Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add codeSigning EKU when generating X.509 key generation
to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add codeSigning EKU when generating X.509 key generation
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add codeSigning EKU when generating X.509 key generation
config
Documentation/admin-guide/module
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU be enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
extension
field in X.509. And checking the CodeSigning EKU when verifying
signature of kernel module or kexec PE binary in PKCS#7.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (2):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for checking the CodeSigning extended
key usage extenstion when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
extension
field in X.509. And checking the CodeSigning EKU when verifying signature
of kernel module or kexec PE binary in PKCS#7.
Lee, Chun-Yi (2):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
certs/system_keyring.c
-Hartman
Cc: Arthur Heymans
Cc: Patrick Rudolph
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi.c | 7 ---
drivers/firmware/efi/vars.c | 17 +
2 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware
This patch creates efivars mount point when active efivars abstraction
be set. It is useful for userland to determine the availability of efivars
filesystem.
Cc: Matthias Brugger
Cc: Fabian Vogt
Cc: Ilias Apalodimas
Cc: Ard Biesheuvel
Signed-off-by: "Lee, Chun-Yi"
---
be
instantiated using a different efivars abstraction.
Cc: Matthias Brugger
Cc: Fabian Vogt
Cc: Ilias Apalodimas
Cc: Ard Biesheuvel
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/driver
Apalodimas
Cc: Ard Biesheuvel
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index fdd1db025dbf..929fbf4dfd5d 100644
--- a/drivers/fi
in Kconfig
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/kernel-parameters.tx
Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/power.h| 6
kernel/power/snapshot.c | 5
kernel/power/snapshot_key.c | 67 +
3 files changed, 78 insertions(+)
diff --git a/kernel/power/power.h b/kernel
. And the initialization
vector will be kept in snapshot header for resuming.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
ael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 18 ++-
kernel/power/power.h | 2
afael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/Kconfig| 14 +++
kernel/power/Makefile
hek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
Lee, Chun-Yi (5):
PM / hibernate: Create snapshot keys handler
PM / hibernate: Generate and verify sig
n
Cc: "Rafael J. Wysocki"
Cc: Chen Yu
Cc: Giovanni Gherdovich
Cc: Jann Horn
Cc: Andy Lutomirski
Cc: Pavel Machek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/main.
Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, Chun-Yi"
---
fs/sysfs/file.c | 8
include/linux/kobject.h | 2 ++
include/linux/sysfs.h | 2 ++
lib/kobject.c | 26 +
: Greg Kroah-Hartman
Cc: "Rafael J. Wysocki"
Cc: Chen Yu
Cc: Giovanni Gherdovich
Cc: Jann Horn
Cc: Andy Lutomirski
Cc: Pavel Machek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, Chun-Yi"
ael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 18 ++-
kernel/power/power.h | 26
kernel/pow
ael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 18 ++-
kernel/power/power.h | 26
kernel/pow
socki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/kernel-parameters.txt | 6
include/linux/kernel.h |
socki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/kernel-parameters.txt | 6
include/linux/kernel.h |
to forward snapshot master key to image kernel.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/power.h| 6 +
kernel/power
to forward snapshot master key to image kernel.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/power.h| 6 +
kernel/power
. And the initialization
vector will be kept in snapshot header for resuming.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 8 ++-
kernel/pow
. And the initialization
vector will be kept in snapshot header for resuming.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 8 ++-
kernel/pow
c: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
Lee, Chun-Yi (5):
PM / hibernate: Create snapshot keys handler
PM / hibernate: Generate and verify signature for snapshot image
PM / hibernate: Encrypt snapshot image
PM /
c: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
Lee, Chun-Yi (5):
PM / hibernate: Create snapshot keys handler
PM / hibernate: Generate and verify signature for snapshot image
PM / hibernate: Encrypt snapshot image
PM /
ialled when hibernation be triggered.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/Kconfig| 14 +++
kernel/power/Makefile
ialled when hibernation be triggered.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/Kconfig| 14 +++
kernel/power/Makefile
the resources of firmware enabled IOAPIC before
children bus. Then kernel gets a chance to reassign the resources of
children bus to avoid the conflict.
