Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add codeSigning EKU when generating X.509 key generation
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add codeSigning EKU when generating X.509 key generation
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add codeSigning EKU when generating X.509 key generation
config
Documentation/admin-guide/module
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU be enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
extension
field in X.509. And checking the CodeSigning EKU when verifying
signature of kernel module or kexec PE binary in PKCS#7.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (2):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
This patch adds the logic for checking the CodeSigning extended
key usage extenstion when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
extension
field in X.509. And checking the CodeSigning EKU when verifying signature
of kernel module or kexec PE binary in PKCS#7.
Lee, Chun-Yi (2):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
certs/system_keyring.c
Cc: Greg Kroah-Hartman
Cc: Arthur Heymans
Cc: Patrick Rudolph
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi.c | 7 ---
drivers/firmware/efi/vars.c | 17 +
2 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/d
This patch creates efivars mount point when active efivars abstraction
be set. It is useful for userland to determine the availability of efivars
filesystem.
Cc: Matthias Brugger
Cc: Fabian Vogt
Cc: Ilias Apalodimas
Cc: Ard Biesheuvel
Signed-off-by: "Lee, Chun-Yi"
---
be
instantiated using a different efivars abstraction.
Cc: Matthias Brugger
Cc: Fabian Vogt
Cc: Ilias Apalodimas
Cc: Ard Biesheuvel
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/driver
Apalodimas
Cc: Ard Biesheuvel
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index fdd1db025dbf..929fbf4dfd5d 100644
--- a/drivers/fi
Kconfig
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/kernel-parameters.tx
Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/power.h| 6
kernel/power/snapshot.c | 5
kernel/power/snapshot_key.c | 67 +
3 files changed, 78 insertions(+)
diff --git a/kernel/power/power.h b/kernel
y. And the initialization
vector will be kept in snapshot header for resuming.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Ch
ael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 18 ++-
kernel/power/power.h | 2
g.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/Kconfig| 14 +++
kernel/power
Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
Lee, Chun-Yi (5):
PM / hibernate: Create snapshot keys handler
PM / hibernate: Generate and
oah-Hartman
Cc: "Rafael J. Wysocki"
Cc: Chen Yu
Cc: Giovanni Gherdovich
Cc: Jann Horn
Cc: Andy Lutomirski
Cc: Pavel Machek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, Chun-Yi"
---
kernel/p
achek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, Chun-Yi"
---
fs/sysfs/file.c | 8
include/linux/kobject.h | 2 ++
include/linux/sysfs.h | 2 ++
lib/kobject.c | 26 +++
capability.
Cc: Greg Kroah-Hartman
Cc: "Rafael J. Wysocki"
Cc: Chen Yu
Cc: Giovanni Gherdovich
Cc: Jann Horn
Cc: Andy Lutomirski
Cc: Pavel Machek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, C
ael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 18 ++-
kernel/power/power.h | 26
kernel/pow
socki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/kernel-parameters.txt | 6
include/linux/kernel.h |
to forward snapshot master key to image kernel.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/power.h| 6 +
kernel/power
y. And the initialization
vector will be kept in snapshot header for resuming.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 8 ++-
Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
Lee, Chun-Yi (5):
PM / hibernate: Create snapshot keys handler
PM / hibernate: Generate and verify signature for snapshot image
PM / hibernate: Encrypt snapshot image
be
initialled when hibernation be triggered.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/Kconfig| 14 +++
kernel/power/Make
claims the resources of firmware enabled IOAPIC before
children bus. Then kernel gets a chance to reassign the resources of
children bus to avoid the conflict.
Cc: Bjorn Helgaas
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: "H. Peter Anvin"
Signed-off-by: "Lee, Chun-Yi"
Biesheuvel
Cc: Takashi Iwai
Cc: Vivek Goyal
Cc: Ingo Molnar
Tested-by: Randy Wright
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c
index 5
: Ingo Molnar
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c
index 5fc7052..1f592d8 100644
--- a/drivers/firmware/efi/memmap.c
+++ b/dr
ocko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 8e63d93..490498e 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -116,6 +116,7 @@ bool acpi_scan_
Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459..d6de4d0 100644
--- a/certs/load_uefi.c
+++ b/ce
error message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 16 +---
1 file changed, 13 insert
t get UEFI MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 43 ++-
bit before we trust it.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 35 +++
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index dc6
, the hash can be
compared by kernel.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
kernel/module_signing.c | 62 +++--
1 file changed, 60 insertions(+), 2 deletions(-)
diff --git a/kernel/module_sig
Josh Boyer
Cc: James Bottomley
Signed-off-by: Lee, Chun-Yi
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459..d6de4d0 100644
--- a/certs/load_uefi.c
+++ b/certs/load_u
t get UEFI MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: Lee, Chun-Yi
---
certs/load_uefi.c | 43 ++-
include/l
error message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates
ck, kernel sends the
KOBJ_CHANGE uevent with a offline environmental data to indicate
purpose. It's useful by udev rule for using ENV{EVENT} filter.
