diff for duplicates of <1510790701.3711.359.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 4996e3f..19aacfd 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -12,13 +12,13 @@ On Wed, 2017-11-15 at 21:46 +0100, Luis R. Rodriguez wrote: > > > > > > > > > > [0] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=90a53e4432b12288316efaa5f308adafb8d304b0 > > > > -> > > > Johannes was tired of waiting? Commit 5a9196d "ima: add support for +> > > > Johannes was tired of waiting? ?Commit 5a9196d "ima: add support for > > > > measuring and appraising firmware" has been in the kernel since linux- > > > > 3.17. > > > > > > > > The original firmware hook for verifying firmware signatures were > > > > replaced with the common LSM pre and post kernel_read_file() hooks -> > > > in linux-4.6.y. +> > > > in?linux-4.6.y. > > > > > > > > Even if you wanted to support firmware signature verification without > > > > IMA-appraisal, it should be using the LSM hooks. @@ -33,7 +33,7 @@ On Wed, 2017-11-15 at 21:46 +0100, Luis R. Rodriguez wrote: > > kernel_read_file_from_path(), not as a stand alone verification. > > > > Why not extend kernel_read_file_from_path() to pass the detached signature? -> > Since the signature would only be used for the verification, there's no need +> >?Since the signature would only be used for the verification, there's no need > > to return the open file descriptor. > > This goes along with the question if there were an other users who wanted it, @@ -48,16 +48,21 @@ On Wed, 2017-11-15 at 21:46 +0100, Luis R. Rodriguez wrote: > systems pegged with "trusted boot" have nothing to do validation of these files > through hardware. -No, it has nothing to do with other users wanting it. It has to do +No, it has nothing to do with other users wanting it. ?It has to do with extending an API to support detach signatures. There's no reason to define a new function named -kernel_read_file_from_path_signed(). To prevent code duplication, the -existing functions would turn into wrappers. It's not like there are -that many users. A quick search returned: +kernel_read_file_from_path_signed(). ?To prevent code duplication, the +existing functions would turn into wrappers. ?It's not like there are +that many users. ?A quick search returned: -kernel_read_file_from_fd: 2 +kernel_read_file_from_fd: ?2 kernel_read_file_from_path: 5 LSMs: 3 loadpin, selinux, + ima Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index bd8f52a..e84e8ba 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -9,25 +9,10 @@ "ref\020171115175246.GN729@wotan.suse.de\0" "ref\01510775817.3711.315.camel@linux.vnet.ibm.com\0" "ref\020171115204651.GO729@wotan.suse.de\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" "Date\0Wed, 15 Nov 2017 19:05:01 -0500\0" - "To\0Luis R. Rodriguez <mcgrof@kernel.org>\0" - "Cc\0Linus Torvalds <torvalds@linux-foundation.org>" - Johannes Berg <johannes@sipsolutions.net> - Matthew Garrett <mjg59@google.com> - David Howells <dhowells@redhat.com> - Alan Cox <gnomes@lxorguk.ukuu.org.uk> - AKASHI - Takahiro <takahiro.akashi@linaro.org> - Greg Kroah-Hartman <gregkh@linuxfoundation.org> - Jan Blunck <jblunck@infradead.org> - Julia Lawall <julia.lawall@lip6.fr> - Marcus Meissner <meissner@suse.de> - Gary Lin <GLin@suse.com> - LSM List <linux-security-module@vger.kernel.org> - linux-efi <linux-efi@vger.kernel.org> - " Linux Kernel Mailing List <linux-kernel@vger.kernel.org>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2017-11-15 at 21:46 +0100, Luis R. Rodriguez wrote:\n" @@ -44,13 +29,13 @@ "> > > > > \n" "> > > > > [0] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=90a53e4432b12288316efaa5f308adafb8d304b0\n" "> > > > \n" - "> > > > Johannes was tired of waiting? \302\240Commit 5a9196d \"ima: add support for\n" + "> > > > Johannes was tired of waiting? ?Commit 5a9196d \"ima: add support for\n" "> > > > measuring and appraising firmware\" has been in the kernel since linux-\n" "> > > > 3.17.\n" "> > > > \n" "> > > > The original firmware hook for verifying firmware signatures were\n" "> > > > replaced with the common LSM pre and post kernel_read_file() hooks\n" - "> > > > in\302\240linux-4.6.y.\n" + "> > > > in?linux-4.6.y.\n" "> > > > \n" "> > > > Even if you wanted to support firmware signature verification without\n" "> > > > IMA-appraisal, it should be using the LSM hooks.\n" @@ -65,7 +50,7 @@ "> > kernel_read_file_from_path(), not as a stand alone verification.\n" "> > \n" "> > Why not extend kernel_read_file_from_path() to pass the detached signature?\n" - "> >\302\240Since the signature would only be used for the verification, there's no need\n" + "> >?Since the signature would only be used for the verification, there's no need\n" "> > to return the open file descriptor.\n" "> \n" "> This goes along with the question if there were an other users who wanted it,\n" @@ -80,18 +65,23 @@ "> systems pegged with \"trusted boot\" have nothing to do validation of these files\n" "> through hardware.\n" "\n" - "No, it has nothing to do with other users wanting it. \302\240It has to do\n" + "No, it has nothing to do with other users wanting it. ?It has to do\n" "with extending an API to support detach signatures.\n" "\n" "There's no reason to define a new function named\n" - "kernel_read_file_from_path_signed(). \302\240To prevent code duplication, the\n" - "existing functions would turn into wrappers. \302\240It's not like there are\n" - "that many users. \302\240A quick search returned:\n" + "kernel_read_file_from_path_signed(). ?To prevent code duplication, the\n" + "existing functions would turn into wrappers. ?It's not like there are\n" + "that many users. ?A quick search returned:\n" "\n" - "kernel_read_file_from_fd: \302\2402\n" + "kernel_read_file_from_fd: ?2\n" "kernel_read_file_from_path: 5\n" "LSMs: 3 loadpin, selinux, + ima\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -f318dd6b654c177474f0f6a3be6ed9708b5dacb15036363d484cd51fe400a14a +c46d1ef0dcd8e6fa5e726be61085e20c6b658808d7ea4ba8a52a7852e62128e2
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.