he missing call to tpm2_session_init() to the ibmvtpm driver to
resolve this issue.
Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/tpm_ibmvtpm.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/char/tpm/tpm_ibmvtpm.
he missing call to tpm2_session_init() to the ibmvtpm driver to
resolve this issue.
Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/tpm_ibmvtpm.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/char/tpm/tpm_ibmvtpm.
On 7/4/24 02:41, Jarkko Sakkinen wrote:
On Thu Jul 4, 2024 at 4:56 AM EEST, Stefan Berger wrote:
On 7/3/24 14:24, Jarkko Sakkinen wrote:
Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can
Doesn't tpm_chip_register() need to be called by all drivers? This
funct
ess
!chip->auth in tpm_buf_hmac_session*() and remove the fallback
implementation for !TCG_TPM2_HMAC.
Cc: sta...@vger.kernel.org # v6.9+
Reported-by: Stefan Berger
Closes:
https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stef...@linux.ibm.com/
Fixes: 1085b8276bb4 ("tpm: A
ction and deprecate
sign_hash")
Signed-off-by: Mimi Zohar
Reviewed-by: Stefan Berger
---
src/libimaevm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index a0176c0df9ef..6321f105d91f 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -1118,
On 7/1/24 13:07, Jarkko Sakkinen wrote:
All exported functions lack the check for non-nullity of chip->auth. Add
the guard for each.
Link:
https://lore.kernel.org/linux-integrity/9f86a167074d9b522311715c567f1c19b88e3ad4.ca...@kernel.org/
Cc: Stefan Berger
Cc: sta...@vger.kernel.org
On 7/1/24 15:01, Jarkko Sakkinen wrote:
On Mon Jul 1, 2024 at 6:29 PM UTC, Stefan Berger wrote:
On 7/1/24 11:22, Jarkko Sakkinen wrote:
On Fri, 2024-06-28 at 17:00 +0200, Linux regression tracking (Thorsten
Leemhuis) wrote:
[CCing the regression list]
On 20.06.24 00:34, Stefan Berger
On 7/1/24 15:01, Jarkko Sakkinen wrote:
On Mon Jul 1, 2024 at 6:29 PM UTC, Stefan Berger wrote:
On 7/1/24 11:22, Jarkko Sakkinen wrote:
On Fri, 2024-06-28 at 17:00 +0200, Linux regression tracking (Thorsten
Leemhuis) wrote:
[CCing the regression list]
On 20.06.24 00:34, Stefan Berger
On 7/1/24 11:22, Jarkko Sakkinen wrote:
On Fri, 2024-06-28 at 17:00 +0200, Linux regression tracking (Thorsten
Leemhuis) wrote:
[CCing the regression list]
On 20.06.24 00:34, Stefan Berger wrote:
Jarkko,
are you ok with this patch?
Hmmm, hope I did not miss anythng, but looks like
On 7/1/24 11:22, Jarkko Sakkinen wrote:
On Fri, 2024-06-28 at 17:00 +0200, Linux regression tracking (Thorsten
Leemhuis) wrote:
[CCing the regression list]
On 20.06.24 00:34, Stefan Berger wrote:
Jarkko,
are you ok with this patch?
Hmmm, hope I did not miss anythng, but looks like
On 6/28/24 12:39, James Bottomley wrote:
On Fri, 2024-06-28 at 10:54 +1000, Michael Ellerman wrote:
Stefan Berger writes:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[ 2.987131] tpm tpm0: tpm2_load_context: failed
On 6/28/24 12:39, James Bottomley wrote:
On Fri, 2024-06-28 at 10:54 +1000, Michael Ellerman wrote:
Stefan Berger writes:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[ 2.987131] tpm tpm0: tpm2_load_context: failed
From: Stefan Berger
When OPENSSL_Cleanup is called via destructor after main() was left then
evmctl crashes on Ubuntu 24.04 (Noble). This can be avoided by calling
OpenSSL_Cleanup explicitly before leaving main().
