On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote:
> This helper was only used by IMA of all things, which would get spurious
> errors if CONFIG_BLOCK is disabled. Just opencode the call there.
>
> Signed-off-by: Christoph Hellwig
Acked-by: Mimi Zohar
> ---
> inc
On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote:
> Signed-off-by: Christoph Hellwig
Thanks!
Acked-by: Mimi Zohar
> ---
> security/integrity/ima/ima_policy.c | 11 +--
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/security/integrit
On Thu, 2017-05-18 at 08:26 +0200, Christoph Hellwig wrote:
> For some file systems we still memcpy into it, but in various places this
> already allows us to use the proper uuid helpers. More to come..
>
> Signed-off-by: Christoph Hellwig
Acked-by: Mimi Zohar (Change
On Fri, 2018-11-09 at 15:13 -0700, Dave Jiang wrote:
> In order to make nvdimm more secure, encrypted keys will be used instead of
> clear text keys. A master key will be created to seal encrypted nvdimm
> keys. The master key can be a trusted key generated from TPM 2.0 or a less
> secure user key.
> > Traditionally there is a single master key for the system, which would
> > be sealed to a set of boot time PCR values. After decrypting all of
> > the encrypted keys, the master key would be removed from the keyring
> > and a PCR extended. Extending a PCR would prevent the master key from
> >
On Mon, 2018-11-12 at 08:42 -0700, Dave Jiang wrote:
> How does one generate new encrypted keys with the system masterkey
> removed from the keyring?
I don't think you can.
Mimi
___
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01
On Mon, 2018-11-12 at 08:45 -0700, Dave Jiang wrote:
> > Using trusted keys that are encrypted/decrypted using a user key
> > should really be limited to testing environments.
>
> Do you have any recommendation for systems that do not support TPM?
The TPM provides certain security guarantees, wh
On Tue, 2018-11-27 at 09:20 -0700, Dave Jiang wrote:
>
> On 11/27/18 12:20 AM, Dan Williams wrote:
> > On Fri, Nov 9, 2018 at 2:13 PM Dave Jiang wrote:
> >>
> >> Adding nvdimm key format type to encrypted keys in order to limit the size
> >
> > s/Adding/Add an/
> >
> >> of the key to 32-bytes.
On Tue, 2018-11-27 at 11:10 -0800, Dan Williams wrote:
> On Tue, Nov 27, 2018 at 10:24 AM Mimi Zohar wrote:
> >
> > On Tue, 2018-11-27 at 09:20 -0700, Dave Jiang wrote:
> > >
> > > On 11/27/18 12:20 AM, Dan Williams wrote:
> > > > On
On Tue, 2018-11-27 at 11:48 -0800, Dan Williams wrote:
> I was thinking that the generic-length *is* the format. This does not
> work for ecyptfs because it has that:
>
> payload_datalen = sizeof(struct ecryptfs_auth_tok);
>
> ...detail that is ecryptfs specific. For nvdimm the only detail o
On Tue, 2018-12-11 at 13:25 -0700, Dave Jiang wrote:
> Adding nvdimm key format type to encrypted keys in order to limit the size
> of the key to 32bytes.
>
> Signed-off-by: Dave Jiang
> Signed-off-by: Dan Williams
Acked-by: Mimi Zohar
> ---
> Documentation/
Hi Dan,
On Mon, 2019-03-18 at 17:30 -0700, Dan Williams wrote:
Sorry for the late reply.
> On Mon, Mar 18, 2019 at 5:24 PM James Bottomley wrote:
> >
> > On Mon, 2019-03-18 at 16:45 -0700, Dan Williams wrote:
> > > Rather than fail initialization of the trusted.ko module, arrange for
> > > the
On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote:
< snip >
> +/*
> + * request_trusted_key - request the trusted key
> + *
> + * Trusted keys are sealed to PCRs and other metadata. Although userspace
> + * manages both trusted/encrypted key-types, like the encrypted key type
> + * data, trus
On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote:
> On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar wrote:
> > On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote:
>
> > > diff --git a/security/keys/key.c b/security/keys/key.c
> > > index 696f1c092c50..9045b62afb
On Tue, 2019-03-19 at 14:08 -0700, James Bottomley wrote:
> On Tue, 2019-03-19 at 14:01 -0700, Dan Williams wrote:
> > On Mon, Mar 18, 2019 at 11:18 PM Dan Williams > om> wrote:
> > >
> > > With v5.1-rc1 all the nvdimm sub-system regression tests started
> > > failing because the libnvdimm module
On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote:
> On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar wrote:
> >
> > On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote:
> >
> > < snip >
> >
> > > +/*
> > > + * request_trusted_key - req
On Tue, 2019-03-19 at 22:48 -0700, Dan Williams wrote:
> On Tue, Mar 19, 2019 at 7:36 PM Mimi Zohar wrote:
> >
> > On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote:
> > > On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar wrote:
> > > >
> > > > On Mo
17 matches
Mail list logo