On Sat, Aug 12, 2023, at 00:10, Masahiro Yamada wrote:
> On Fri, Aug 11, 2023 at 10:00 AM Arnd Bergmann wrote:
>>
>> From: Arnd Bergmann
>>
>> The prototype was hidden on x86, which causes a warning:
>
>
> What do you mean by "hidden on x86"?
>
> arch_irq_work_raise() was declared on 7
On Sat, Aug 12, 2023 at 09:36:33AM +0800, Baolu Lu wrote:
> > @@ -290,6 +295,7 @@ struct iommu_ops {
> > unsigned long pgsize_bitmap;
> > struct module *owner;
> > struct iommu_domain *identity_domain;
> > + struct iommu_domain *default_domain;
>
> I am imaging whether we can merge
On secure boot enabled PowerVM LPAR, third party code signing keys are
needed during early boot to verify signed third party modules. These
third party keys are stored in moduledb object in the Platform
KeyStore(PKS).
Load third party code signing keys onto .secondary_trusted_keys keyring.
Update Kconfig to enable machine keyring and limit to CA certificates
on PowerVM. Only key signing CA keys are allowed.
Signed-off-by: Nayna Jain
Reviewed-and-tested-by: Mimi Zohar
Reviewed-by: Jarkko Sakkinen
---
security/integrity/Kconfig | 4 +++-
1 file changed, 3 insertions(+), 1
On non-UEFI platforms, handle restrict_link_by_ca failures differently.
Certificates which do not satisfy CA restrictions on non-UEFI platforms
are ignored.
Signed-off-by: Nayna Jain
Reviewed-and-tested-by: Mimi Zohar
---
security/integrity/platform_certs/machine_keyring.c | 2 +-
1 file
Keys that derive their trust from an entity such as a security officer,
administrator, system owner, or machine owner are said to have "imputed
trust". CA keys with imputed trust can be loaded onto the machine keyring.
The mechanism for loading these keys onto the machine keyring is platform
trust_moklist() is specific to UEFI enabled systems. Other platforms
rely only on the Kconfig.
Define a generic wrapper named imputed_trust_enabled().
Signed-off-by: Nayna Jain
Reviewed-off-by: Mimi Zohar
---
security/integrity/digsig.c| 2 +-
trust_mok variable is accessed within a single function locally.
Change trust_mok from global to local static variable.
Signed-off-by: Nayna Jain
Reviewed-and-tested-by: Mimi Zohar
Reviewed-by: Jarkko Sakkinen
---
security/integrity/platform_certs/machine_keyring.c | 4 ++--
1 file changed,
On a secure boot enabled PowerVM guest, local and third party code signing
keys are needed to verify signed applications, configuration files, and
kernel modules.
Loading these keys onto either the .secondary_trusted_keys or .ima
keyrings requires the certificates be signed by keys on the
Tested-by: David Heidelberg
For PATCH v4 please fix the typo reported by the bot :)
Seeing messages as
__aer_print_error: 72 callbacks suppressed
but it still prints many errors on my laptop. Anyway, the log is less
filled with this patch, so great!
Thank you
David
--
David Heidelberg
10 matches
Mail list logo