Cc: Michal Hocko
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 3 ++-
t get UEFI MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 43 ++-
include/linux/efi.h | 25 +
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells
Cc: Josh Boyer
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
di
, the hash can be
compared by kernel.
Cc: David Howells
Cc: Josh Boyer
Signed-off-by: "Lee, Chun-Yi"
---
kernel/module_signing.c | 62 +++--
1 file changed, 60 insertions(+), 2 deletions(-)
diff --git a/kernel/module_signing.c b/kernel/module_
t. Or
revoking a kernel module that it was signed by a unsecure key.
Except MOKx, this patch set fixs another two issues: The MOK/MOKx should
not be loaded when secure boot is disabled. And, modified error message
prints out appropriate status string for reading by human being.
Lee, Chun-
Josh Boyer
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459..d6de4d0 100644
--- a/certs/load_uefi.c
+++ b/certs/load_uefi.c
@@
hould
not be loaded when secure boot is disabled. And, modified error message
prints out appropriate status string for reading by human being.
Lee, Chun-Yi (4):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates
ecure boot flag can be kept when
the secure mode is not _unset_. Therefore the flag value from EFI stub
can also be kept.
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1418360
Signed-off-by: "Lee, Chun-Yi"
Cc: Matt Fleming
Cc: David Howells
Cc: Ard Biesheuvel
---
arch/x86/boo
iller"
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/asymmetric_type.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/asymmetric_type.c
b/crypto/asymmetric_keys/asymmetric_type.c
index 3a3b028..39aecad 100644
--- a/cr
For finding asymmetric key, the input id_0 and id_1 parameters can
not be NULL at the same time. This patch adds the BUG_ON checking
for id_0 and id_1.
Cc: David Howells
Cc: Herbert Xu
Cc: "David S. Miller"
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/asymmet
kiewicz
Cc: Andrew Morton
Signed-off-by: "Lee, Chun-Yi"
Signed-off-by: Takashi Iwai
---
lib/oid_registry.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/oid_registry.c b/lib/oid_registry.c
index 318f382..41b9e50 100644
--- a/lib/oid_registry.c
+++
czorkiewicz
Signed-off-by: "Lee, Chun-Yi"
---
lib/oid_registry.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/oid_registry.c b/lib/oid_registry.c
index 318f382..41b9e50 100644
--- a/lib/oid_registry.c
+++ b/lib/oid_registry.c
@@ -142,9 +142,9 @@ int sprint
Move
the "error code to ost code" logic to a help function. (Andy Shevchenko)
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Cc: Michal Hocko
Reviewed-by: Andy Shevchenko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 18 +-
1 file changed, 13 i
Brown
Cc: Michal Hocko
Reviewed-by: Andy Shevchenko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/bus.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index 784bda6..9d4fea6 100644
--- a/drivers/acpi/bus.c
+++
Move
the "error code to ost code" logic to a help function. (Andy Shevchenko)
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Cc: Andy Shevchenko
Cc: Michal Hocko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 18 +-
1 file changed, 13 insertions(+)
Brown
Cc: Michal Hocko
Reviewed-by: Andy Shevchenko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/bus.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index 784bda6..9d4fea6 100644
--- a/drivers/acpi/bus.c
+++
)
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Cc: Andy Shevchenko
Cc: Michal Hocko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 21 +++--
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 3a
Shevchenko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/bus.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index 34fbe02..91adb71 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -427,12 +427,17 @@ static
Hart
Cc: Andy Shevchenko
Cc: Pali Rohár
Signed-off-by: "Lee, Chun-Yi"
---
drivers/platform/x86/acer-wmi.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c
index 79fa5ab..ef420b6 100644
--- a/
The description of tracepoint_probe_register duplicates
with tracepoint_probe_register_prio. This patch cleans up
the description.
Cc: Steven Rostedt
Cc: Ingo Molnar
Signed-off-by: "Lee, Chun-Yi"
---
kernel/tracepoint.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
di
)
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Cc: Andy Shevchenko
Cc: Michal Hocko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 21 +++--
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 3a
Shevchenko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/bus.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index 34fbe02..91adb71 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -427,12 +427,17 @@ static
rn code to
ACPI_OST_SC_DEVICE_BUSY when the acpi hot remove function returns
-EBUSY.
v2:
Do not overwrite ost code in acpi_generic_hotplug_event(). Move
the "error code to ost code" logic to a help function.
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Cc: Andy Shevchenko
Signed-off-by: "Lee, Chun
Kernel should decrements the reference count of acpi device
when the scheduling of acpi hotplug work is failed, and
evaluates _OST to notify BIOS the failure.
v2:
To simplify the code. (Andy Shevchenko)
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Cc: Andy Shevchenko
Signed-off-by: &qu
EVICE_BUSY when the acpi hot remove function returns
-EBUSY.
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi
Kernel should decrements the reference count of acpi device
when scheduling acpi hotplug work is failed, and also evaluates
_OST to notify BIOS the failure.
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/bus.c | 10 --
1 file c
EVICE_BUSY when the acpi hot remove function returns
-EBUSY.
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi
1 - 100 of 259 matches
Mail list logo
