From: rppt@linux.vnet.ibm.com (Mike Rapoport)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v5 0/4] Certificate insertion support for x86 bzImages
Date: Mon, 25 Sep 2017 09:12:01 +0300 [thread overview]
Message-ID: <20170925061159.GA6934@rapoport-lnx> (raw)
In-Reply-To: <1494440456-28671-1-git-send-email-mkayaalp@linux.vnet.ibm.com>
Hi,
> These patches add support for modifying the reserved space for extra
> certificates in a compressed bzImage in x86. This allows separating the
> system keyring certificate from the kernel build process. After the kernel
> image is distributed, the insert-sys-cert script can be used to insert the
> certificate for x86.
I know it's been a while since these patches were posted and they seem to
fail between the cracks ...
Is there anything that prevents merging them?
> Changes:
>
> v5:
> * Added CRC fixing (3/4)
>
> v4:
> * Applied checkpatch.pl suggestions (2/4, 3/4)
> * Cleaned up the commit messages (1/4, 2/4)
> * Added the build file to .gitignore (1/4)
>
> v3:
> * Rewrote 1/4 to insert incompressible bytes are at build time. Previous
> solution required changes to <arch>/boot/Makefile's for modifying the
> vmlinux file after linking, and did not work well with cross compilation.
> * Added 2/4 for ELF class-independent processing of vmlinux file, in case
> the script was compiled for 64-bit and the kernel was compiled for 32-bit.
> * Reordered 3/4, added x86 bzImage boot version (>=2.08) verification.
>
> v2:
> * Rebased arch/boot/x86/Makefile patch (removed in v3)
>
> Mehmet Kayaalp (4):
> KEYS: Insert incompressible bytes to reserve space in bzImage
> KEYS: Add ELF class-independent certificate insertion support
> KEYS: Support for inserting a certificate into x86 bzImage
> KEYS: Print insert-sys-cert information to stdout instead of stderr
>
> certs/.gitignore | 1 +
> certs/Makefile | 21 +-
> certs/system_certificates.S | 2 +-
> scripts/Makefile | 1 +
> scripts/insert-sys-cert.c | 473 +++++++++++++++++++++++++++++++++-----------
> 5 files changed, 381 insertions(+), 117 deletions(-)
--
Sincerely yours,
Mike.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-09-25 6:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-10 18:20 [PATCH v5 0/4] Certificate insertion support for x86 bzImages Mehmet Kayaalp
2017-05-10 18:20 ` [PATCH v5 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage Mehmet Kayaalp
2017-05-10 18:20 ` [PATCH v5 2/4] KEYS: Add ELF class-independent certificate insertion support Mehmet Kayaalp
2017-05-10 18:20 ` [PATCH v5 3/4] KEYS: Support for inserting a certificate into x86 bzImage Mehmet Kayaalp
2017-05-10 18:20 ` [PATCH v5 4/4] KEYS: Print insert-sys-cert information to stdout instead of stderr Mehmet Kayaalp
2017-09-25 6:12 ` Mike Rapoport [this message]
2017-11-08 13:30 ` [PATCH v5 2/4] KEYS: Add ELF class-independent certificate insertion support David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170925061159.GA6934@rapoport-lnx \
--to=rppt@linux.vnet.ibm.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).