFI_UNSPECIFIED_TIMEZONE value on IA64.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
drivers/rtc/rtc-efi.c | 100 -
1 files changed, 99 insertions(+), 1 deletions(-)
diff --git a/drivers/rtc/rtc-efi.c b/drivers/rtc/rtc-efi.c
index c4c3843..e0e3c7e
This patch add the driver of Time and Alarm Device in ACPI 5.0.
Currently it only implemented get/set time functions and grab
the capabilities of device when driver initial.
This driver also register rtc-acpitad platform device for RTC ACPITAD
stub driver using.
Signed-off-by: Lee, Chun-Yi j
.
Cc: Matt Fleming matt.flem...@intel.com
Cc: H. Peter Anvin h...@zytor.com
Cc: Matthew Garrett matthew.garr...@nebula.com
Cc: Thomas Gleixner t...@linutronix.de
Cc: Ingo Molnar mi...@redhat.com
Cc: Jan Beulich jbeul...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/platform/efi
-ker...@opensuse.org for review:
http://lists.opensuse.org/opensuse-kernel/2013-08/msg00025.html
V1:
- Internal review
- github:
https://github.com/joeyli/linux-s4sign/commits/devel-s4sign
Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
() in hibernate.c and user.c
Cc: Matthew Garrett mj...@srcf.ucam.org
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
kernel/power/Kconfig | 15 +
kernel/power/hibernate.c |4 ++-
kernel/power/hibernate_keys.c | 67 +
kernel/power
Show the verification time for monitor the performance of SHA256 and RSA
verification.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
kernel/power/snapshot.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/kernel/power
, Chun-Yi j...@suse.com
---
kernel/power/Kconfig| 46 ++
kernel/power/snapshot.c | 25 -
2 files changed, 66 insertions(+), 5 deletions(-)
diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
index b592d88..79b34fa
and copy the
remaining bytes from _EM.
V2:
- Check the memory allocate result of EM to avoid use it when allocate fail.
Cc: Pavel Machek pa...@ucw.cz
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/rsa.c | 20 +++-
1
/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf
V2:
- Clean up naming of variable: replace _EM by EM, replace EM by EM_tmp.
- Add comment to EMSA_PKCS1-v1_5-ENCODE function.
Cc: Pavel Machek pa...@ucw.cz
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j
Add generate_signature interface on signature.c, asymmetric-subtype and
rsa.c for prepare to implement signature generation.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/private_key.h | 29 +
crypto
Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/rsa.c | 29 -
1 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index aac8b77..a092aac 100644
--- a/crypto
-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/rsa.c | 47 +++--
1 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index a092aac..0ede317 100644
--- a/crypto/asymmetric_keys
it through snapshot_sig_enforce parameter or
EFI_SECURE_BOOT_SNAPSHOT_SIG_ENFORCE.
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
Documentation/kernel-parameters.txt |7 +++
arch/x86/Kconfig| 11 +++
include/linux/kernel.h |1 +
include/linux
: Pavel Machek pa...@ucw.cz
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/rsa.c | 33 -
1 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto
that will switch on Secure
Boot mode
Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
asymmetric keys: separate the length checking of octet string from
RSA_I2OSP
asymmetric keys
Add generate_signature interface on signature.c, asymmetric-subtype and
rsa.c for prepare to implement signature generation.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/private_key.h | 29 +
crypto
that will switch on Secure
Boot mode
Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
asymmetric keys: separate the length checking of octet string from
RSA_I2OSP
asymmetric keys
Add generate_signature interface on signature.c, asymmetric-subtype and
rsa.c for prepare to implement signature generation.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/private_key.h | 29 +
crypto
-off-by: Lee, Chun-Yi j...@suse.com
---
crypto/asymmetric_keys/rsa.c | 33 -
1 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index 6996ff7..c26ae77 100644
--- a/crypto/asymmetric_keys/rsa.c
on that. We'll then strip it from the initial
capability set if required.
Signed-off-by: Matthew Garrett m...@redhat.com
Acked-by: Lee, Chun-Yi j...@suse.com
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
include/uapi/linux/capability.h |6 +-
1 files changed, 5 insertions(+), 1 deletions
, Chun-Yi j...@suse.com
---
kernel/power/Kconfig| 46 ++
kernel/power/snapshot.c | 27 ++-
2 files changed, 68 insertions(+), 5 deletions(-)
diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
index b592d88..79b34fa
.
Userland hibernate tool can write GenS4Key at runtime, kernel will
respect the value but not overwrite it when S4. This mechanism let
userland tool can also notify bootloader to regenerate key-pair through
GenS4Key flag.
Cc: Matthew Garrett mj...@srcf.ucam.org
Signed-off-by: Lee, Chun-Yi j
This patch applied SNAPSHOT_VERIFICATION kernel config for switching
signature check of hibernate snapshot image.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
kernel/power/snapshot.c | 19 +++
kernel/power/swap.c | 30
keys from bootloader.
v2:
Replace sign_key_data_loaded() by skey_data_available() to check sign key data
is available for hibernate.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
kernel/power/hibernate.c | 36 +-
kernel/power/main.c
Show the verification time for monitor the performance of SHA256 and RSA
verification.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
kernel/power/snapshot.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/kernel/power
This patch add swsusp_page_is_sign_key() method to hibernate_key.c and
check the page is S4 sign key data when collect saveable page in
snapshot.c to avoid sign key data included in snapshot image.
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
kernel
to resume target kernel but don't need write new private
key to any other storage, e.g. swap.
Cc: Matthew Garrett mj...@srcf.ucam.org
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
kernel/power/power.h|6 +
kernel/power/snapshot.c | 280
on EFI_STUB in Kconfig
v2:
Add CONFIG_SNAPSHOT_VERIFICATION for build of hibernate_keys.c depend on
Kconfig.
Cc: Matthew Garrett mj...@srcf.ucam.org
Cc: Takashi Iwai ti...@suse.de
Reviewed-by: Jiri Kosina jkos...@suse.cz
Signed-off-by: Lee, Chun-Yi j...@suse.com
---
arch/x86/boot/compressed/eboot.c
1 - 100 of 107 matches
Mail list logo