From: Mimi Zohar <zohar@linux.ibm.com>
To: James Morris <jmorris@namei.org>
Cc: linux-security-module <linux-security-module@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>
Subject: [GIT PULL] linux-integrity patches for Linux 5.1
Date: Thu, 14 Feb 2019 09:04:12 -0500 [thread overview]
Message-ID: <1550153052.4078.5.camel@linux.ibm.com> (raw)
Hi James,
Linux 5.0 introduced the platform keyring to allow verifying the IMA
kexec kernel image signature using the pre-boot keys. This pull
request similarly makes keys on the platform keyring accessible for
verifying the PE kernel image signature.*
Also included in this pull request is a new IMA hook that tags tmp
files, in policy, indicating the file hash needs to be calculated.
The remaining patches are cleanup.
*Upstream commit "993a110319a4 (x86/kexec: Fix a kexec_file_load()
failure)" is required for testing.
Mimi
The following changes since commit 2181e084b26bddca22bc3f23364c15809cfed28b:
LSM: SafeSetID: remove unused include (2019-01-30 12:29:53 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
for you to fetch changes up to e7fde070f39bc058c356cf366cb17ac2d643abb0:
evm: Use defined constant for UUID representation (2019-02-04 17:36:01 -0500)
----------------------------------------------------------------
Andy Shevchenko (1):
evm: Use defined constant for UUID representation
Kairui Song (2):
integrity, KEYS: add a reference to platform keyring
kexec, KEYS: Make use of platform keyring for signature verify
Mimi Zohar (2):
encrypted-keys: fix Opt_err/Opt_error = -1
ima: define ima_post_create_tmpfile() hook and add missing call
YueHaibing (1):
evm: remove set but not used variable 'xattr'
arch/x86/kernel/kexec-bzimage64.c | 14 ++++++++++---
certs/system_keyring.c | 23 ++++++++++++++++++++-
fs/namei.c | 1 +
include/keys/system_keyring.h | 8 ++++++++
include/linux/ima.h | 5 +++++
include/linux/verification.h | 1 +
security/integrity/digsig.c | 3 +++
security/integrity/evm/evm_crypto.c | 3 +--
security/integrity/evm/evm_main.c | 6 +-----
security/integrity/ima/ima_main.c | 35 ++++++++++++++++++++++++++++++--
security/keys/encrypted-keys/encrypted.c | 4 ++--
11 files changed, 88 insertions(+), 15 deletions(-)
next reply other threads:[~2019-02-14 14:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-14 14:04 Mimi Zohar [this message]
2019-02-14 19:00 ` [GIT PULL] linux-integrity patches for Linux 5.1 James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1550153052.4078.5.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.