[PATCH v5,4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU

Add an openssl command option example for generating CodeSign extended key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled. Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/module-signing.rst | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/a

[PATCH v5,2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[PATCH v5,3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Add codeSigning EKU to the X.509 key generation config for the build time autogenerated kernel key. Signed-off-by: "Lee, Chun-Yi" --- certs/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/Makefile b/certs/Makefile index f4c25b67aad9..1ef4d6ca43b7 100644 --- a/cert

[PATCH v5,1/4] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH v5 0/4] Check codeSigning extended key usage extension

option example for generating CodeSign EKU to module-signing.rst document. v2: Changed the help wording in the Kconfig. Lee, Chun-Yi (4): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification modsign: Add

[PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU

Add an openssl command option example for generating CodeSign extended key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled. Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/module-signing.rst | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/a

[PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Add codeSigning EKU to the X.509 key generation config for the build time autogenerated kernel key. Signed-off-by: "Lee, Chun-Yi" --- certs/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/Makefile b/certs/Makefile index f4c25b67aad9..1ef4d6ca43b7 100644 --- a/cert

[PATCH 2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[PATCH 1/4] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH v5 0/4] Check codeSigning extended key usage extension

option example for generating CodeSign EKU to module-signing.rst document. v2: Changed the help wording in the Kconfig. Lee, Chun-Yi (4): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification modsign: Add

[PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU

Add an openssl command option example for generating CodeSign extended key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled. Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/module-signing.rst | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/a

[PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Add codeSigning EKU to the X.509 key generation config for the build time autogenerated kernel key. Signed-off-by: "Lee, Chun-Yi" --- certs/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/Makefile b/certs/Makefile index f4c25b67aad9..1ef4d6ca43b7 100644 --- a/cert

[PATCH 2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[PATCH 1/4] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH v5 0/4] Check codeSigning extended key usage extension

option example for generating CodeSign EKU to module-signing.rst document. v2: Changed the help wording in the Kconfig. Lee, Chun-Yi (4): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification modsign: Add

[PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Add codeSigning EKU to the X.509 key generation config for the build time autogenerated kernel key. Signed-off-by: "Lee, Chun-Yi" --- certs/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/Makefile b/certs/Makefile index f4c25b67aad9..1ef4d6ca43b7 100644 --- a/cert

[PATCH 1/4] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU

Add an openssl command option example for generating CodeSign extended key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled. Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/module-signing.rst | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/a

[PATCH 2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[PATCH v5 0/4] Check codeSigning extended key usage extension

option example for generating CodeSign EKU to module-signing.rst document. v2: Changed the help wording in the Kconfig. Lee, Chun-Yi (4): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification modsign: Add

[PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU

Add an openssl command option example for generating CodeSign extended key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled. Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/module-signing.rst | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/a

[PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Add codeSigning EKU to the X.509 key generation config for the build time autogenerated kernel key. Signed-off-by: "Lee, Chun-Yi" --- certs/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/Makefile b/certs/Makefile index f4c25b67aad9..1ef4d6ca43b7 100644 --- a/cert

[PATCH 2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[PATCH 1/4] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH v4 0/4] Check codeSigning extended key usage extension

to module-signing.rst document. v2: Changed the help wording in the Kconfig. Lee, Chun-Yi (4): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification modsign: Add codeSigning EKU when generating X.509 key generation

[PATCH v4 0/4] Check codeSigning extended key usage extension

to module-signing.rst document. v2: Changed the help wording in the Kconfig. Lee, Chun-Yi (4): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification modsign: Add codeSigning EKU when generating X.509 key generation

[PATCH 2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU

Add an openssl command option example for generating CodeSign extended key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled. Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/module-signing.rst | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/a

[PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Add codeSigning EKU to the X.509 key generation config for the build time autogenerated kernel key. Signed-off-by: "Lee, Chun-Yi" --- certs/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/Makefile b/certs/Makefile index f4c25b67aad9..1ef4d6ca43b7 100644 --- a/cert

[PATCH 1/4] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH 0/4] Check codeSigning extended key usage extension

the help wording in the Kconfig. Lee, Chun-Yi (4): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification modsign: Add codeSigning EKU when generating X.509 key generation config Documentation/admin-guide/module

[PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU

Add an openssl command option example for generating CodeSign extended key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU be enabled. Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/module-signing.rst | 6 ++ 1 file changed, 6 insertions(+) diff --git a/Documentation/a

[PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Add codeSigning EKU to the X.509 key generation config for the build time autogenerated kernel key. Signed-off-by: "Lee, Chun-Yi" --- certs/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/certs/Makefile b/certs/Makefile index f4c25b67aad9..1ef4d6ca43b7 100644 --- a/cert

[PATCH v2 2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[PATCH v2 1/4] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH v2 1/2] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[PATCH v2 0/2] Check codeSigning extended key usage extension

extension field in X.509. And checking the CodeSigning EKU when verifying signature of kernel module or kexec PE binary in PKCS#7. v2: Changed the help wording in the Kconfig. Lee, Chun-Yi (2): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec

[PATCH v2 2/2] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig | 9 +++

[RFC PATCH 2/2] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification

This patch adds the logic for checking the CodeSigning extended key usage extenstion when verifying signature of kernel module or kexec PE binary in PKCS#7. Signed-off-by: "Lee, Chun-Yi" --- certs/system_keyring.c | 2 +- crypto/asymmetric_keys/Kconfig

[RFC PATCH 1/2] X.509: Add CodeSigning extended key usage parsing

This patch adds the logic for parsing the CodeSign extended key usage extension in X.509. The parsing result will be set to the eku flag which is carried by public key. It can be used in the PKCS#7 verification. Signed-off-by: "Lee, Chun-Yi" --- crypto/asymmetric_keys/x509_cert_par

[RFC PATCH 0/2] Check codeSigning extended key usage extension

extension field in X.509. And checking the CodeSigning EKU when verifying signature of kernel module or kexec PE binary in PKCS#7. Lee, Chun-Yi (2): X.509: Add CodeSigning extended key usage parsing PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification certs/system_keyring.c

[PATCH] efi/efivars: Create efivars mount point in the registration of efivars abstraction

-Hartman Cc: Arthur Heymans Cc: Patrick Rudolph Signed-off-by: "Lee, Chun-Yi" --- drivers/firmware/efi/efi.c | 7 --- drivers/firmware/efi/vars.c | 17 + 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware

[PATCH v2] efi/efivars: Create efivars mount point via efivars abstraction

This patch creates efivars mount point when active efivars abstraction be set. It is useful for userland to determine the availability of efivars filesystem. Cc: Matthias Brugger Cc: Fabian Vogt Cc: Ilias Apalodimas Cc: Ard Biesheuvel Signed-off-by: "Lee, Chun-Yi" ---

[PATCH v2] efi/efivars: Create efivars mount point via efivars abstraction

be instantiated using a different efivars abstraction. Cc: Matthias Brugger Cc: Fabian Vogt Cc: Ilias Apalodimas Cc: Ard Biesheuvel Signed-off-by: "Lee, Chun-Yi" --- drivers/firmware/efi/efi.c | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/driver

[PATCH] efi/efivars: create efivars mount point when get variable services are available

Apalodimas Cc: Ard Biesheuvel Signed-off-by: "Lee, Chun-Yi" --- drivers/firmware/efi/efi.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index fdd1db025dbf..929fbf4dfd5d 100644 --- a/drivers/fi

[PATCH 5/5 v2] PM / hibernate: An option to request that snapshot image must be authenticated

in Kconfig Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Cc: Randy Dunlap Cc: Jann Horn Cc: Andy Lutomirski Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/kernel-parameters.tx

[PATCH 4/5 v2] PM / hibernate: Erase the snapshot master key in snapshot pages

Lutomirski Signed-off-by: "Lee, Chun-Yi" --- kernel/power/power.h| 6 kernel/power/snapshot.c | 5 kernel/power/snapshot_key.c | 67 + 3 files changed, 78 insertions(+) diff --git a/kernel/power/power.h b/kernel

[PATCH 3/5] PM / hibernate: Encrypt snapshot image

. And the initialization vector will be kept in snapshot header for resuming. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Cc: Randy Dunlap Cc: Jann Horn Cc: Andy Lutomirski Signed-off-by: "Lee, Chun-Yi"

[PATCH 2/5] PM / hibernate: Generate and verify signature for snapshot image

ael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Cc: Randy Dunlap Cc: Jann Horn Cc: Andy Lutomirski Signed-off-by: "Lee, Chun-Yi" --- kernel/power/hibernate.c | 18 ++- kernel/power/power.h | 2

[PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler

afael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Cc: Randy Dunlap Cc: Jann Horn Cc: Andy Lutomirski Signed-off-by: "Lee, Chun-Yi" --- kernel/power/Kconfig| 14 +++ kernel/power/Makefile

[PATCH 0/5 v2][RFC] Encryption and authentication for hibernate snapshot image

hek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Cc: Randy Dunlap Cc: Jann Horn Cc: Andy Lutomirski Signed-off-by: "Lee, Chun-Yi" Lee, Chun-Yi (5): PM / hibernate: Create snapshot keys handler PM / hibernate: Generate and verify sig

[PATCH 2/2] PM / Sleep: Check the file capability when writing wake lock interface

n Cc: "Rafael J. Wysocki" Cc: Chen Yu Cc: Giovanni Gherdovich Cc: Jann Horn Cc: Andy Lutomirski Cc: Pavel Machek Cc: Len Brown Cc: "Martin K. Petersen" Cc: Randy Dunlap Cc: Joe Perches Cc: Bart Van Assche Signed-off-by: "Lee, Chun-Yi" --- kernel/power/main.

[PATCH 1/2] sysfs: Add hook for checking the file capable for opener

Len Brown Cc: "Martin K. Petersen" Cc: Randy Dunlap Cc: Joe Perches Cc: Bart Van Assche Signed-off-by: "Lee, Chun-Yi" --- fs/sysfs/file.c | 8 include/linux/kobject.h | 2 ++ include/linux/sysfs.h | 2 ++ lib/kobject.c | 26 +

[PATCH 0/2] [RFC] sysfs: Add hook for checking the file capability of opener

: Greg Kroah-Hartman Cc: "Rafael J. Wysocki" Cc: Chen Yu Cc: Giovanni Gherdovich Cc: Jann Horn Cc: Andy Lutomirski Cc: Pavel Machek Cc: Len Brown Cc: "Martin K. Petersen" Cc: Randy Dunlap Cc: Joe Perches Cc: Bart Van Assche Signed-off-by: "Lee, Chun-Yi"

[PATCH 2/5] PM / hibernate: Generate and verify signature for snapshot image

ael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/hibernate.c | 18 ++- kernel/power/power.h | 26 kernel/pow

[PATCH 2/5] PM / hibernate: Generate and verify signature for snapshot image

ael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/hibernate.c | 18 ++- kernel/power/power.h | 26 kernel/pow

[PATCH 5/5] PM / hibernate: An option to request that snapshot image must be authenticated

socki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/kernel-parameters.txt | 6 include/linux/kernel.h |

[PATCH 5/5] PM / hibernate: An option to request that snapshot image must be authenticated

socki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- Documentation/admin-guide/kernel-parameters.txt | 6 include/linux/kernel.h |

[PATCH 4/5] PM / hibernate: Erase the snapshot master key in snapshot pages

to forward snapshot master key to image kernel. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/power.h| 6 + kernel/power

[PATCH 4/5] PM / hibernate: Erase the snapshot master key in snapshot pages

to forward snapshot master key to image kernel. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/power.h| 6 + kernel/power

[PATCH 3/5] PM / hibernate: Encrypt snapshot image

. And the initialization vector will be kept in snapshot header for resuming. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/hibernate.c | 8 ++- kernel/pow

[PATCH 3/5] PM / hibernate: Encrypt snapshot image

. And the initialization vector will be kept in snapshot header for resuming. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/hibernate.c | 8 ++- kernel/pow

[PATCH 0/5][RFC] Encryption and authentication for hibernate snapshot image

c: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" Lee, Chun-Yi (5): PM / hibernate: Create snapshot keys handler PM / hibernate: Generate and verify signature for snapshot image PM / hibernate: Encrypt snapshot image PM /

[PATCH 0/5][RFC] Encryption and authentication for hibernate snapshot image

c: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" Lee, Chun-Yi (5): PM / hibernate: Create snapshot keys handler PM / hibernate: Generate and verify signature for snapshot image PM / hibernate: Encrypt snapshot image PM /

[PATCH 1/5] PM / hibernate: Create snapshot keys handler

ialled when hibernation be triggered. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/Kconfig| 14 +++ kernel/power/Makefile

[PATCH 1/5] PM / hibernate: Create snapshot keys handler

ialled when hibernation be triggered. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Signed-off-by: "Lee, Chun-Yi" --- kernel/power/Kconfig| 14 +++ kernel/power/Makefile

[PATCH] x86/PCI: Claim the resources of firmware enabled IOAPIC before children bus

the resources of firmware enabled IOAPIC before children bus. Then kernel gets a chance to reassign the resources of children bus to avoid the conflict. Cc: Bjorn Helgaas Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Signed-off-by: "Lee, Chun-Yi" --- arch

