Re: [PATCH 15/23] block: remove blk_part_pack_uuid

On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote: > This helper was only used by IMA of all things, which would get spurious > errors if CONFIG_BLOCK is disabled. Just opencode the call there. > > Signed-off-by: Christoph Hellwig Acked-by: Mimi Zohar > --- > inc

Re: [PATCH 16/23] ima/policy: switch to use uuid_t

On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote: > Signed-off-by: Christoph Hellwig Thanks! Acked-by: Mimi Zohar > --- > security/integrity/ima/ima_policy.c | 11 +-- > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/security/integrit

Re: [PATCH 17/23] fs: switch ->s_uuid to uuid_t

On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote: > For some file systems we still memcpy into it, but in various places this > already allows us to use the proper uuid helpers. More to come.. > > Signed-off-by: Christoph Hellwig Acked-by: Mimi Zohar  (Change

Re: [PATCH 02/11] libnvdimm/security: change clear text nvdimm keys to encrypted keys

On Fri, 2018-11-09 at 15:13 -0700, Dave Jiang wrote: > In order to make nvdimm more secure, encrypted keys will be used instead of > clear text keys. A master key will be created to seal encrypted nvdimm > keys. The master key can be a trusted key generated from TPM 2.0 or a less > secure user key.

Re: [PATCH 02/11] libnvdimm/security: change clear text nvdimm keys to encrypted keys

> > Traditionally there is a single master key for the system, which would > > be sealed to a set of boot time PCR values. After decrypting all of > > the encrypted keys, the master key would be removed from the keyring > > and a PCR extended. Extending a PCR would prevent the master key from > >

Re: [PATCH 02/11] libnvdimm/security: change clear text nvdimm keys to encrypted keys

On Mon, 2018-11-12 at 08:42 -0700, Dave Jiang wrote: > How does one generate new encrypted keys with the system masterkey > removed from the keyring? I don't think you can. Mimi ___ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01

Re: [PATCH 02/11] libnvdimm/security: change clear text nvdimm keys to encrypted keys

On Mon, 2018-11-12 at 08:45 -0700, Dave Jiang wrote: > > Using trusted keys that are encrypted/decrypted using a user key > > should really be limited to testing environments. > > Do you have any recommendation for systems that do not support TPM? The TPM provides certain security guarantees, wh

Re: [PATCH 01/11] keys-encrypted: add nvdimm key format type to encrypted keys

On Tue, 2018-11-27 at 09:20 -0700, Dave Jiang wrote: > > On 11/27/18 12:20 AM, Dan Williams wrote: > > On Fri, Nov 9, 2018 at 2:13 PM Dave Jiang wrote: > >> > >> Adding nvdimm key format type to encrypted keys in order to limit the size > > > > s/Adding/Add an/ > > > >> of the key to 32-bytes.

Re: [PATCH 01/11] keys-encrypted: add nvdimm key format type to encrypted keys

On Tue, 2018-11-27 at 11:10 -0800, Dan Williams wrote: > On Tue, Nov 27, 2018 at 10:24 AM Mimi Zohar wrote: > > > > On Tue, 2018-11-27 at 09:20 -0700, Dave Jiang wrote: > > > > > > On 11/27/18 12:20 AM, Dan Williams wrote: > > > > On

Re: [PATCH 01/11] keys-encrypted: add nvdimm key format type to encrypted keys

On Tue, 2018-11-27 at 11:48 -0800, Dan Williams wrote: > I was thinking that the generic-length *is* the format. This does not > work for ecyptfs because it has that: > > payload_datalen = sizeof(struct ecryptfs_auth_tok); > > ...detail that is ecryptfs specific. For nvdimm the only detail o

Re: [PATCH v13 04/17] keys-encrypted: add nvdimm key format type to encrypted keys

On Tue, 2018-12-11 at 13:25 -0700, Dave Jiang wrote: > Adding nvdimm key format type to encrypted keys in order to limit the size > of the key to 32bytes. > > Signed-off-by: Dave Jiang > Signed-off-by: Dan Williams Acked-by: Mimi Zohar > --- > Documentation/

Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM

Hi Dan, On Mon, 2019-03-18 at 17:30 -0700, Dan Williams wrote: Sorry for the late reply. > On Mon, Mar 18, 2019 at 5:24 PM James Bottomley wrote: > > > > On Mon, 2019-03-18 at 16:45 -0700, Dan Williams wrote: > > > Rather than fail initialization of the trusted.ko module, arrange for > > > the

Re: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key()

On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote: < snip > > +/* > + * request_trusted_key - request the trusted key > + * > + * Trusted keys are sealed to PCRs and other metadata. Although userspace > + * manages both trusted/encrypted key-types, like the encrypted key type > + * data, trus

Re: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key()

On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote: > On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar wrote: > > On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote: > > > > diff --git a/security/keys/key.c b/security/keys/key.c > > > index 696f1c092c50..9045b62afb

Re: [PATCH 0/6] security/keys/encrypted: Break module dependency chain

On Tue, 2019-03-19 at 14:08 -0700, James Bottomley wrote: > On Tue, 2019-03-19 at 14:01 -0700, Dan Williams wrote: > > On Mon, Mar 18, 2019 at 11:18 PM Dan Williams > om> wrote: > > > > > > With v5.1-rc1 all the nvdimm sub-system regression tests started > > > failing because the libnvdimm module

Re: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key()

On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote: > On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar wrote: > > > > On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote: > > > > < snip > > > > > > +/* > > > + * request_trusted_key - req

Re: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key()

On Tue, 2019-03-19 at 22:48 -0700, Dan Williams wrote: > On Tue, Mar 19, 2019 at 7:36 PM Mimi Zohar wrote: > > > > On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote: > > > On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar wrote: > > > > > > > > On Mo