public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: Borislav Petkov <bp@alien8.de>
Cc: dhowells@redhat.com, Vivek Goyal <vgoyal@redhat.com>,
	keyrings@linux-nfs.org, linux-security-module@vger.kernel.org,
	kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
	x86-ml <x86@kernel.org>
Subject: Re: [PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for kexec
Date: Wed, 09 Jul 2014 17:28:49 +0100	[thread overview]
Message-ID: <7857.1404923329@warthog.procyon.org.uk> (raw)
In-Reply-To: <20140709160349.GA5292@pd.tnic>

Borislav Petkov <bp@alien8.de> wrote:

> let me see if I get this straight:
> 
> this current submission is supposed to replace
> 
> http://lkml.kernel.org/r/20140708131504.28621.61165.stgit@warthog.procyon.org.uk

Yes.  It's an extension of that.  Plus I did it wrong and managed to lose the
actual first patch, I realise.

> and Vivek's one:
> 
> http://lkml.kernel.org/r/1404421641-12691-1-git-send-email-vgoyal@redhat.com
> 
> (which added those parsers to arch/x86/kernel/ - not a good place anyway.)

Yep.

> The kexec bits with the sig verif will come ontop, it seems. What's the
> story guys?

Here's an example of what I think it could look like:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-modsign.git/log/?h=kexec-pefile

I did the following:

 (1) Rebased all but the last of Vivek's patches onto the same base as my
     pkcs7 and pefile patches.

 (2) Substituted on of Andrew Morton's patches for one of Vivek's.

 (3) Stacked a merge of my stuff on top of Vivek's.

 (4) Stacked Vivek's final patch on top of that and fixed it to work with my
     changed stuff.

I'm leaving that to Vivek as to when he wants to push that out, though - and
whether or not he wants to push from my tree or his own.

David

      parent reply	other threads:[~2014-07-09 16:29 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-09 15:15 [PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for kexec David Howells
2014-07-09 15:15 ` [PATCH01/17] X.509: Add bits needed for PKCS#7 David Howells
2014-07-09 15:15 ` [PATCH02/17] X.509: Export certificate parse and free functions David Howells
2014-07-09 15:15 ` [PATCH03/17] PKCS#7: Implement a parser [RFC 2315] David Howells
2014-07-09 15:15 ` [PATCH04/17] PKCS#7: Digest the data in a signed-data message David Howells
2014-07-09 15:15 ` [PATCH05/17] PKCS#7: Find the right key in the PKCS#7 key list and verify the signature David Howells
2014-07-09 15:16 ` [PATCH06/17] PKCS#7: Verify internal certificate chain David Howells
2014-07-10 17:06   ` Valdis.Kletnieks
2014-07-10 20:37     ` David Howells
2014-07-09 15:16 ` [PATCH07/17] PKCS#7: Find intersection between PKCS#7 message and known, trusted keys David Howells
2014-07-09 15:16 ` [PATCH08/17] PKCS#7: Provide a key type for testing PKCS#7 David Howells
2014-07-09 15:16 ` [PATCH09/17] KEYS: X.509: Fix a spelling mistake David Howells
2014-07-09 15:16 ` [PATCH10/17] Provide PE binary definitions David Howells
2014-07-09 15:16 ` [PATCH11/17] pefile: Parse a PE binary to find a key and a signature contained therein David Howells
2014-07-09 15:16 ` [PATCH12/17] pefile: Strip the wrapper off of the cert data block David Howells
2014-07-09 15:16 ` [PATCH13/17] pefile: Parse the presumed PKCS#7 content of the certificate blob David Howells
2014-07-09 15:16 ` [PATCH14/17] pefile: Parse the "Microsoft individual code signing" data blob David Howells
2014-07-09 15:17 ` [PATCH15/17] pefile: Handle pesign using the wrong OID David Howells
2014-07-09 15:17 ` [PATCH16/17] pefile: Digest the PE binary and compare to the PKCS#7 data David Howells
2014-07-09 15:17 ` [PATCH17/17] pefile: Validate PKCS#7 trust chain David Howells
2014-07-09 16:03 ` [PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for kexec Borislav Petkov
2014-07-09 16:21   ` Vivek Goyal
2014-07-09 16:28   ` David Howells [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7857.1404923329@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=bp@alien8.de \
    --cc=kexec@lists.infradead.org \
    --cc=keyrings@linux-nfs.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=vgoyal@redhat.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox