Hi I will be on LSS EU, I will catch you after your presentation for a short (or not short) conversation.
Thanks, Lukasz On Fri, 2019-10-18 at 13:27 +0000, Paul Moore (pmoore2) via tboot-devel wrote: > On Thu, 2019-09-19 at 15:39 +0000, Paul Moore (pmoore2) via tboot-devel > wrote: > > Hello, > > > > I've been working on adding PECOFF/kernel signature verification to > > tboot and now that I have a rough working prototype I wanted to bring > > it to the list to see if this is something the tboot community would > > be interested in eventually merging (once the work is more complete > > and polished). > > > > The patchset is quite large, mostly due to the inclusion of > > libtomcrypt and libtomfastmath to the tboot repository, so I'm going > > to refrain from spamming the list with the full patchset at this early > > stage. The current patchset can be found on GitHub at the URL below > > (look in the "working-txtsig" branch): > > > > * > > https://github.com/pcmoore/misc-tboot/tree/working-txtsig > > > > > > I've updated the working-txtsig branch with a number of fixes relating > to the ASN.1/PKCS parsing code as well as improved signing/hash > algorithm support (previously limited to SHA256) and the ability to > verify kernels using variable length certificate chains (previously > limited to the immediate signer). Work on adding certificate support to > the tboot launch control policy is ongoing (it's the next major work > item), but the prototype contains a hard coded Fedora CA which should be > able to verify any modern Fedora kernel. Just as before, if you have > any questions, concerns, or feedback please get in touch on-list or > privately. > > I'll be giving an updated presentation on this effort at the Linux > Security Summit EU later this month, if you are in the area please stop > by and introduce yourself - I'd love to talk about TXT/tboot! > > https://events19.linuxfoundation.org/events/linux-security-summit-europe-2019 > > > Thanks, > -Paul > > > _______________________________________________ > tboot-devel mailing list > tboot-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
