Re: [GIT PULL] efi/urgent for v5.9-rc6

[Borislav Petkov <bp@alien8.de>]

On Sun, Sep 20, 2020 at 03:25:12PM -0700, Linus Torvalds wrote:
> On Sun, Sep 20, 2020 at 12:33 PM Borislav Petkov <bp@suse.de> wrote:
> >
> > I'm simply forwarding Ard's tag, I hope that's ok.
> 
> That's ok, although it shows perhaps a weakness in our model.
> 
> Git actually would have allowed you to create a signed tag pointing to
> Ard's tag, and we'd have had the signature chain that way. Although
> I'm not even sure the commit signature code has then ever been tested
> with that kind of odd situation.

I just tried to sign the local version of the efi/urgent branch I had
which had Ard's tag ontop, using latest git 2.28.0. It worked and in
gitk, when clicking on the tag - it says "2 tags... " by the way -
shows, see '*' at the end of mail. I.e., two tags signing the same
object.

And tglx has done this with the previous efi/urgent pull, see '**'
below. Both tagging the same object and with two tag messages. Me being
lazy thought that since Ard has already written one, why should I even
try... :-)

> But that might have technically been the best way of doing things
> (kind of like sign-offs on commits when forwarding them in email), but
> I don't think it really matters.

I can do that if you prefer - it is trivial. Ard's stuff goes through
tip so we will have to forward tags soon again.

> I just mentioned this odd tag forwarding in the merge commit instead.
> It all looks fine, it's just a bit unusual.

Yeah, I thought I should ask because I don't remember seeing something
like that being done before.

Thx.

*
---
Tag: efi-urgent-for-v5.9-rc5
object 46908326c6b801201f1e46f5ed0db6e85bef74ae
type commit
tag efi-urgent-for-v5.9-rc5
tagger Ard Biesheuvel <ardb@kernel.org> 1600260469 +0300

Single EFI fix for v5.9-rc:
- ensure that the EFI bootloader control module only probes successfully
  on systems that support the EFI SetVariable runtime service
-----BEGIN PGP SIGNATURE-----

...

-----END PGP SIGNATURE-----

Tag: efi_tag_signed_by_me
object 46908326c6b801201f1e46f5ed0db6e85bef74ae
type commit
tag efi_tag_signed_by_me
tagger Borislav Petkov <bp@suse.de> 1600640988 +0200

Test tag signing
-----BEGIN PGP SIGNATURE-----

...

-----END PGP SIGNATURE-----



**
---
Tag: efi-urgent-2020-08-23
object fb1201aececc59990b75ef59fca93ae4aa1e1444
type commit
tag efi-urgent-2020-08-23
tagger Thomas Gleixner <tglx@linutronix.de> 1598170304 +0200

A set of EFI fixes:

 - Enforce NX on RO data in mixed EFI mode
 - Destroy workqueue in an error handling path to prevent UAF
 - Stop argument parser at '--' which is the delimiter for init
 - Treat a NULL command line pointer as empty instead of dereferncing it
   unconditionally.
 - Handle an unterminated command line correctly
 - Cleanup the 32bit code leftovers and remove obsolete documentation
-----BEGIN PGP SIGNATURE-----

...

-----END PGP SIGNATURE-----

Tag: efi-urgent-for-v5.9-rc1
object fb1201aececc59990b75ef59fca93ae4aa1e1444
type commit
tag efi-urgent-for-v5.9-rc1
tagger Ard Biesheuvel <ardb@kernel.org> 1597915176 +0200

EFI fixes for v5.9-rc1:
- Some followup fixes for the UV1 and EFI old_map removal
- EFI stub command line fixes from Arvind
- Stop mapping the kernel's .rodata executable in the mixed mode EFI page tables
- Add missing cleanup on the efisubsys_init() error path
-----BEGIN PGP SIGNATURE-----

...

-----END PGP SIGNATURE-----
-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette