diff for duplicates of <20171109014841.GF7859@linaro.org> diff --git a/a/1.txt b/N1/1.txt index c3e9041..74771f3 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -7,13 +7,13 @@ On Wed, Nov 08, 2017 at 08:46:26PM +0100, Luis R. Rodriguez wrote: > > On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote: > > > On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote: > > > > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote: -> > > > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote: +> > > > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote: > > > > > > > > > > > > Only validly signed device firmware may be loaded. > > > > > > > > > > > > fw_get_filesystem_firmware() calls kernel_read_file_from_path() to > > > > > > read the firmware, which calls into the security hooks. Is there -> > > > > > another place that validates the firmware signatures. I'm not seeing +> > > > > > another place that validates the firmware signatures. ?I'm not seeing > > > > > > which patch requires firmware to be signed? > > > > > > > > > > Luis has a set of patches for this. However, I'm not sure if that's going @@ -79,7 +79,7 @@ my_deviceA_init() { } As legacy device drivers does not have (b), there is no chance to -prevent loading a firmware at (c) for locked-down kernel. +prevent loading a firmware@(c) for locked-down kernel. If you allow me to bring in yet another function, say request_firmware_signable(), which should be used in place of (a) @@ -134,3 +134,7 @@ features of request_firmware variants like _(no)wait or _direct. > -- > Luis Rodriguez, SUSE LINUX GmbH > Maxfeldstrasse 5; D-90409 Nuernberg +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 277c509..141622b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,24 +5,10 @@ "ref\020171107230700.GJ22894@wotan.suse.de\0" "ref\020171108061551.GD7859@linaro.org\0" "ref\020171108194626.GQ22894@wotan.suse.de\0" - "ref\020171108194626.GQ22894-B4tOwbsTzaBolqkO4TVVkw@public.gmane.org\0" - "From\0AKASHI, Takahiro <takahiro.akashi-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>\0" - "Subject\0Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" + "From\0takahiro.akashi@linaro.org (AKASHI, Takahiro)\0" + "Subject\0Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" "Date\0Thu, 9 Nov 2017 10:48:43 +0900\0" - "To\0Luis R. Rodriguez <mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>\0" - "Cc\0Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>" - Linus Torvalds <torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org> - Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> - Jan Blunck <jblunck-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org> - Julia Lawall <julia.lawall-L2FTfq7BK8M@public.gmane.org> - David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> - Marcus Meissner <meissner-l3A5Bk7waGM@public.gmane.org> - Gary Lin <GLin-IBi9RG/b67k@public.gmane.org> - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org - linux-efi <linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " Matthew Garrett <mjg59-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, Nov 08, 2017 at 08:46:26PM +0100, Luis R. Rodriguez wrote:\n" @@ -34,13 +20,13 @@ "> > On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote:\n" "> > > On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote:\n" "> > > > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote:\n" - "> > > > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote:\n" + "> > > > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:\n" "> > > > > \n" "> > > > > > > Only validly signed device firmware may be loaded.\n" "> > > > > > \n" "> > > > > > fw_get_filesystem_firmware() calls kernel_read_file_from_path() to\n" "> > > > > > read the firmware, which calls into the security hooks. Is there\n" - "> > > > > > another place that validates the firmware signatures. \302\240I'm not seeing\n" + "> > > > > > another place that validates the firmware signatures. ?I'm not seeing\n" "> > > > > > which patch requires firmware to be signed?\n" "> > > > > \n" "> > > > > Luis has a set of patches for this. However, I'm not sure if that's going\n" @@ -106,7 +92,7 @@ "}\n" "\n" "As legacy device drivers does not have (b), there is no chance to\n" - "prevent loading a firmware at (c) for locked-down kernel.\n" + "prevent loading a firmware@(c) for locked-down kernel.\n" "\n" "If you allow me to bring in yet another function, say\n" "request_firmware_signable(), which should be used in place of (a)\n" @@ -160,6 +146,10 @@ "> \n" "> -- \n" "> Luis Rodriguez, SUSE LINUX GmbH\n" - > Maxfeldstrasse 5; D-90409 Nuernberg + "> Maxfeldstrasse 5; D-90409 Nuernberg\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -02adb1b08bf5d105982917a310bb2af70a2e5757d92f21c65e3eb4462b9c6cfd +54bf0c30e2a458ca3d1b9f5939d648f5912925946cac83362ea64b195bb24fe8
diff --git a/a/1.txt b/N2/1.txt index c3e9041..411b86a 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -7,7 +7,7 @@ On Wed, Nov 08, 2017 at 08:46:26PM +0100, Luis R. Rodriguez wrote: > > On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote: > > > On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote: > > > > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote: -> > > > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote: +> > > > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote: > > > > > > > > > > > > Only validly signed device firmware may be loaded. > > > > > > diff --git a/a/content_digest b/N2/content_digest index 277c509..33f2e79 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -5,24 +5,23 @@ "ref\020171107230700.GJ22894@wotan.suse.de\0" "ref\020171108061551.GD7859@linaro.org\0" "ref\020171108194626.GQ22894@wotan.suse.de\0" - "ref\020171108194626.GQ22894-B4tOwbsTzaBolqkO4TVVkw@public.gmane.org\0" - "From\0AKASHI, Takahiro <takahiro.akashi-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>\0" + "From\0AKASHI, Takahiro <takahiro.akashi@linaro.org>\0" "Subject\0Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" "Date\0Thu, 9 Nov 2017 10:48:43 +0900\0" - "To\0Luis R. Rodriguez <mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>\0" - "Cc\0Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>" - Linus Torvalds <torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org> - Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> - Jan Blunck <jblunck-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org> - Julia Lawall <julia.lawall-L2FTfq7BK8M@public.gmane.org> - David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> - Marcus Meissner <meissner-l3A5Bk7waGM@public.gmane.org> - Gary Lin <GLin-IBi9RG/b67k@public.gmane.org> - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org - linux-efi <linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " Matthew Garrett <mjg59-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\0" + "To\0Luis R. Rodriguez <mcgrof@kernel.org>\0" + "Cc\0Greg Kroah-Hartman <gregkh@linuxfoundation.org>" + Linus Torvalds <torvalds@linux-foundation.org> + Mimi Zohar <zohar@linux.vnet.ibm.com> + Jan Blunck <jblunck@infradead.org> + Julia Lawall <julia.lawall@lip6.fr> + David Howells <dhowells@redhat.com> + Marcus Meissner <meissner@suse.de> + Gary Lin <GLin@suse.com> + linux-security-module@vger.kernel.org + gnomes@lxorguk.ukuu.org.uk + linux-efi <linux-efi@vger.kernel.org> + linux-kernel@vger.kernel.org + " Matthew Garrett <mjg59@google.com>\0" "\00:1\0" "b\0" "On Wed, Nov 08, 2017 at 08:46:26PM +0100, Luis R. Rodriguez wrote:\n" @@ -34,7 +33,7 @@ "> > On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote:\n" "> > > On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote:\n" "> > > > On Thu, 2017-11-02 at 22:04 +0000, David Howells wrote:\n" - "> > > > > Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote:\n" + "> > > > > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:\n" "> > > > > \n" "> > > > > > > Only validly signed device firmware may be loaded.\n" "> > > > > > \n" @@ -162,4 +161,4 @@ "> Luis Rodriguez, SUSE LINUX GmbH\n" > Maxfeldstrasse 5; D-90409 Nuernberg -02adb1b08bf5d105982917a310bb2af70a2e5757d92f21c65e3eb4462b9c6cfd +0b829ffa43c83b0fa93a33a258d72d0406574b855ae1765d674e4f536f733cc3
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.