From: "Lee, Chun-Yi" <joeyli.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Rafael J. Wysocki" <rjw-KKrjLPT3xs0@public.gmane.org>,
Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>,
Len Brown <len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Pavel Machek <pavel-+ZI9xUNit7I@public.gmane.org>,
Josh Boyer <jwboyer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>,
Matt Fleming
<matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
James Bottomley
<james.bottomley-JuX6DAaQMKPCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>,
Greg KH
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
JKosina-IBi9RG/b67k@public.gmane.org,
Rusty Russell <rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>,
Herbert Xu
<herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Michal Marek <mmarek-AlSwsSmVLrQ@public.gmane.org>,
Gary Lin <GLin-IBi9RG/b67k@public.gmane.org>,
Vivek Goyal <vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Lee, Chun-Yi" <jlee-IBi9RG/b67k@public.gmane.org>
Subject: [PATCH 15/18] Hibernate: adapt to UEFI secure boot with signature check
Date: Thu, 22 Aug 2013 19:01:54 +0800 [thread overview]
Message-ID: <1377169317-5959-16-git-send-email-jlee@suse.com> (raw)
In-Reply-To: <1377169317-5959-1-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
In current solution, the snapshot signature check used the RSA key-pair
that are generated by bootloader(e.g. shim) and pass the key-pair to
kernel through EFI variables. I choice to binding the snapshot
signature check mechanism with UEFI secure boot for provide stronger
protection of hibernate. Current behavior is following:
+ UEFI Secure Boot ON, Kernel found key-pair from shim:
Will do the S4 signature check.
+ UEFI Secure Boot ON, Kernel didn't find key-pair from shim:
Will lock down S4 function.
+ UEFI Secure Boot OFF
Will NOT do the S4 signature check.
Ignore any keys from bootloader.
v2:
Replace sign_key_data_loaded() by skey_data_available() to check sign key data
is available for hibernate.
Reviewed-by: Jiri Kosina <jkosina-AlSwsSmVLrQ@public.gmane.org>
Signed-off-by: Lee, Chun-Yi <jlee-IBi9RG/b67k@public.gmane.org>
---
kernel/power/hibernate.c | 36 +++++++++++++++++-
kernel/power/main.c | 11 +++++-
kernel/power/snapshot.c | 95 ++++++++++++++++++++++++++--------------------
kernel/power/swap.c | 4 +-
kernel/power/user.c | 11 +++++
5 files changed, 112 insertions(+), 45 deletions(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index c545b15..0f19f3d 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -29,6 +29,7 @@
#include <linux/ctype.h>
#include <linux/genhd.h>
#include <linux/key.h>
+#include <linux/efi.h>
#include "power.h"
@@ -632,7 +633,14 @@ static void power_down(void)
int hibernate(void)
{
int error;
- int skey_error;
+
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ if (!capable(CAP_COMPROMISE_KERNEL) && !skey_data_available()) {
+#else
+ if (!capable(CAP_COMPROMISE_KERNEL)) {
+#endif
+ return -EPERM;
+ }
lock_system_sleep();
/* The snapshot device should not be opened while we're running */
@@ -799,6 +807,15 @@ static int software_resume(void)
if (error)
goto Unlock;
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ if (!capable(CAP_COMPROMISE_KERNEL) && !wkey_data_available()) {
+#else
+ if (!capable(CAP_COMPROMISE_KERNEL)) {
+#endif
+ mutex_unlock(&pm_mutex);
+ return -EPERM;
+ }
+
/* The snapshot device should not be opened while we're running */
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
error = -EBUSY;
@@ -892,6 +909,15 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
int i;
char *start = buf;
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ if (efi_enabled(EFI_SECURE_BOOT) && !skey_data_available()) {
+#else
+ if (efi_enabled(EFI_SECURE_BOOT)) {
+#endif
+ buf += sprintf(buf, "[%s]\n", "disabled");
+ return buf-start;
+ }
+
for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
if (!hibernation_modes[i])
continue;
@@ -926,6 +952,14 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
char *p;
int mode = HIBERNATION_INVALID;
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ if (!capable(CAP_COMPROMISE_KERNEL) && !skey_data_available()) {
+#else
+ if (!capable(CAP_COMPROMISE_KERNEL)) {
+#endif
+ return -EPERM;
+ }
+
p = memchr(buf, '\n', n);
len = p ? p - buf : n;
diff --git a/kernel/power/main.c b/kernel/power/main.c
index 1d1bf63..47bf300 100644
--- a/kernel/power/main.c
+++ b/kernel/power/main.c
@@ -15,6 +15,7 @@
#include <linux/workqueue.h>
#include <linux/debugfs.h>
#include <linux/seq_file.h>
+#include <linux/efi.h>
#include "power.h"
@@ -301,7 +302,15 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
}
#endif
#ifdef CONFIG_HIBERNATION
- s += sprintf(s, "%s\n", "disk");
+ if (!efi_enabled(EFI_SECURE_BOOT)) {
+ s += sprintf(s, "%s\n", "disk");
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ } else if (skey_data_available()) {
+ s += sprintf(s, "%s\n", "disk");
+#endif
+ } else {
+ s += sprintf(s, "\n");
+ }
#else
if (s != buf)
/* convert the last space to a newline */
diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
index cf3d69c..36c7157 100644
--- a/kernel/power/snapshot.c
+++ b/kernel/power/snapshot.c
@@ -860,7 +860,8 @@ static struct page *saveable_highmem_page(struct zone *zone, unsigned long pfn)
BUG_ON(!PageHighMem(page));
- if (swsusp_page_is_sign_key(page))
+ if (!capable(CAP_COMPROMISE_KERNEL) &&
+ swsusp_page_is_sign_key(page))
return NULL;
if (swsusp_page_is_forbidden(page) || swsusp_page_is_free(page) ||
@@ -925,7 +926,8 @@ static struct page *saveable_page(struct zone *zone, unsigned long pfn)
BUG_ON(PageHighMem(page));
- if (swsusp_page_is_sign_key(page))
+ if (!capable(CAP_COMPROMISE_KERNEL) &&
+ swsusp_page_is_sign_key(page))
return NULL;
if (swsusp_page_is_forbidden(page) || swsusp_page_is_free(page))
@@ -1056,35 +1058,37 @@ copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap *orig_bm)
#ifdef CONFIG_SNAPSHOT_VERIFICATION
struct page *d_page;
void *hash_buffer = NULL;
- struct crypto_shash *tfm;
- struct shash_desc *desc;
- u8 *digest;
+ struct crypto_shash *tfm = NULL;
+ struct shash_desc *desc = NULL;
+ u8 *digest = NULL;
size_t digest_size, desc_size;
struct key *s4_sign_key;
struct public_key_signature *pks;
int ret;
ret = -ENOMEM;
- tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0);
- if (IS_ERR(tfm)) {
- pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm));
- return PTR_ERR(tfm);
- }
+ if (!capable(CAP_COMPROMISE_KERNEL)) {
+ tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0);
+ if (IS_ERR(tfm)) {
+ pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm));
+ return PTR_ERR(tfm);
+ }
- desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
- digest_size = crypto_shash_digestsize(tfm);
- digest = kzalloc(digest_size + desc_size, GFP_KERNEL);
- if (!digest) {
- pr_err("digest allocate fail");
- ret = -ENOMEM;
- goto error_digest;
+ desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
+ digest_size = crypto_shash_digestsize(tfm);
+ digest = kzalloc(digest_size + desc_size, GFP_KERNEL);
+ if (!digest) {
+ pr_err("digest allocate fail");
+ ret = -ENOMEM;
+ goto error_digest;
+ }
+ desc = (void *) digest + digest_size;
+ desc->tfm = tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ ret = crypto_shash_init(desc);
+ if (ret < 0)
+ goto error_shash;
}
- desc = (void *) digest + digest_size;
- desc->tfm = tfm;
- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
- ret = crypto_shash_init(desc);
- if (ret < 0)
- goto error_shash;
#endif /* CONFIG_SNAPSHOT_VERIFICATION */
for_each_populated_zone(zone) {
@@ -1106,24 +1110,29 @@ copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap *orig_bm)
copy_data_page(dst_pfn, pfn);
#ifdef CONFIG_SNAPSHOT_VERIFICATION
- /* Generate digest */
- d_page = pfn_to_page(dst_pfn);
- if (PageHighMem(d_page)) {
- void *kaddr;
- kaddr = kmap_atomic(d_page);
- copy_page(buffer, kaddr);
- kunmap_atomic(kaddr);
- hash_buffer = buffer;
- } else {
- hash_buffer = page_address(d_page);
+ if (!capable(CAP_COMPROMISE_KERNEL)) {
+ /* Generate digest */
+ d_page = pfn_to_page(dst_pfn);
+ if (PageHighMem(d_page)) {
+ void *kaddr;
+ kaddr = kmap_atomic(d_page);
+ copy_page(buffer, kaddr);
+ kunmap_atomic(kaddr);
+ hash_buffer = buffer;
+ } else {
+ hash_buffer = page_address(d_page);
+ }
+ ret = crypto_shash_update(desc, hash_buffer, PAGE_SIZE);
+ if (ret)
+ goto error_shash;
}
- ret = crypto_shash_update(desc, hash_buffer, PAGE_SIZE);
- if (ret)
- goto error_shash;
#endif
}
#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ if (capable(CAP_COMPROMISE_KERNEL))
+ goto skip_sign;
+
crypto_shash_final(desc, digest);
if (ret)
goto error_shash;
@@ -1153,6 +1162,8 @@ copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap *orig_bm)
kfree(pks);
kfree(digest);
crypto_free_shash(tfm);
+
+skip_sign:
#endif /* CONFIG_SNAPSHOT_VERIFICATION */
return 0;
@@ -2382,9 +2393,11 @@ int snapshot_write_next(struct snapshot_handle *handle)
/* Allocate void * array to keep buffer point for generate hash,
* h_buf will freed in snapshot_image_verify().
*/
- h_buf = kmalloc(sizeof(void *) * nr_copy_pages, GFP_KERNEL);
- if (!h_buf)
- pr_err("Allocate hash buffer fail!");
+ if (!capable(CAP_COMPROMISE_KERNEL)) {
+ h_buf = kmalloc(sizeof(void *) * nr_copy_pages, GFP_KERNEL);
+ if (!h_buf)
+ pr_err("Allocate hash buffer fail!");
+ }
#endif
error = memory_bm_create(©_bm, GFP_ATOMIC, PG_ANY);
@@ -2414,7 +2427,7 @@ int snapshot_write_next(struct snapshot_handle *handle)
if (IS_ERR(handle->buffer))
return PTR_ERR(handle->buffer);
#ifdef CONFIG_SNAPSHOT_VERIFICATION
- if (h_buf)
+ if (!capable(CAP_COMPROMISE_KERNEL) && h_buf)
*h_buf = handle->buffer;
#endif
}
@@ -2428,7 +2441,7 @@ int snapshot_write_next(struct snapshot_handle *handle)
if (handle->buffer != buffer)
handle->sync_read = 0;
#ifdef CONFIG_SNAPSHOT_VERIFICATION
- if (h_buf)
+ if (!capable(CAP_COMPROMISE_KERNEL) && h_buf)
*(h_buf + (handle->cur - nr_meta_pages - 1)) = handle->buffer;
/* Keep the buffer of sign key in snapshot */
if (pfn == skey_data_buf_pfn)
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index b5f8ce1..40225d7 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -1005,7 +1005,7 @@ static int load_image(struct swap_map_handle *handle,
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;
#ifdef CONFIG_SNAPSHOT_VERIFICATION
- else {
+ else if (!capable(CAP_COMPROMISE_KERNEL)) {
ret = snapshot_image_verify();
if (ret)
pr_info("PM: snapshot signature check FAIL: %d\n", ret);
@@ -1370,7 +1370,7 @@ out_finish:
}
}
#ifdef CONFIG_SNAPSHOT_VERIFICATION
- if (!ret) {
+ if (!ret && !capable(CAP_COMPROMISE_KERNEL)) {
ret = snapshot_image_verify();
if (ret)
pr_info("PM: snapshot signature check FAIL: %d\n", ret);
diff --git a/kernel/power/user.c b/kernel/power/user.c
index 27b21ee..690f148 100644
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -48,6 +48,14 @@ static int snapshot_open(struct inode *inode, struct file *filp)
struct snapshot_data *data;
int error;
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ if (!capable(CAP_COMPROMISE_KERNEL) && !wkey_data_available()) {
+#else
+ if (!capable(CAP_COMPROMISE_KERNEL)) {
+#endif
+ return -EPERM;
+ }
+
lock_system_sleep();
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
@@ -255,6 +263,8 @@ static long snapshot_ioctl(struct file *filp, unsigned int cmd,
break;
}
#ifdef CONFIG_SNAPSHOT_VERIFICATION
+ if (capable(CAP_COMPROMISE_KERNEL))
+ goto skip_verify;
if (!snapshot_image_verify()) {
pr_info("PM: snapshot signature check SUCCESS!\n");
snapshot_fill_s4_skey();
@@ -263,6 +273,7 @@ static long snapshot_ioctl(struct file *filp, unsigned int cmd,
error = -EPERM;
break;
}
+skip_verify:
#endif
error = hibernation_restore(data->platform_support);
break;
--
1.6.4.2
next prev parent reply other threads:[~2013-08-22 11:01 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-22 11:01 [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot Lee, Chun-Yi
2013-08-22 11:01 ` [PATCH 03/18] asymmetric keys: separate the length checking of octet string from RSA_I2OSP Lee, Chun-Yi
2013-08-25 16:01 ` Pavel Machek
2013-08-26 10:25 ` joeyli
2013-08-26 10:25 ` joeyli
2013-08-26 10:25 ` joeyli
[not found] ` <20130825160147.GB5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-26 10:25 ` joeyli
2013-08-26 10:25 ` joeyli
[not found] ` <1377512731.27967.34.camel@linux-s257.site>
[not found] ` <1377512731.27967.34.camel-ONCj+Eqt86TasUa73XJKwA@public.gmane.org>
2013-08-26 11:27 ` Pavel Machek
[not found] ` <20130826112737.GA18300-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 8:36 ` Jiri Kosina
[not found] ` <1377169317-5959-1-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2013-08-22 11:01 ` [PATCH 01/18] asymmetric keys: add interface and skeleton for implement signature generation Lee, Chun-Yi
2013-08-22 11:01 ` [PATCH 02/18] asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa Lee, Chun-Yi
[not found] ` <1377169317-5959-3-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2013-08-25 15:53 ` Pavel Machek
2013-08-26 10:17 ` joeyli
2013-08-26 10:17 ` joeyli
2013-08-26 10:17 ` joeyli
[not found] ` <20130825155309.GA5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-26 10:17 ` joeyli
2013-08-26 10:17 ` joeyli