[PATCH] x86/PCI: Claim the resources of firmware enabled IOAPIC before children bus

the resources of firmware enabled IOAPIC before children bus. Then kernel gets a chance to reassign the resources of children bus to avoid the conflict. Cc: Bjorn Helgaas Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Signed-off-by: "Lee, Chun-Yi" --- arch

[PATCH] efi: Fix the size not consistent issue when unmapping memory map

lt;ard.biesheu...@linaro.org> Cc: Takashi Iwai <ti...@suse.de> Cc: Vivek Goyal <vgo...@redhat.com> Cc: Ingo Molnar <mi...@redhat.com> Tested-by: Randy Wright <rwri...@hpe.com> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com> --- drivers/firmware/efi/memmap.c

[PATCH] efi: Fix the size not consistent issue when unmapping memory map

Cc: Takashi Iwai Cc: Vivek Goyal Cc: Ingo Molnar Tested-by: Randy Wright Signed-off-by: "Lee, Chun-Yi" --- drivers/firmware/efi/memmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c index 5fc7052..1f

[PATCH] efi: Fix the size not consistent issue when unmapping memory map

;rwri...@hpe.com> Cc: Takashi Iwai <ti...@suse.de> Cc: Vivek Goyal <vgo...@redhat.com> Cc: Ingo Molnar <mi...@redhat.com> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com> --- drivers/firmware/efi/memmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/

[PATCH] efi: Fix the size not consistent issue when unmapping memory map

o Molnar Signed-off-by: "Lee, Chun-Yi" --- drivers/firmware/efi/memmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c index 5fc7052..1f592d8 100644 --- a/drivers/firmware/efi/memmap.c +++ b/drivers

[PATCH v2] ACPI / scan: Send the change uevent with offine environmental data

> Acked-by: Michal Hocko <mho...@suse.com> Tested-by: Michal Hocko <mho...@suse.com> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com> --- drivers/acpi/scan.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c index 8e6

[PATCH v2] ACPI / scan: Send the change uevent with offine environmental data

Signed-off-by: "Lee, Chun-Yi" --- drivers/acpi/scan.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c index 8e63d93..490498e 100644 --- a/drivers/acpi/scan.c +++ b/drivers/acpi/scan.c @@ -116,6 +116,7 @@ bool acpi_scan_is_of

[PATCH 1/5] MODSIGN: do not load mok when secure boot disabled

owe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com> --- certs/load_uefi.c | 26 +++--- 1 file changed, 15 insertions(+), 11 deletions(-)

[PATCH 1/5] MODSIGN: do not load mok when secure boot disabled

Boyer Cc: James Bottomley Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 26 +++--- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/certs/load_uefi.c b/certs/load_uefi.c index 3d88459..d6de4d0 100644 --- a/certs/load_uefi.c +++ b/certs/l

[PATCH 0/5 v2] Using the hash in MOKx to blacklist kernel module

message prints out appropriate status string for reading by human being. v2: Chekcikng the attributes of db and mok before loading certificates. Lee, Chun-Yi (5): MODSIGN: do not load mok when secure boot disabled MODSIGN: print appropriate status message when getting UEFI certificates list

[PATCH 0/5 v2] Using the hash in MOKx to blacklist kernel module

message prints out appropriate status string for reading by human being. v2: Chekcikng the attributes of db and mok before loading certificates. Lee, Chun-Yi (5): MODSIGN: do not load mok when secure boot disabled MODSIGN: print appropriate status message when getting UEFI certificates list

[PATCH 3/5] MODSIGN: load blacklist from MOKx

This patch adds the logic to load the blacklisted hash and certificates from MOKx which is maintained by shim bootloader. Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Signed-off-by:

[PATCH 3/5] MODSIGN: load blacklist from MOKx

This patch adds the logic to load the blacklisted hash and certificates from MOKx which is maintained by shim bootloader. Cc: David Howells Cc: Josh Boyer Cc: James Bottomley Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 16 +--- 1 file changed, 13 insert

[PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list

MokListRT: EFI_NOT_FOUND [0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Signed-off-by: "Lee, Chun-Yi"

[PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list

MokListRT: EFI_NOT_FOUND [0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells Cc: Josh Boyer Cc: James Bottomley Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 43 ++- include/linux/

[PATCH 4/5] MODSIGN: checking the blacklisted hash before loading a kernel module

or not, the hash can be compared by kernel. Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>

[PATCH 5/5] MODSIGN: check the attributes of db and mok

we trust it. Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com> --- certs/load_uefi.c | 35 +++-

[PATCH 5/5] MODSIGN: check the attributes of db and mok

we trust it. Cc: David Howells Cc: Josh Boyer Cc: James Bottomley Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 35 +++ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/certs/load_uefi.c b/certs/load_uefi.c index dc66a79..5252

[PATCH 4/5] MODSIGN: checking the blacklisted hash before loading a kernel module

or not, the hash can be compared by kernel. Cc: David Howells Cc: Josh Boyer Cc: James Bottomley Signed-off-by: "Lee, Chun-Yi" --- kernel/module_signing.c | 62 +++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/kernel/module_signing.

