[PATCHv2 0/7] RFC: Public key encryption of dmesg by the kernel

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Dan Aloni <dan@kernelim.com>
To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [PATCHv2 0/7] RFC: Public key encryption of dmesg by the kernel
Date: Sat, 13 Jan 2018 23:34:34 +0200	[thread overview]
Message-ID: <20180113213441.52047-1-dan@kernelim.com> (raw)

Changes from v1 [1]:

 - Made suggested fixes following a review from Randy Dunlap
 - Modified the ASCII encoding of cipher text to base64 instead of hex,
   with newlines replaced by '~' ; updated dmesg-decipher for it too
 - Moved base64 code from fs/ceph to lib, and improved it a bit
 - Improved checks that we are not overflowing the user buffer when
   using copy_to_user to in the added code
 - Added some prints when errors in dmesg-decipher
 - Fixes to Makefile at tools/ for building 'kmsg' (should it
   build by default in target 'all'? There is an openssl depdendency.)
 - checkpatch.pl linting

[1] https://lwn.net/Articles/742412/

Dan Aloni (7):
  crypto: fix memory leak in rsa-kcs1pad encryption
  Move net/ceph/armor to lib/ and add docs
  base64-armor: add bounds checking
  certs: allow in-kernel access of trusted keys
  printk: allow kmsg to be encrypted using public key encryption
  tools: add dmesg decryption program
  docs: add dmesg encryption doc

 Documentation/admin-guide/dmesg-encryption.rst | 116 +++++++
 Documentation/admin-guide/index.rst            |   1 +
 Documentation/ioctl/ioctl-number.txt           |   1 +
 certs/system_keyring.c                         |  56 ++-
 crypto/rsa-pkcs1pad.c                          |   9 -
 include/keys/system_keyring.h                  |   3 +
 include/linux/base64-armor.h                   |  70 ++++
 include/uapi/linux/kmsg.h                      |  18 +
 init/Kconfig                                   |  11 +
 kernel/printk/printk.c                         | 451 +++++++++++++++++++++++++
 lib/Kconfig                                    |   7 +
 lib/Makefile                                   |   1 +
 net/ceph/armor.c => lib/base64-armor.c         |  29 +-
 net/ceph/Kconfig                               |   1 +
 net/ceph/Makefile                              |   2 +-
 net/ceph/crypto.c                              |   3 +-
 net/ceph/crypto.h                              |   4 -
 tools/Makefile                                 |   9 +-
 tools/kmsg/.gitignore                          |   1 +
 tools/kmsg/Makefile                            |  14 +
 tools/kmsg/dmesg-decipher.c                    | 354 +++++++++++++++++++
 21 files changed, 1139 insertions(+), 22 deletions(-)
 create mode 100644 Documentation/admin-guide/dmesg-encryption.rst
 create mode 100644 include/linux/base64-armor.h
 create mode 100644 include/uapi/linux/kmsg.h
 rename net/ceph/armor.c => lib/base64-armor.c (75%)
 create mode 100644 tools/kmsg/.gitignore
 create mode 100644 tools/kmsg/Makefile
 create mode 100644 tools/kmsg/dmesg-decipher.c

-- 
2.14.3

next             reply	other threads:[~2018-01-13 21:36 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-13 21:34 Dan Aloni [this message]
2018-01-13 21:34 ` [PATCHv2 1/7] crypto: fix memory leak in rsa-kcs1pad encryption Dan Aloni
2018-01-13 21:34 ` [PATCHv2 2/7] Move net/ceph/armor to lib/ and add docs Dan Aloni
2018-01-13 21:34 ` [PATCHv2 3/7] base64-armor: add bounds checking Dan Aloni
2018-01-13 21:34 ` [PATCHv2 4/7] certs: allow in-kernel access of trusted keys Dan Aloni
2018-01-15  9:11   ` David Howells
2018-01-13 21:34 ` [PATCHv2 5/7] printk: allow kmsg to be encrypted using public key encryption Dan Aloni
2018-01-14  1:48   ` Sergey Senozhatsky
2018-01-14  8:01     ` Dan Aloni
2018-01-15 12:52       ` Steven Rostedt
2018-01-16  2:09         ` Sergey Senozhatsky
2018-01-16 23:44         ` [kernel-hardening] " Daniel Micay
2018-01-17 15:01           ` Steven Rostedt
2018-01-13 21:34 ` [PATCHv2 6/7] tools: add dmesg decryption program Dan Aloni
2018-01-13 21:34 ` [PATCHv2 7/7] docs: add dmesg encryption doc Dan Aloni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180113213441.52047-1-dan@kernelim.com \
    --to=dan@kernelim.com \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox