diff for duplicates of <20171108061551.GD7859@linaro.org> diff --git a/a/1.txt b/N1/1.txt index e5f5235..a2b6411 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -5,13 +5,13 @@ Thank you for this heads-up. On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote: > On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote: > > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote: -> > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote: +> > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote: > > > > > > > > Only validly signed device firmware may be loaded. > > > > > > > > fw_get_filesystem_firmware() calls kernel_read_file_from_path() to > > > > read the firmware, which calls into the security hooks. Is there -> > > > another place that validates the firmware signatures. I'm not seeing +> > > > another place that validates the firmware signatures. ?I'm not seeing > > > > which patch requires firmware to be signed? > > > > > > Luis has a set of patches for this. However, I'm not sure if that's going @@ -64,3 +64,7 @@ I think that the situation is the same as in module signing. > That error should cover only what is being addressed in code on the kernel. > > Luis +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index cf3c65e..eb55917 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -3,19 +3,10 @@ "ref\014219.1509660259@warthog.procyon.org.uk\0" "ref\01509660641.3416.24.camel@linux.vnet.ibm.com\0" "ref\020171107230700.GJ22894@wotan.suse.de\0" - "ref\020171107230700.GJ22894-B4tOwbsTzaBolqkO4TVVkw@public.gmane.org\0" - "From\0AKASHI, Takahiro <takahiro.akashi-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>\0" - "Subject\0Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" + "From\0takahiro.akashi@linaro.org (AKASHI, Takahiro)\0" + "Subject\0Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" "Date\0Wed, 8 Nov 2017 15:15:54 +0900\0" - "To\0Luis R. Rodriguez <mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>\0" - "Cc\0Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>" - David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org - linux-efi <linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " Matthew Garrett <mjg59-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "Luis,\n" @@ -25,13 +16,13 @@ "On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote:\n" "> On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote:\n" "> > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote:\n" - "> > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote:\n" + "> > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:\n" "> > > \n" "> > > > > Only validly signed device firmware may be loaded.\n" "> > > > \n" "> > > > fw_get_filesystem_firmware() calls kernel_read_file_from_path() to\n" "> > > > read the firmware, which calls into the security hooks. Is there\n" - "> > > > another place that validates the firmware signatures. \302\240I'm not seeing\n" + "> > > > another place that validates the firmware signatures. ?I'm not seeing\n" "> > > > which patch requires firmware to be signed?\n" "> > > \n" "> > > Luis has a set of patches for this. However, I'm not sure if that's going\n" @@ -83,6 +74,10 @@ "> It seems the documentation was proposed to help users if an error was caught.\n" "> That error should cover only what is being addressed in code on the kernel.\n" "> \n" - > Luis + "> Luis\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -5fd39885893bef3a89ace7dfb156eaf3994b9ae773eb5f02fcf047b260ba3e21 +e3819618f4526d98abbd77a4f0a91164f93135551325c4d91c6b0813c4a0ef9a
diff --git a/a/1.txt b/N2/1.txt index e5f5235..b75b3b9 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -5,7 +5,7 @@ Thank you for this heads-up. On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote: > On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote: > > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote: -> > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote: +> > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote: > > > > > > > > Only validly signed device firmware may be loaded. > > > > diff --git a/a/content_digest b/N2/content_digest index cf3c65e..0e89cfa 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -3,19 +3,18 @@ "ref\014219.1509660259@warthog.procyon.org.uk\0" "ref\01509660641.3416.24.camel@linux.vnet.ibm.com\0" "ref\020171107230700.GJ22894@wotan.suse.de\0" - "ref\020171107230700.GJ22894-B4tOwbsTzaBolqkO4TVVkw@public.gmane.org\0" - "From\0AKASHI, Takahiro <takahiro.akashi-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>\0" + "From\0AKASHI, Takahiro <takahiro.akashi@linaro.org>\0" "Subject\0Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" "Date\0Wed, 8 Nov 2017 15:15:54 +0900\0" - "To\0Luis R. Rodriguez <mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>\0" - "Cc\0Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>" - David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org - linux-efi <linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " Matthew Garrett <mjg59-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\0" + "To\0Luis R. Rodriguez <mcgrof@kernel.org>\0" + "Cc\0Mimi Zohar <zohar@linux.vnet.ibm.com>" + David Howells <dhowells@redhat.com> + linux-security-module@vger.kernel.org + gnomes@lxorguk.ukuu.org.uk + linux-efi <linux-efi@vger.kernel.org> + gregkh@linuxfoundation.org + linux-kernel@vger.kernel.org + " Matthew Garrett <mjg59@google.com>\0" "\00:1\0" "b\0" "Luis,\n" @@ -25,7 +24,7 @@ "On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote:\n" "> On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote:\n" "> > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote:\n" - "> > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote:\n" + "> > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:\n" "> > > \n" "> > > > > Only validly signed device firmware may be loaded.\n" "> > > > \n" @@ -85,4 +84,4 @@ "> \n" > Luis -5fd39885893bef3a89ace7dfb156eaf3994b9ae773eb5f02fcf047b260ba3e21 +e3ccf9a5e97017320f791b2b29dc8b9d386dba1817212bc883bd240012cac790
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.