diff for duplicates of <20171109044619.GG7859@linaro.org> diff --git a/a/1.txt b/N1/1.txt index 502214d..bcc26c3 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -30,7 +30,7 @@ On Wed, Nov 08, 2017 at 09:17:37PM -0500, Mimi Zohar wrote: > > request_firmware_signable(), which should be used in place of (a) > > for all verification-aware drivers, that would be fine. > -> I really don't understand why you need a new function. The +> I really don't understand why you need a new function.??The > request_firmware() eventually calls kernel_read_file_from_path(), > which already calls the pre and post LSM hooks. @@ -50,7 +50,7 @@ Thanks, > IMA-appraisal is already on these hooks verifying the requested -> firmware's signature. For systems with "lockdown" enabled, but +> firmware's signature. ?For systems with "lockdown" enabled, but > without IMA-appraisal enabled, define a small, builtin LSM that sits > on these LSM hooks and denies the unsigned firmware requests. > @@ -63,4 +63,8 @@ Thanks, > > features of request_firmware variants like _(no)wait or _direct. > > > > -Takahiro AKASHI -> +> +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 562557a..8cc2ba6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -7,23 +7,10 @@ "ref\020171108194626.GQ22894@wotan.suse.de\0" "ref\020171109014841.GF7859@linaro.org\0" "ref\01510193857.4484.95.camel@linux.vnet.ibm.com\0" - "From\0AKASHI, Takahiro <takahiro.akashi@linaro.org>\0" - "Subject\0Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" + "From\0takahiro.akashi@linaro.org (AKASHI, Takahiro)\0" + "Subject\0Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown\0" "Date\0Thu, 9 Nov 2017 13:46:21 +0900\0" - "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Cc\0Luis R. Rodriguez <mcgrof@kernel.org>" - Greg Kroah-Hartman <gregkh@linuxfoundation.org> - Linus Torvalds <torvalds@linux-foundation.org> - Jan Blunck <jblunck@infradead.org> - Julia Lawall <julia.lawall@lip6.fr> - David Howells <dhowells@redhat.com> - Marcus Meissner <meissner@suse.de> - Gary Lin <GLin@suse.com> - linux-security-module@vger.kernel.org - gnomes@lxorguk.ukuu.org.uk - linux-efi <linux-efi@vger.kernel.org> - linux-kernel@vger.kernel.org - " Matthew Garrett <mjg59@google.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "Mimi,\n" @@ -58,7 +45,7 @@ "> > request_firmware_signable(), which should be used in place of (a)\n" "> > for all verification-aware drivers, that would be fine.\n" "> \n" - "> I really don't understand why you need a new function.\302\240\302\240The\n" + "> I really don't understand why you need a new function.??The\n" "> request_firmware() eventually calls kernel_read_file_from_path(),\n" "> which already calls the pre and post LSM hooks.\n" "\n" @@ -78,7 +65,7 @@ "\n" "\n" "> IMA-appraisal is already on these hooks verifying the requested\n" - "> firmware's signature. \302\240For systems with \"lockdown\" enabled, but\n" + "> firmware's signature. ?For systems with \"lockdown\" enabled, but\n" "> without IMA-appraisal enabled, define a small, builtin LSM that sits\n" "> on these LSM hooks and denies the unsigned firmware requests.\n" "> \n" @@ -91,6 +78,10 @@ "> > features of request_firmware variants like _(no)wait or _direct.\n" "> > \n" "> > -Takahiro AKASHI\n" - > + "> \n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -e01682b2e9caf87f043cfe2da7ff2e8813feecc00a0a73c8c680b5e4b32d902a +6af8744eeab9b58f86cc6a66d764e3d297b62c400ba2a1a42876e42a97439a17
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.