Link: https://bugs.launchpad.net/ubuntu/+source/softhsm2/+bug/2059340
Signed-off
From: Stefan Berger
With provider support fixed for Ubuntu 24.04 (Noble), prepare for
enabling testing with it. To test provider support on Ubuntu, make a copy
of the debian.sh install file and enable the installation of provider
support there.
Signed-off-by: Stefan Berger
---
ci/ubuntu.sh
As Ubuntu noble contains a pkcs11-provider package, use it for testing.
Also use the distro provided openssl version.
Suggested-by: Stefan Berger
Signed-off-by: Mimi Zohar
---
.github/workflows/ci.yml | 5 ++---
.travis.yml | 4 ++--
2 files changed, 4 insertions(+), 5 deletions
From: Stefan Berger
Disable testing provider support on Debian:latest and AltLinux:sisyphus
since both now get stuck while running OpenSSL provider-related tests.
This is most likely due to an update in a dependency (OpenSSL,
p11-kit-modules, softhsm, or others).
On AltLinux the issues
com/T/#meb2e76c337fe8d140cdbcc699c0606d31d7749a2
v2:
- dropped ci/cd changes from 3/4 in favor of 4/4
Regards,
Stefan
Stefan Berger (4):
Call OPENSSL_Cleanup before main exit to avoid crashes when engine was
used
CI/CD: Disable pkcs11 providers for Debian and AltLinux
CI/CD: Prep
From: Stefan Berger
Disable testing provider support on Debian:latest and AltLinux:sisyphus
since both now get stuck while running OpenSSL provider-related tests.
This is most likely due to an update in a dependency (OpenSSL, libp11,
softhsm, or others).
On AltLinux the issues is related
From: Stefan Berger
This series enables tests with OpenSSL providers on Ubuntu for testing with
pkcs11 and SoftHSM. At the same time it disables testing with OpenSSL
providers on AltLinux and Debian due to an issue that most likely stems
from a bug in a dependency (OpenSSL, libp11, SoftHSM
From: Stefan Berger
With provider support fixed for Ubuntu 24.04 (Noble), enable testing with
it. To test provider support on Ubuntu, make a copy of the debian.sh
install file and enable the installation of provider support there.
Signed-off-by: Stefan Berger
---
.github/workflows/ci.yml | 5
From: Stefan Berger
When OPENSSL_Cleanup is called via destructor after main() was left then
evmctl crashes on Ubuntu 24.04 (Noble). This can be avoided by calling
OpenSSL_Cleanup explicitly before leaving main().
Link: https://bugs.launchpad.net/ubuntu/+source/softhsm2/+bug/2059340
Signed-off
Jarkko,
are you ok with this patch?
Stefan
On 6/17/24 15:34, Stefan Berger wrote:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[2.987131] tpm tpm0: tpm2_load_context: failed with a TPM error 0x01C4
[2.987140] ima
Jarkko,
are you ok with this patch?