[PATCH 1/5] MODSIGN: do not load mok when secure boot disabled

owe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Signed-off-by: Lee, Chun-Yi <j...@suse.com> --- certs/load_uefi.c | 26 +++--- 1 file changed, 15 insertions(+), 11 deletions(-) diff --g

[PATCH 1/5] MODSIGN: do not load mok when secure boot disabled

Boyer Cc: James Bottomley Signed-off-by: Lee, Chun-Yi --- certs/load_uefi.c | 26 +++--- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/certs/load_uefi.c b/certs/load_uefi.c index 3d88459..d6de4d0 100644 --- a/certs/load_uefi.c +++ b/certs/load_uefi.c

[PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list

MokListRT: EFI_NOT_FOUND [0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Signed-off-by: Lee, Chun-Yi <j...

[PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list

MokListRT: EFI_NOT_FOUND [0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells Cc: Josh Boyer Cc: James Bottomley Signed-off-by: Lee, Chun-Yi --- certs/load_uefi.c | 43 ++- include/linux/efi.h | 25

[PATCH 0/5 v2] Using the hash in MOKx to blacklist kernel module

message prints out appropriate status string for reading by human being. v2: Chekcikng the attributes of db and mok before loading certificates. Lee, Chun-Yi (5): MODSIGN: do not load mok when secure boot disabled MODSIGN: print appropriate status message when getting UEFI certificates list

[PATCH 0/5 v2] Using the hash in MOKx to blacklist kernel module

message prints out appropriate status string for reading by human being. v2: Chekcikng the attributes of db and mok before loading certificates. Lee, Chun-Yi (5): MODSIGN: do not load mok when secure boot disabled MODSIGN: print appropriate status message when getting UEFI certificates list

[PATCH] ACPI / scan: Send the change uevent with offine environmental data

ck, kernel sends the KOBJ_CHANGE uevent with a offline environmental data to indicate purpose. It's useful by udev rule for using ENV{EVENT} filter. Cc: Michal Hocko <mho...@kernel.org> Cc: "Rafael J. Wysocki" <r...@rjwysocki.net> Cc: Len Brown <l...@kernel.org> Signed

[PATCH] ACPI / scan: Send the change uevent with offine environmental data

ck, kernel sends the KOBJ_CHANGE uevent with a offline environmental data to indicate purpose. It's useful by udev rule for using ENV{EVENT} filter. Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Len Brown Signed-off-by: "Lee, Chun-Yi" --- drivers/acpi/scan.c | 3 ++- 1 fi

[PATCH 2/4] MODSIGN: print appropriate status message when getting UEFI certificates list

MokListRT: EFI_NOT_FOUND [0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com> -

[PATCH 2/4] MODSIGN: print appropriate status message when getting UEFI certificates list

MokListRT: EFI_NOT_FOUND [0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells Cc: Josh Boyer Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 43 ++- include/linux/efi.h | 25 + 2 fil

[PATCH 3/4] MODSIGN: load blacklist from MOKx

This patch adds the logic to load the blacklisted hash and certificates from MOKx which is maintained by shim bootloader. Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com>

[PATCH 3/4] MODSIGN: load blacklist from MOKx

This patch adds the logic to load the blacklisted hash and certificates from MOKx which is maintained by shim bootloader. Cc: David Howells Cc: Josh Boyer Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-)

[PATCH 4/4] MODSIGN: checking the blacklisted hash before loading a kernel module

or not, the hash can be compared by kernel. Cc: David Howells <dhowe...@redhat.com> Cc: Josh Boyer <jwbo...@fedoraproject.org> Signed-off-by: "Lee, Chun-Yi" <j...@suse.com> --- kernel/module_signing.c | 62 +++-- 1 file changed, 60 inserti

[PATCH 4/4] MODSIGN: checking the blacklisted hash before loading a kernel module

or not, the hash can be compared by kernel. Cc: David Howells Cc: Josh Boyer Signed-off-by: "Lee, Chun-Yi" --- kernel/module_signing.c | 62 +++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/kernel/module_signing.c b/kernel/module_signi

  1   2   3   4   5   >