Hi Lukasz, That's great news, I'll look forward too meeting with you next week! I'll follow up with you off-list with some contact information.
-- paul moore www.paul-moore.com On October 24, 2019 9:19:52 AM Lukasz Hawrylko <lukasz.hawry...@linux.intel.com> wrote: > Hi > > I will be on LSS EU, I will catch you after your presentation for a > short (or not short) conversation. > > Thanks, > Lukasz > > On Fri, 2019-10-18 at 13:27 +0000, Paul Moore (pmoore2) via tboot-devel > wrote: >> On Thu, 2019-09-19 at 15:39 +0000, Paul Moore (pmoore2) via tboot-devel >> wrote: >> > Hello, >> > >> > I've been working on adding PECOFF/kernel signature verification to >> > tboot and now that I have a rough working prototype I wanted to bring >> > it to the list to see if this is something the tboot community would >> > be interested in eventually merging (once the work is more complete >> > and polished). >> > >> > The patchset is quite large, mostly due to the inclusion of >> > libtomcrypt and libtomfastmath to the tboot repository, so I'm going >> > to refrain from spamming the list with the full patchset at this early >> > stage. The current patchset can be found on GitHub at the URL below >> > (look in the "working-txtsig" branch): >> > >> > * >> > https://github.com/pcmoore/misc-tboot/tree/working-txtsig >> > >> > >> >> I've updated the working-txtsig branch with a number of fixes relating >> to the ASN.1/PKCS parsing code as well as improved signing/hash >> algorithm support (previously limited to SHA256) and the ability to >> verify kernels using variable length certificate chains (previously >> limited to the immediate signer). Work on adding certificate support to >> the tboot launch control policy is ongoing (it's the next major work >> item), but the prototype contains a hard coded Fedora CA which should be >> able to verify any modern Fedora kernel. Just as before, if you have >> any questions, concerns, or feedback please get in touch on-list or >> privately. >> >> I'll be giving an updated presentation on this effort at the Linux >> Security Summit EU later this month, if you are in the area please stop >> by and introduce yourself - I'd love to talk about TXT/tboot! >> >> https://events19.linuxfoundation.org/events/linux-security-summit-europe-2019 >> >> >> Thanks, >> -Paul >> >> >> _______________________________________________ >> tboot-devel mailing list >> tboot-devel@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/tboot-devel >> >> > > > > _______________________________________________ > tboot-devel mailing list > tboot-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tboot-devel _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
