Re: [PATCH 02/17] [RESEND] irq_work: consolidate arch_irq_work_raise prototypes

On Sat, Aug 12, 2023, at 00:10, Masahiro Yamada wrote: > On Fri, Aug 11, 2023 at 10:00 AM Arnd Bergmann wrote: >> >> From: Arnd Bergmann >> >> The prototype was hidden on x86, which causes a warning: > > > What do you mean by "hidden on x86"? > > arch_irq_work_raise() was declared on 7

Re: [PATCH v6 02/25] iommu: Add IOMMU_DOMAIN_PLATFORM

On Sat, Aug 12, 2023 at 09:36:33AM +0800, Baolu Lu wrote: > > @@ -290,6 +295,7 @@ struct iommu_ops { > > unsigned long pgsize_bitmap; > > struct module *owner; > > struct iommu_domain *identity_domain; > > + struct iommu_domain *default_domain; > > I am imaging whether we can merge

[PATCH v3 6/6] integrity: PowerVM support for loading third party code signing keys

On secure boot enabled PowerVM LPAR, third party code signing keys are needed during early boot to verify signed third party modules. These third party keys are stored in moduledb object in the Platform KeyStore(PKS). Load third party code signing keys onto .secondary_trusted_keys keyring.

[PATCH v3 5/6] integrity: PowerVM machine keyring enablement

Update Kconfig to enable machine keyring and limit to CA certificates on PowerVM. Only key signing CA keys are allowed. Signed-off-by: Nayna Jain Reviewed-and-tested-by: Mimi Zohar Reviewed-by: Jarkko Sakkinen --- security/integrity/Kconfig | 4 +++- 1 file changed, 3 insertions(+), 1

[PATCH v3 2/6] integrity: ignore keys failing CA restrictions on non-UEFI platform

On non-UEFI platforms, handle restrict_link_by_ca failures differently. Certificates which do not satisfy CA restrictions on non-UEFI platforms are ignored. Signed-off-by: Nayna Jain Reviewed-and-tested-by: Mimi Zohar --- security/integrity/platform_certs/machine_keyring.c | 2 +- 1 file

[PATCH v3 1/6] integrity: PowerVM support for loading CA keys on machine keyring

Keys that derive their trust from an entity such as a security officer, administrator, system owner, or machine owner are said to have "imputed trust". CA keys with imputed trust can be loaded onto the machine keyring. The mechanism for loading these keys onto the machine keyring is platform

[PATCH v3 4/6] integrity: check whether imputed trust is enabled

trust_moklist() is specific to UEFI enabled systems. Other platforms rely only on the Kconfig. Define a generic wrapper named imputed_trust_enabled(). Signed-off-by: Nayna Jain Reviewed-off-by: Mimi Zohar --- security/integrity/digsig.c| 2 +-

[PATCH v3 3/6] integrity: remove global variable from machine_keyring.c

trust_mok variable is accessed within a single function locally. Change trust_mok from global to local static variable. Signed-off-by: Nayna Jain Reviewed-and-tested-by: Mimi Zohar Reviewed-by: Jarkko Sakkinen --- security/integrity/platform_certs/machine_keyring.c | 4 ++-- 1 file changed,

[PATCH v3 0/6] Enable loading local and third party keys on PowerVM guest

On a secure boot enabled PowerVM guest, local and third party code signing keys are needed to verify signed applications, configuration files, and kernel modules. Loading these keys onto either the .secondary_trusted_keys or .ima keyrings requires the certificates be signed by keys on the

Re: [PATCHv3 pci-next 1/2] PCI/AER: correctable error message as KERN_INFO

Tested-by: David Heidelberg For PATCH v4 please fix the typo reported by the bot :) Seeing messages as __aer_print_error: 72 callbacks suppressed but it still prints many errors on my laptop. Anyway, the log is less filled with this patch, so great! Thank you David -- David Heidelberg