Cc: Bjorn Helgaas
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: "H. Peter Anvin"
Signed-off-by: "Lee, Chun-Yi"
---
arch
the resources of firmware enabled IOAPIC before
children bus. Then kernel gets a chance to reassign the resources of
children bus to avoid the conflict.
Cc: Bjorn Helgaas
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: "H. Peter Anvin"
Signed-off-by: "Lee, Chun-Yi"
---
arch
lt;ard.biesheu...@linaro.org>
Cc: Takashi Iwai <ti...@suse.de>
Cc: Vivek Goyal <vgo...@redhat.com>
Cc: Ingo Molnar <mi...@redhat.com>
Tested-by: Randy Wright <rwri...@hpe.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
drivers/firmware/efi/memmap.c
Cc: Takashi Iwai
Cc: Vivek Goyal
Cc: Ingo Molnar
Tested-by: Randy Wright
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c
index 5fc7052..1f
;rwri...@hpe.com>
Cc: Takashi Iwai <ti...@suse.de>
Cc: Vivek Goyal <vgo...@redhat.com>
Cc: Ingo Molnar <mi...@redhat.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/
o Molnar
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c
index 5fc7052..1f592d8 100644
--- a/drivers/firmware/efi/memmap.c
+++ b/drivers
>
Acked-by: Michal Hocko <mho...@suse.com>
Tested-by: Michal Hocko <mho...@suse.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
drivers/acpi/scan.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 8e6
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 8e63d93..490498e 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -116,6 +116,7 @@ bool acpi_scan_is_of
owe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459..d6de4d0 100644
--- a/certs/load_uefi.c
+++ b/certs/l
message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates list
message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates list
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by:
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 16 +---
1 file changed, 13 insert
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi"
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 43 ++-
include/linux/
or not, the hash can be
compared by kernel.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
we trust it.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
certs/load_uefi.c | 35 +++-
we trust it.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 35 +++
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index dc66a79..5252
or not, the hash can be
compared by kernel.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
kernel/module_signing.c | 62 +++--
1 file changed, 60 insertions(+), 2 deletions(-)
diff --git a/kernel/module_signing.
owe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: Lee, Chun-Yi <j...@suse.com>
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --g
Boyer
Cc: James Bottomley
Signed-off-by: Lee, Chun-Yi
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459..d6de4d0 100644
--- a/certs/load_uefi.c
+++ b/certs/load_uefi.c
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Cc: James Bottomley <james.bottom...@hansenpartnership.com>
Signed-off-by: Lee, Chun-Yi <j...
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: Lee, Chun-Yi
---
certs/load_uefi.c | 43 ++-
include/linux/efi.h | 25
message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates list
message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates list
ck, kernel sends the
KOBJ_CHANGE uevent with a offline environmental data to indicate
purpose. It's useful by udev rule for using ENV{EVENT} filter.
Cc: Michal Hocko <mho...@kernel.org>
Cc: "Rafael J. Wysocki" <r...@rjwysocki.net>
Cc: Len Brown <l...@kernel.org>
Signed
ck, kernel sends the
KOBJ_CHANGE uevent with a offline environmental data to indicate
purpose. It's useful by udev rule for using ENV{EVENT} filter.
Cc: Michal Hocko
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 3 ++-
1 fi
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
-
MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 43 ++-
include/linux/efi.h | 25 +
2 fil
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells
Cc: Josh Boyer
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
or not, the hash can be
compared by kernel.
Cc: David Howells <dhowe...@redhat.com>
Cc: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>
---
kernel/module_signing.c | 62 +++--
1 file changed, 60 inserti
or not, the hash can be
compared by kernel.
Cc: David Howells
Cc: Josh Boyer
Signed-off-by: "Lee, Chun-Yi"
---
kernel/module_signing.c | 62 +++--
1 file changed, 60 insertions(+), 2 deletions(-)
diff --git a/kernel/module_signing.c b/kernel/module_signi
1 - 100 of 464 matches
Mail list logo