Stefan
On 6/17/24 15:34, Stefan Berger wrote:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[2.987131] tpm tpm0: tpm2_load_context: failed with a TPM error 0x01C4
[2.987140] ima
On 6/17/24 16:05, James Bottomley wrote:
On Mon, 2024-06-17 at 15:56 -0400, Stefan Berger wrote:
On 6/17/24 15:42, James Bottomley wrote:
On Mon, 2024-06-17 at 15:34 -0400, Stefan Berger wrote:
Fix the following type of error message caused by a missing call
to
tpm2_sessions_init
On 6/17/24 16:05, James Bottomley wrote:
On Mon, 2024-06-17 at 15:56 -0400, Stefan Berger wrote:
On 6/17/24 15:42, James Bottomley wrote:
On Mon, 2024-06-17 at 15:34 -0400, Stefan Berger wrote:
Fix the following type of error message caused by a missing call
to
tpm2_sessions_init
On 6/17/24 15:42, James Bottomley wrote:
On Mon, 2024-06-17 at 15:34 -0400, Stefan Berger wrote:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[ 2.987131] tpm tpm0: tpm2_load_context: failed with a TPM error
0x01C4
On 6/17/24 15:42, James Bottomley wrote:
On Mon, 2024-06-17 at 15:34 -0400, Stefan Berger wrote:
Fix the following type of error message caused by a missing call to
tpm2_sessions_init() in the IBM vTPM driver:
[ 2.987131] tpm tpm0: tpm2_load_context: failed with a TPM error
0x01C4
imary creation")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/tpm_ibmvtpm.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
index d3989b257f42..1e5b107d1f3b 100644
--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/driver
imary creation")
Signed-off-by: Stefan Berger
---
drivers/char/tpm/tpm_ibmvtpm.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
index d3989b257f42..1e5b107d1f3b 100644
--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/driver
I have encountered a similar problem when running test case of ima-evm-
utils with softhsm used as engine on Ubuntu 24.04 (Noble). In this case
I am also crashing in pkcs11_slot_unref when this line here is called:
CRYPTOKI_call(slot->ctx, C_CloseAllSessions(slot->id));
r *buf) "%s"
# tpm_emulator.c
tpm_emulator_set_locality(uint8_t locty) "setting locality to %d"
Reviewed-by: Stefan Berger
evmctl ima_sign failed with (1)
EVP_DigestInit() failed
openssl: error:0308010C:digital envelope routines::unsupported
openssl: error:0386:digital envelope routines::initialization error
Signed-off-by: Stefan Berger
---
src/evmctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion
Stefan Berger (2):
evmctl: Replace OSS_PROVIDER_load with OSSL_PROVIDER_try_load (Ubuntu)
tests: Use EVMCTL_ENGINE to set engine or provider for test case
src/evmctl.c | 2 +-
tests/sign_verify.test | 8
2 files changed, 5 insertions(+), 5 deletions(-)
--
2.45.0
the pkcs11-provider instead and not force usage of the
engine by passing '--engine pkcs11' to the command line.
Fixes: ffde173250 ("tests: Add pkcs11 test using provider")
Signed-off-by: Stefan Berger
---
tests/sign_verify.test | 8
1 file changed, 4 insertions(+), 4 deletion
On 5/1/24 12:52, James Bottomley wrote:
On Wed, 2024-05-01 at 12:31 -0400, Stefan Berger wrote:
On 5/1/24 12:21, James Bottomley wrote:
On Tue, 2024-04-30 at 17:12 -0400, Stefan Berger wrote:
On 4/30/24 15:08, James Bottomley wrote:
[...]
+The mssim backend supports snapshotting
On 5/1/24 12:21, James Bottomley wrote:
On Tue, 2024-04-30 at 17:12 -0400, Stefan Berger wrote:
On 4/30/24 15:08, James Bottomley wrote:
[...]
+The mssim backend supports snapshotting and migration by not
resetting
I don't thing snapshotting is supported because snapshooting would
On 4/30/24 15:08, James Bottomley wrote:
The requested feedback was to convert the tpmdev handler to being json
based, which requires rethreading all the backends. The good news is
this reduced quite a bit of code (especially as I converted it to
error_fatal handling as well, which removes
On 4/30/24 15:08, James Bottomley wrote:
The Microsoft Simulator (mssim) is the reference emulation platform
for the TCG TPM 2.0 specification.
https://github.com/Microsoft/ms-tpm-20-ref.git
It exports a fairly simple network socket based protocol on two
sockets, one for command (default
On 4/30/24 14:37, Jarkko Sakkinen wrote:
On Tue Apr 30, 2024 at 2:18 PM EEST, Stefan Berger wrote:
On 4/29/24 19:49, Jarkko Sakkinen wrote:
On Tue Apr 30, 2024 at 1:26 AM EEST, Jarkko Sakkinen wrote:
Right and obviously 3rd option is to send a PR to
https://gitlab.com/jarkkojs/linux
Reviewed-by: Stefan Berger
---
grub-core/lib/libtasn1/lib/decoding.c | 8
grub-core/lib/libtasn1/lib/element.c| 2 +-
grub-core/lib/libtasn1/lib/gstr.c | 2 +-
grub-core/lib/libtasn1/lib/int.h| 3 +--
grub-core/lib/libtasn1/lib/parser_aux.c | 2 +-
in
On 4/29/24 19:49, Jarkko Sakkinen wrote:
On Tue Apr 30, 2024 at 1:26 AM EEST, Jarkko Sakkinen wrote:
Right and obviously 3rd option is to send a PR to
https://gitlab.com/jarkkojs/linux-tpmdd-test.
I.e. patch file goes to patches/qemu (BR2_GLOBAL_PATCH_DIR
points there).
Stefan, can I do a
then fall back to calculating it from the public key. This way signature
verification will first use the same method to get the key id as the Linux
kernel does.
Signed-off-by: Stefan Berger
---
src/libimaevm.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/libimaevm.c b
On 4/23/24 02:02, Amir Goldstein wrote:
On Mon, Apr 22, 2024 at 6:07 PM Stefan Berger wrote:
This series fixes the detection of read/write violations on stacked
filesystems. To be able to access the relevant dentries necessary to
detect files opened for writing on a stacked filesystem
by again calling d_real. On a normal
filesystem this would return the same dentry as before and on a stacked
filesystem it would return the next-level dentry, so either the upper
or lower dentry of the next lower layer.
Signed-off-by: Stefan Berger
---
security/integrity/ima/ima_main.c | 21
in a stacked filesystem while traversing the layers.
Stefan
v2:
- Simplified 2nd patch
- Improvements on patch description on 1st patch
Stefan Berger (2):
ovl: Define D_REAL_FILEDATA for d_real to return dentry with data
ima: Fix detection of read/write violations on stacked filesystems
. This allows a caller to get all dentries involved in hold
a file's data and iterate through the layers.
Signed-off-by: Stefan Berger
---
fs/overlayfs/super.c | 6 ++
include/linux/dcache.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
, TPM2_TestParms
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Stefan Berger
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
in the key file, so there is no need to specify PCRs when
invoking tpm2_key_protector_init.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Stefan Berger
___
Grub-devel mailing list
Grub-devel@gnu.org
https
will be found first, not the attacker's disk.
Signed-off-by: Gary Lin
Cc: Fabian Vogt
Reviewed-by: Stefan Berger
---
grub-core/disk/diskfilter.c | 35 ++-
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/grub-core/disk/diskfilter.c b/grub-core
image,
try to mount the image with tpm2_key_protector_init and cryptomount, and
verify the result.
Based on the idea from Michael Chang.
Cc: Michael Chang
Cc: Stefan Berger
Signed-off-by: Gary Lin
---
Makefile.util.def| 6 +
tests/tpm2_test.in | 311
` is now set. Print the existing errors out first, before
proceeding with the passphrase.
Cc: Stefan Berger
Signed-off-by: Patrick Colp
Signed-off-by: Gary Lin
Reviewed-by: Stefan Berger
---
grub-core/disk/cryptodisk.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git
, but also because no such
check currently exists for disks and other types of persistent
storage such as NVRAM files, which always get relabeled.
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
---
src/qemu/qemu_tpm.c | 11 ++-
1 file changed, 2 insertions(+), 9 deletions
several layers in order to make use of it.
Note that with this change the list is propagated all the way
through, but its contents are still ignored, so the behavior
remains the same for now.
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
'/'
then. It may be wroth mentioning this in 2/5.
Reviewed-by: Stefan Berger
+
+if (g_strv_contains((const char *const *) overrides, dirpath))
+return true;
+}
+
+return false;
+}
+
int virFileIsSharedFS(const char *path,
- char *const
On 4/17/24 11:20, Andrea Bolognani wrote:
On Wed, Mar 20, 2024 at 09:10:48AM -0700, Andrea Bolognani wrote:
On Wed, Mar 20, 2024 at 10:18:39AM -0400, Stefan Berger wrote:
On 3/20/24 08:23, Peter Krempa wrote:
Did you consider the case when the migration fails and the VM will be
restored
On 4/17/24 09:29, Andrea Bolognani wrote:
As explained in the comment, this can help in scenarios where
a shared filesystem can't be detected as such by libvirt, by
giving the admin the opportunity to provide this information
manually.
Signed-off-by: Andrea Bolognani
---
On 4/17/24 09:29, Andrea Bolognani wrote:
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
---
src/security/security_selinux.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index
On 4/15/24 05:45, Gary Lin wrote:
On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote:
On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11
This patch series is based on "Automatic TPM Disk Unlock"(
On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is
to retrieve the secret key. To defend
such attack, wipe out the cached key when we don't need it.
Signed-off-by: Gary Lin
Cc: Fabian Vogt
Reviewed-by: Stefan Berger
---
grub-core/disk/cryptodisk.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk
the device node on host, it's easy to
implement the essential TCG2 command submission function with the
read/write functions and enable tpm2 module for grub-emu, so that we can
further test TPM key unsealing with grub-emu.
Signed-off-by: Gary Lin
Reviewed-by: Stefan Berger
---
grub-core
off-by: Patrick Colp
Signed-off-by: Gary Lin
Reviewed-by: Stefan Berger
---
grub-core/tpm2/module.c | 25 -
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
index 0ed8f2682..b4d588b0c 100644
--- a/grub-core/t
On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup
to unlock %s%s%s (%s)\n",
+ cargs->protectors[i], source->name,
+source->partition != NULL ? "," : "",
+part != NULL ? part : N_("UNKNOWN"), dev->uuid);
+ grub_free (part);
+
On 4/12/24 14:08, Amir Goldstein wrote:
On Fri, Apr 12, 2024 at 5:01 PM Stefan Berger wrote:
On a stacked filesystem, when one process opens the file holding a file's
data (e.g., on upper or lower layer on overlayfs) then issue a violation
when another process opens the file for reading
On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
A few minor finds/comments below.
The theory of operation is such that the module accepts
otector_unregister (struct grub_key_protector *protector);
+
+grub_err_t
+grub_key_protector_recover_key (const char *protector,
+ grub_uint8_t **key,
+ grub_size_t *key_size);
+
+#endif /* ! GRUB_PROTECTOR_HEADER */
with nit fixed:
Reviewed-by: Stefan Ber
module for libtasn1
-: - > 8: 7a1aced55 libtasn1: Add the documentation
-: ----- > 9: 957b048f2 key_protector: Add key protectors framework
1: ca024f496 ! 10: cbeaf8472 tpm2: Add TPM Software Stack (TSS)
@@ Commit message
TPM2_SequenceComplete, TPM2_Hash, TPM2_Ver
n the boot components, just run the 'sign' command again
to update the signature in sealed.tpm, and TPM can unseal the key file
with the updated PCR policy.
(*1) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
(*2) https://github.com/okirch/pcr-oracle
Signed-off-by: Gary Lin
Reviewed-
On 4/9/24 04:30, Gary Lin via Grub-devel wrote:
For the tpm2 module, the TCG2 command submission function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key,
On 4/12/24 04:39, Gary Lin wrote:
From: Hernan Gatta
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose, submit, and parse TPM commands and responses.
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the
in a stacked filesystem.
Stefan
Stefan Berger (2):
ovl: Define D_REAL_FILEDATA for d_real to return dentry with data
ima: Fix detection of read/write violations on stacked filesystems
fs/overlayfs/super.c | 6 ++
include/linux/dcache.h| 1 +
security
.
Signed-off-by: Stefan Berger
---
fs/overlayfs/super.c | 6 ++
include/linux/dcache.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 06a231970cb5..f466ad89b005 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -36,6
where a violation is generated when one process opens a file for
writing and another one opens the same file for reading. On stacked
filesystem also search all the lower layers for relevant files opened for
writing and issue the violation if one is found.
Signed-off-by: Stefan Berger
t;
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Stefan Berger
---
backends/tpm/tpm_util.c | 24
1 file changed, 8 insertions(+), 16 deletions(-)
diff --git a/backends/tpm/tpm_util.c b/backends/tpm/tpm_util.c
index 1856589c3b..0747af2d1c 100644
--- a/backends/t
t;
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Stefan Berger
---
backends/tpm/tpm_util.c | 24
1 file changed, 8 insertions(+), 16 deletions(-)
diff --git a/backends/tpm/tpm_util.c b/backends/tpm/tpm_util.c
index 1856589c3b..0747af2d1c 100644
--- a/backends/t
On 4/9/24 04:30, Gary Lin via Grub-devel wrote:
From: Hernan Gatta
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose, submit, and parse TPM commands and responses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes
On 3/26/24 12:38, Andrea Bolognani wrote:
On Tue, Mar 26, 2024 at 12:04:21PM -0400, Stefan Berger wrote:
On 3/26/24 11:54, Andrea Bolognani wrote:
On Wed, Mar 20, 2024 at 08:43:24AM -0700, Andrea Bolognani wrote:
On Wed, Mar 20, 2024 at 12:37:37PM +0100, Peter Krempa wrote:
On Wed, Mar
On 3/26/24 11:54, Andrea Bolognani wrote:
On Wed, Mar 20, 2024 at 08:43:24AM -0700, Andrea Bolognani wrote:
On Wed, Mar 20, 2024 at 12:37:37PM +0100, Peter Krempa wrote:
On Wed, Mar 20, 2024 at 10:19:11 +0100, Andrea Bolognani wrote:
+# libvirt will normally prevent migration if the storage
ble
snapshot of the name instead.
Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/
Signed-off-by: Al Viro
Signed-off-by: Stefan Berger
---
security/integrity/ima/ima_api.c | 16
security/integrity/ima/ima_template_lib.c | 17 ++---
2 files
On 3/20/24 11:59, Andrea Bolognani wrote:
On Wed, Mar 20, 2024 at 10:07:11AM -0400, Stefan Berger wrote:
On 3/20/24 05:19, Andrea Bolognani wrote:
+ * qemu: Add ``shared_filesystems`` configuration option
+
+This option can be used to configure libvirt so that migration between two
On 3/20/24 05:19, Andrea Bolognani wrote:
It was clearly copied over from the SELinux driver without
updating its name in the process.
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
___
Devel mailing list -- devel@lists.libvirt.org
On 3/20/24 08:23, Peter Krempa wrote:
On Wed, Mar 20, 2024 at 10:19:14 +0100, Andrea Bolognani wrote:
Up until this point, we have avoided setting labels for
incoming migration when the TPM state is stored on a shared
filesystem. This seems to make sense, because since the
underlying storage
On 3/20/24 05:19, Andrea Bolognani wrote:
Signed-off-by: Andrea Bolognani
---
NEWS.rst | 7 +++
1 file changed, 7 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 489201d3fc..7e17043c2a 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -17,6 +17,13 @@ v10.2.0 (unreleased)
* **New
On 3/20/24 05:19, Andrea Bolognani wrote:
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
___
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-le...@lists.libvirt.org
g ... *)
let entry = default_tls_entry
| vnc_entry
Reviewed-by: Stefan Berger
___
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-le...@lists.libvirt.org
On 3/20/24 05:19, Andrea Bolognani wrote:
The single caller for each function passes the same value
for @src and @parent, which means that we don't really need
the additional API.
