From: Rusty Russell <rusty@rustcorp.com.au>
To: David Howells <dhowells@redhat.com>
Cc: dhowells@redhat.com, pjones@redhat.com, jwboyer@redhat.com,
mjg@redhat.com, dmitry.kasatkin@intel.com,
zohar@linux.vnet.ibm.com, keescook@chromium.org,
keyrings@linux-nfs.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC][PATCH 00/23] Load keys from signed PE binaries
Date: Wed, 31 Oct 2012 12:50:08 +1030 [thread overview]
Message-ID: <87sj8v5qnb.fsf@rustcorp.com.au> (raw)
In-Reply-To: <20121030191927.11000.68420.stgit@warthog.procyon.org.uk>
David Howells <dhowells@redhat.com> writes:
> Hi Rusty,
>
> Here's a set of patches to load a key out of a signed PE format binary:
>
> http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/devel-pekey
AFAICT this is no longer a module issue, so I'm not going to take
these. Perhaps via the crypto people, or direct to Linus?
Cheers,
Rusty.
prev parent reply other threads:[~2012-10-31 3:33 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-30 19:19 [RFC][PATCH 00/23] Load keys from signed PE binaries David Howells
2012-10-30 19:19 ` [PATCH 01/23] KEYS: Rename public key parameter name arrays David Howells
2012-10-30 19:19 ` [PATCH 02/23] KEYS: Move the algorithm pointer array from x509 to public_key.c David Howells
2012-10-30 19:19 ` [PATCH 03/23] KEYS: Store public key algo ID in public_key struct David Howells
2012-10-30 19:20 ` [PATCH 04/23] KEYS: Split public_key_verify_signature() and make available David Howells
2012-10-30 19:20 ` [PATCH 05/23] KEYS: Store public key algo ID in public_key_signature struct David Howells
2012-10-30 19:20 ` [PATCH 06/23] x509: struct x509_certificate needs struct tm declaring David Howells
2012-10-30 19:20 ` [PATCH 07/23] X.509: Add bits needed for PKCS#7 David Howells
2012-10-30 19:20 ` [PATCH 08/23] X.509: Embed public_key_signature struct and create filler function David Howells
2012-10-30 19:20 ` [PATCH 09/23] X.509: Handle certificates that lack an authorityKeyIdentifier field David Howells
2012-10-30 19:20 ` [PATCH 10/23] X.509: Export certificate parse and free functions David Howells
2012-10-30 19:21 ` [PATCH 11/23] PKCS#7: Implement a parser [RFC 2315] David Howells
2012-10-30 19:21 ` [PATCH 12/23] PKCS#7: Digest the data in a signed-data message David Howells
2012-10-30 19:21 ` [PATCH 13/23] PKCS#7: Find the right key in the PKCS#7 key list and verify the signature David Howells
2012-10-30 19:21 ` [PATCH 14/23] PKCS#7: Verify internal certificate chain David Howells
2012-10-30 19:21 ` [PATCH 15/23] Provide PE binary definitions David Howells
2012-10-30 19:21 ` [PATCH 16/23] pefile: Parse a PE binary to find a key and a signature contained therein David Howells
2012-10-30 21:11 ` Kees Cook
2012-10-31 0:59 ` David Howells
2012-10-31 1:06 ` Kees Cook
2012-10-31 12:31 ` David Howells
2012-10-31 19:48 ` Kees Cook
2012-10-30 19:21 ` [PATCH 17/23] pefile: Strip the wrapper off of the cert data block David Howells
2012-10-30 21:14 ` Kees Cook
2012-10-31 1:03 ` David Howells
2012-10-30 19:22 ` [PATCH 18/23] pefile: Parse the presumed PKCS#7 content of the certificate blob David Howells
2012-10-30 19:22 ` [PATCH 19/23] pefile: Parse the "Microsoft individual code signing" data blob David Howells
2012-10-30 19:22 ` [PATCH 20/23] pefile: Digest the PE binary and compare to the PKCS#7 data David Howells
2012-10-30 21:44 ` Kees Cook
2012-10-30 19:22 ` [PATCH 21/23] PKCS#7: Find intersection between PKCS#7 message and known, trusted keys David Howells
2012-10-30 19:22 ` [PATCH 22/23] PEFILE: Load the contained key if we consider the container to be validly signed David Howells
2012-10-30 19:22 ` [PATCH 23/23] KEYS: Add a 'trusted' flag and a 'trusted only' flag David Howells
2012-10-31 2:20 ` Rusty Russell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sj8v5qnb.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg@redhat.com \
--cc=pjones@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.