On Tue, Feb 09, 2021 at 01:14:06PM +, David Howells wrote:
>
> Hi Eric, Mickaël,
>
> Do we have a consensus on this? From what's written here, I don't think I can
> ask Linus to pull the merge of your two branches. I feel that I probably need
> to push Eric's first as that fixes a CVE if I
On 09/02/2021 22:53, Mickaël Salaün wrote:
>
> On 09/02/2021 00:05, Eric Snowberg wrote:
>>
>>> On Feb 6, 2021, at 11:30 AM, Mickaël Salaün wrote:
>>>
>>> On 06/02/2021 02:14, Eric Snowberg wrote:
>>>
I have done some additional testing, I am seeing a regression. The
blacklist
On 09/02/2021 00:05, Eric Snowberg wrote:
>
>> On Feb 6, 2021, at 11:30 AM, Mickaël Salaün wrote:
>>
>> On 06/02/2021 02:14, Eric Snowberg wrote:
>>
>>> I have done some additional testing, I am seeing a regression. The
>>> blacklist
>>> keyring is no longer picking up any of the hashes from
Mickaël Salaün wrote:
> The only commit causing issues is commit f78e50c8f750 ("certs: Factor
> out the blacklist hash creation"). I think my last patch fix the issue,
> and I'm testing with the UEFI DBX, but I don't understand why this
> change would have an impact. In the meantime you can push
Hi David,
The only commit causing issues is commit f78e50c8f750 ("certs: Factor
out the blacklist hash creation"). I think my last patch fix the issue,
and I'm testing with the UEFI DBX, but I don't understand why this
change would have an impact. In the meantime you can push Eric's commits
Hi Eric, Mickaël,
Do we have a consensus on this? From what's written here, I don't think I can
ask Linus to pull the merge of your two branches. I feel that I probably need
to push Eric's first as that fixes a CVE if I can't offer a merge.
David
> On Feb 6, 2021, at 11:30 AM, Mickaël Salaün wrote:
>
> On 06/02/2021 02:14, Eric Snowberg wrote:
>
>> I have done some additional testing, I am seeing a regression. The blacklist
>> keyring is no longer picking up any of the hashes from the dbx during boot.
>> I backed out the merge with
On 06/02/2021 02:14, Eric Snowberg wrote:
>
>> On Feb 5, 2021, at 3:27 AM, Mickaël Salaün wrote:
>>
>>
>> On 05/02/2021 01:24, Eric Snowberg wrote:
>>>
On Feb 4, 2021, at 1:26 AM, Mickaël Salaün wrote:
On 04/02/2021 04:53, Eric Snowberg wrote:
>
>> On Feb 3, 2021,
> On Feb 5, 2021, at 3:27 AM, Mickaël Salaün wrote:
>
>
> On 05/02/2021 01:24, Eric Snowberg wrote:
>>
>>> On Feb 4, 2021, at 1:26 AM, Mickaël Salaün wrote:
>>>
>>>
>>> On 04/02/2021 04:53, Eric Snowberg wrote:
> On Feb 3, 2021, at 11:49 AM, Mickaël Salaün wrote:
>
>
On 05/02/2021 01:24, Eric Snowberg wrote:
>
>> On Feb 4, 2021, at 1:26 AM, Mickaël Salaün wrote:
>>
>>
>> On 04/02/2021 04:53, Eric Snowberg wrote:
>>>
On Feb 3, 2021, at 11:49 AM, Mickaël Salaün wrote:
This looks good to me, and it still works for my use case. Eric's
> On Feb 4, 2021, at 1:26 AM, Mickaël Salaün wrote:
>
>
> On 04/02/2021 04:53, Eric Snowberg wrote:
>>
>>> On Feb 3, 2021, at 11:49 AM, Mickaël Salaün wrote:
>>>
>>> This looks good to me, and it still works for my use case. Eric's
>>> patchset only looks for asymmetric keys in the
Eric Snowberg wrote:
> > On Feb 3, 2021, at 11:49 AM, Mickaël Salaün wrote:
> >
> > This looks good to me, and it still works for my use case. Eric's
> > patchset only looks for asymmetric keys in the blacklist keyring, so
> > even if we use the same keyring we don't look for the same key
On 04/02/2021 04:53, Eric Snowberg wrote:
>
>> On Feb 3, 2021, at 11:49 AM, Mickaël Salaün wrote:
>>
>> This looks good to me, and it still works for my use case. Eric's
>> patchset only looks for asymmetric keys in the blacklist keyring, so
>> even if we use the same keyring we don't look for
> On Feb 3, 2021, at 11:49 AM, Mickaël Salaün wrote:
>
> This looks good to me, and it still works for my use case. Eric's
> patchset only looks for asymmetric keys in the blacklist keyring, so
> even if we use the same keyring we don't look for the same key types. My
> patchset only allows
This looks good to me, and it still works for my use case. Eric's
patchset only looks for asymmetric keys in the blacklist keyring, so
even if we use the same keyring we don't look for the same key types. My
patchset only allows blacklist keys (i.e. hashes, not asymmetric keys)
to be added by user
Eric Snowberg wrote:
> This is the fifth patch series for adding support for
> EFI_CERT_X509_GUID entries [1]. It has been expanded to not only include
> dbx entries but also entries in the mokx. Additionally my series to
> preload these certificate [2] has also been included.
Okay, I've
> On Jan 28, 2021, at 8:16 AM, David Howells wrote:
>
> Which tree do you envision this going through? EFI or keyrings - or are you
> going to ask Linus to pull it directly? I can pull it if it should go through
> the keyrings tree.
I was thinking it would go thru your tree, since a
On Thu, 2021-01-28 at 10:27 -0500, Mimi Zohar wrote:
> Hi David,
>
> On Thu, 2021-01-28 at 15:16 +, David Howells wrote:
> > Which tree do you envision this going through? EFI or keyrings - or are you
> > going to ask Linus to pull it directly? I can pull it if it should go
> > through
> >
Hi David,
On Thu, 2021-01-28 at 15:16 +, David Howells wrote:
> Which tree do you envision this going through? EFI or keyrings - or are you
> going to ask Linus to pull it directly? I can pull it if it should go through
> the keyrings tree.
There's one more patch, yet to be posted, which
Which tree do you envision this going through? EFI or keyrings - or are you
going to ask Linus to pull it directly? I can pull it if it should go through
the keyrings tree.
David
This is the fifth patch series for adding support for
EFI_CERT_X509_GUID entries [1]. It has been expanded to not only include
dbx entries but also entries in the mokx. Additionally my series to
preload these certificate [2] has also been included.
This series is based on v5.11-rc4.
[1]
21 matches
Mail list logo