2013-08-22 11:01 ` [PATCH 04/18] asymmetric keys: implement OS2IP " Lee, Chun-Yi
2013-08-22 11:01 ` [PATCH 10/18] efi: Enable secure boot lockdown automatically when enabled in firmware Lee, Chun-Yi
2013-08-25 16:22 ` Pavel Machek
[not found] ` <20130825162243.GG5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-25 16:26 ` Matthew Garrett
2013-09-03 10:49 ` Matt Fleming
2013-08-22 11:01 ` [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot Lee, Chun-Yi
2013-08-25 16:25 ` Pavel Machek
2013-08-27 9:04 ` joeyli
2013-08-27 9:04 ` joeyli
2013-08-27 9:04 ` joeyli
[not found] ` <20130825162554.GH5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 9:04 ` joeyli
2013-08-27 9:04 ` joeyli
[not found] ` <1377594283.20140.3.camel@linux-s257.site>
[not found] ` <1377594283.20140.3.camel-ONCj+Eqt86TasUa73XJKwA@public.gmane.org>
2013-08-27 11:29 ` Pavel Machek
[not found] ` <20130827112943.GA20527-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 12:01 ` Manfred Hollstein
[not found] ` <20130827120142.GA4314-FGSgn5mWDzkZXJsbVdw/lG363IjY150HP6IUcbMO39o@public.gmane.org>
2013-08-27 14:17 ` Pavel Machek
2013-08-27 13:12 ` joeyli
2013-08-27 13:12 ` joeyli
2013-08-27 13:12 ` joeyli
2013-08-27 13:12 ` joeyli
2013-08-27 13:12 ` joeyli
2013-09-05 8:53 ` Matt Fleming
2013-09-05 10:13 ` joeyli
2013-09-05 10:13 ` joeyli
2013-09-05 10:13 ` joeyli
2013-09-05 10:13 ` joeyli
[not found] ` <20130905085348.GJ28598-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>
2013-09-05 10:13 ` joeyli
[not found] ` <1378376016.6193.71.camel@linux-s257.site>
[not found] ` <1378376016.6193.71.camel-ONCj+Eqt86TasUa73XJKwA@public.gmane.org>
2013-09-05 10:31 ` Matt Fleming
2013-09-05 13:28 ` joeyli
2013-09-05 13:28 ` joeyli
2013-09-05 13:28 ` joeyli
[not found] ` <20130905103158.GM28598-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>
2013-09-05 13:28 ` joeyli
2013-09-05 13:28 ` joeyli
2013-08-22 11:01 ` [PATCH 12/18] Hibernate: generate and " Lee, Chun-Yi
2013-08-25 16:36 ` Pavel Machek
[not found] ` <20130825163648.GI5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 3:22 ` joeyli
2013-08-27 3:22 ` joeyli
2013-08-27 3:22 ` joeyli
2013-08-27 3:22 ` joeyli
2013-08-27 3:22 ` joeyli
2013-08-22 11:01 ` [PATCH 13/18] Hibernate: Avoid S4 sign key data included in snapshot image Lee, Chun-Yi
2013-08-25 16:39 ` Pavel Machek
2013-08-27 8:33 ` joeyli
2013-08-27 8:33 ` joeyli
[not found] ` <20130825163931.GJ5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 8:33 ` joeyli
2013-08-27 8:33 ` joeyli
2013-08-27 8:33 ` joeyli
2013-08-22 11:01 ` Lee, Chun-Yi [this message]
2013-08-25 16:42 ` [PATCH 15/18] Hibernate: adapt to UEFI secure boot with signature check Pavel Machek
2013-08-27 10:14 ` joeyli
2013-08-27 10:14 ` joeyli
2013-08-27 10:14 ` joeyli
2013-08-27 10:14 ` joeyli
[not found] ` <20130825164219.GK5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 10:14 ` joeyli
2013-08-22 11:01 ` [PATCH 16/18] Hibernate: show the verification time for monitor performance Lee, Chun-Yi
2013-08-28 21:01 ` [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot Florian Weimer
2013-08-29 0:01 ` joeyli
[not found] ` <87eh9dzg00.fsf-ZqZwdwZz9NfTBotR3TxKnbNAH6kLmebB@public.gmane.org>
2013-08-29 0:01 ` joeyli
2013-08-29 0:01 ` joeyli
2013-08-29 0:01 ` joeyli
2013-08-29 0:01 ` joeyli
[not found] ` <1377734505.19568.39.camel@linux-s257.site>
[not found] ` <1377734505.19568.39.camel-ONCj+Eqt86TasUa73XJKwA@public.gmane.org>
2013-08-29 21:32 ` Pavel Machek
2013-08-29 22:30 ` joeyli
2013-08-29 22:30 ` joeyli
2013-08-29 22:30 ` joeyli
[not found] ` <20130829213249.GA25940-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-29 22:30 ` joeyli
2013-08-29 22:30 ` joeyli
2013-09-01 10:41 ` Florian Weimer
[not found] ` <87r4d8vn71.fsf-ZqZwdwZz9NfTBotR3TxKnbNAH6kLmebB@public.gmane.org>
2013-09-01 16:04 ` Matthew Garrett
[not found] ` <20130901160429.GA1375-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
2013-09-01 16:40 ` Florian Weimer
2013-09-02 2:12 ` joeyli
[not found] ` <87vc2ksdfa.fsf-ZqZwdwZz9NfTBotR3TxKnbNAH6kLmebB@public.gmane.org>
2013-09-01 16:46 ` Matthew Garrett
2013-09-02 2:12 ` joeyli
2013-09-02 2:12 ` joeyli
2013-09-02 2:12 ` joeyli
2013-09-02 2:12 ` joeyli
2013-08-22 11:01 ` [PATCH 05/18] asymmetric keys: implement RSASP1 Lee, Chun-Yi
2013-08-22 11:01 ` [PATCH 06/18] asymmetric keys: support parsing PKCS #8 private key information Lee, Chun-Yi
2013-08-25 16:10 ` Pavel Machek
2013-08-22 11:01 ` [PATCH 07/18] asymmetric keys: explicitly add the leading zero byte to encoded message Lee, Chun-Yi
2013-08-25 16:13 ` Pavel Machek
2013-08-22 11:01 ` [PATCH 08/18] Secure boot: Add new capability Lee, Chun-Yi
2013-08-25 16:14 ` Pavel Machek
2013-08-22 11:01 ` [PATCH 09/18] Secure boot: Add a dummy kernel parameter that will switch on Secure Boot mode Lee, Chun-Yi
2013-08-25 16:16 ` Pavel Machek
2013-08-22 11:01 ` [PATCH 14/18] Hibernate: applied SNAPSHOT_VERIFICATION config to switch signature check Lee, Chun-Yi
2013-08-22 11:01 ` [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm Lee, Chun-Yi
[not found] ` <1377169317-5959-18-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2013-08-25 16:43 ` Pavel Machek
2013-08-27 10:22 ` joeyli
2013-08-27 10:22 ` joeyli
2013-08-27 10:22 ` joeyli
2013-08-27 10:22 ` joeyli
[not found] ` <20130825164329.GL5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 10:22 ` joeyli
[not found] ` <1377598937.20140.12.camel@linux-s257.site>
2013-08-27 11:30 ` Pavel Machek
2013-08-27 12:54 ` joeyli
2013-08-27 12:54 ` joeyli
[not found] ` <20130827113044.GB20527-tWAi6jLit6GreWDznjuHag@public.gmane.org>
2013-08-27 12:54 ` joeyli
2013-08-27 12:54 ` joeyli
2013-08-27 12:54 ` joeyli
2013-08-22 11:01 ` [PATCH 18/18] Hibernate: notify bootloader regenerate key-pair for snapshot verification Lee, Chun-Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1377169317-5959-16-git-send-email-jlee@suse.com \
--to=joeyli.kernel-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=GLin-IBi9RG/b67k@public.gmane.org \
--cc=JKosina-IBi9RG/b67k@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=james.bottomley-JuX6DAaQMKPCXq6kfMZ53/egYHeGw8Jk@public.gmane.org \
--cc=jlee-IBi9RG/b67k@public.gmane.org \
--cc=jwboyer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org \
--cc=mmarek-AlSwsSmVLrQ@public.gmane.org \
--cc=opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org \
--cc=pavel-+ZI9xUNit7I@public.gmane.org \
--cc=rjw-KKrjLPT3xs0@public.gmane.org \
--cc=rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org \
--cc=vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=vojtech-AlSwsSmVLrQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).