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
On 3/20/24 05:19, Andrea Bolognani wrote:
Each one only has a single, trivial caller.
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
___
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-le
On 3/15/24 00:06, Michael Chang via Grub-devel wrote:
On Mon, May 08, 2023 at 01:58:36PM +, Avnish Chouhan wrote:
From: Diego Domingos
This patch enables the device mapper discovery on ofpath.c. Currently,
when we are dealing with a device like /dev/dm-* the ofpath returns null
since
On 3/12/24 11:43, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 10:33 PM EET, Stefan Berger wrote:
On 3/11/24 16:25, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found
On 3/12/24 11:43, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 10:33 PM EET, Stefan Berger wrote:
On 3/11/24 16:25, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found
On 3/12/24 12:22, Rob Herring wrote:
On Tue, Mar 12, 2024 at 09:32:50PM +1100, Michael Ellerman wrote:
Rob Herring writes:
On Fri, Mar 08, 2024 at 07:23:35AM -0500, Stefan Berger wrote:
On 3/7/24 16:52, Rob Herring wrote:
On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote
On 3/12/24 12:22, Rob Herring wrote:
On Tue, Mar 12, 2024 at 09:32:50PM +1100, Michael Ellerman wrote:
Rob Herring writes:
On Fri, Mar 08, 2024 at 07:23:35AM -0500, Stefan Berger wrote:
On 3/7/24 16:52, Rob Herring wrote:
On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote
On 3/12/24 11:50, Jarkko Sakkinen wrote:
On Tue Mar 12, 2024 at 12:35 PM EET, Michael Ellerman wrote:
Stefan Berger writes:
On 3/7/24 15:00, Jarkko Sakkinen wrote:
On Thu Mar 7, 2024 at 9:57 PM EET, Jarkko Sakkinen wrote:
in short summary: s/Use/use/
On Wed Mar 6, 2024 at 5:55 PM EET
On 3/12/24 11:50, Jarkko Sakkinen wrote:
On Tue Mar 12, 2024 at 12:35 PM EET, Michael Ellerman wrote:
Stefan Berger writes:
On 3/7/24 15:00, Jarkko Sakkinen wrote:
On Thu Mar 7, 2024 at 9:57 PM EET, Jarkko Sakkinen wrote:
in short summary: s/Use/use/
On Wed Mar 6, 2024 at 5:55 PM EET
On 3/12/24 07:11, Lukas Wunner wrote:
On Mon, Mar 11, 2024 at 09:20:29AM -0400, Stefan Berger wrote:
Add linux,sml-log, which carries the firmware TPM log in a uint8-array, to
the properties. Either this property is required or both linux,sml-base and
linux,sml-size are required. Add a test
On 3/12/24 07:11, Lukas Wunner wrote:
On Mon, Mar 11, 2024 at 09:20:29AM -0400, Stefan Berger wrote:
Add linux,sml-log, which carries the firmware TPM log in a uint8-array, to
the properties. Either this property is required or both linux,sml-base and
linux,sml-size are required. Add a test
On 3/11/24 16:25, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found in linux,sml-base. This resolves an issue on PowerVM and KVM
on Power where after a kexec the memory pointed
On 3/11/24 16:25, Jarkko Sakkinen wrote:
On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
If linux,sml-log is available use it to get the TPM log rather than the
pointer found in linux,sml-base. This resolves an issue on PowerVM and KVM
on Power where after a kexec the memory pointed
On 3/11/24 13:24, Christophe Leroy wrote:
Le 11/03/2024 à 14:20, Stefan Berger a écrit :
linux,sml-base holds the address of a buffer with the TPM log. This
buffer may become invalid after a kexec. To avoid accessing an invalid
address or corrupted buffer, embed the whole TPM log
1 - 100 of 7291 matches
Mail list logo