From: Borislav Petkov <bp@alien8.de>
To: David Howells <dhowells@redhat.com>, Vivek Goyal <vgoyal@redhat.com>
Cc: keyrings@linux-nfs.org, linux-security-module@vger.kernel.org,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
x86-ml <x86@kernel.org>
Subject: Re: [PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for kexec
Date: Wed, 9 Jul 2014 18:03:49 +0200 [thread overview]
Message-ID: <20140709160349.GA5292@pd.tnic> (raw)
In-Reply-To: <20140709151525.23074.32315.stgit@warthog.procyon.org.uk>
Hi David,
On Wed, Jul 09, 2014 at 04:15:25PM +0100, David Howells wrote:
> David Howells (16):
> X.509: Add bits needed for PKCS#7
> X.509: Export certificate parse and free functions
> PKCS#7: Implement a parser [RFC 2315]
> PKCS#7: Digest the data in a signed-data message
> PKCS#7: Find the right key in the PKCS#7 key list and verify the signature
> PKCS#7: Verify internal certificate chain
> PKCS#7: Find intersection between PKCS#7 message and known, trusted keys
> PKCS#7: Provide a key type for testing PKCS#7
> KEYS: X.509: Fix a spelling mistake
> Provide PE binary definitions
> pefile: Parse a PE binary to find a key and a signature contained therein
> pefile: Strip the wrapper off of the cert data block
> pefile: Parse the presumed PKCS#7 content of the certificate blob
> pefile: Parse the "Microsoft individual code signing" data blob
> pefile: Digest the PE binary and compare to the PKCS#7 data
> pefile: Validate PKCS#7 trust chain
>
> Vivek Goyal (1):
> pefile: Handle pesign using the wrong OID
let me see if I get this straight:
this current submission is supposed to replace
http://lkml.kernel.org/r/20140708131504.28621.61165.stgit@warthog.procyon.org.uk
and Vivek's one:
http://lkml.kernel.org/r/1404421641-12691-1-git-send-email-vgoyal@redhat.com
(which added those parsers to arch/x86/kernel/ - not a good place anyway.)
?
The kexec bits with the sig verif will come ontop, it seems. What's the
story guys?
Thanks.
--
Regards/Gruss,
Boris.
Sent from a fat crate under my desk. Formatting is fine.
--
next prev parent reply other threads:[~2014-07-09 16:03 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-09 15:15 [PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for kexec David Howells
2014-07-09 15:15 ` [PATCH01/17] X.509: Add bits needed for PKCS#7 David Howells
2014-07-09 15:15 ` [PATCH02/17] X.509: Export certificate parse and free functions David Howells
2014-07-09 15:15 ` [PATCH03/17] PKCS#7: Implement a parser [RFC 2315] David Howells
2014-07-09 15:15 ` [PATCH04/17] PKCS#7: Digest the data in a signed-data message David Howells
2014-07-09 15:15 ` [PATCH05/17] PKCS#7: Find the right key in the PKCS#7 key list and verify the signature David Howells
2014-07-09 15:16 ` [PATCH06/17] PKCS#7: Verify internal certificate chain David Howells
2014-07-10 17:06 ` Valdis.Kletnieks
2014-07-10 20:37 ` David Howells
2014-07-09 15:16 ` [PATCH07/17] PKCS#7: Find intersection between PKCS#7 message and known, trusted keys David Howells
2014-07-09 15:16 ` [PATCH08/17] PKCS#7: Provide a key type for testing PKCS#7 David Howells
2014-07-09 15:16 ` [PATCH09/17] KEYS: X.509: Fix a spelling mistake David Howells
2014-07-09 15:16 ` [PATCH10/17] Provide PE binary definitions David Howells
2014-07-09 15:16 ` [PATCH11/17] pefile: Parse a PE binary to find a key and a signature contained therein David Howells
2014-07-09 15:16 ` [PATCH12/17] pefile: Strip the wrapper off of the cert data block David Howells
2014-07-09 15:16 ` [PATCH13/17] pefile: Parse the presumed PKCS#7 content of the certificate blob David Howells
2014-07-09 15:16 ` [PATCH14/17] pefile: Parse the "Microsoft individual code signing" data blob David Howells
2014-07-09 15:17 ` [PATCH15/17] pefile: Handle pesign using the wrong OID David Howells
2014-07-09 15:17 ` [PATCH16/17] pefile: Digest the PE binary and compare to the PKCS#7 data David Howells
2014-07-09 15:17 ` [PATCH17/17] pefile: Validate PKCS#7 trust chain David Howells
2014-07-09 16:03 ` Borislav Petkov [this message]
2014-07-09 16:21 ` [PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for kexec Vivek Goyal
2014-07-09 16:28 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140709160349.GA5292@pd.tnic \
--to=bp@alien8.de \
--cc=dhowells@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=vgoyal@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox