date:20190616

Re: [PATCH v1 24/31] docs: iio: convert to ReST

2019-06-16 Thread Jonathan Cameron

On Wed, 12 Jun 2019 15:38:27 -0300
Mauro Carvalho Chehab  wrote:

> Rename the iio documentation files to ReST, add an
> index for them and adjust in order to produce a nice html
> output via the Sphinx build system.
> 
> At its new index.rst, let's add a :orphan: while this is not linked to
> the main index.rst file, in order to avoid build warnings.
> 
> Signed-off-by: Mauro Carvalho Chehab 
Thanks, looks good to me.   At some point we need to look at how
to tie together the various IIO docs as they are split between
here and the driver-api/iio/ directory.  That split isn't currently
along particularly logical lines.

Acked-by: Jonathan Cameron 

Thanks for tidying this up!

Jonathan
> ---
>  .../iio/{ep93xx_adc.txt => ep93xx_adc.rst}| 15 +-
>  .../{iio_configfs.txt => iio_configfs.rst}| 52 +++
>  Documentation/iio/index.rst   | 12 +
>  drivers/iio/Kconfig   |  2 +-
>  4 files changed, 56 insertions(+), 25 deletions(-)
>  rename Documentation/iio/{ep93xx_adc.txt => ep93xx_adc.rst} (71%)
>  rename Documentation/iio/{iio_configfs.txt => iio_configfs.rst} (73%)
>  create mode 100644 Documentation/iio/index.rst
> 
> diff --git a/Documentation/iio/ep93xx_adc.txt 
> b/Documentation/iio/ep93xx_adc.rst
> similarity index 71%
> rename from Documentation/iio/ep93xx_adc.txt
> rename to Documentation/iio/ep93xx_adc.rst
> index 23053e7817bd..4fd8dea3f6b8 100644
> --- a/Documentation/iio/ep93xx_adc.txt
> +++ b/Documentation/iio/ep93xx_adc.rst
> @@ -1,12 +1,16 @@
> -Cirrus Logic EP93xx ADC driver.
> +==
> +Cirrus Logic EP93xx ADC driver
> +==
>  
>  1. Overview
> +===
>  
>  The driver is intended to work on both low-end (EP9301, EP9302) devices with
>  5-channel ADC and high-end (EP9307, EP9312, EP9315) devices with 10-channel
>  touchscreen/ADC module.
>  
>  2. Channel numbering
> +
>  
>  Numbering scheme for channels 0..4 is defined in EP9301 and EP9302 
> datasheets.
>  EP9307, EP9312 and EP9312 have 3 channels more (total 8), but the numbering 
> is
> @@ -17,13 +21,20 @@ Assuming ep93xx_adc is IIO device0, you'd find the 
> following entries under
>  
>+-+---+
>| sysfs entry | ball/pin name |
> -  +-+---+
> +  +=+===+
>| in_voltage0_raw | YM|
> +  +-+---+
>| in_voltage1_raw | SXP   |
> +  +-+---+
>| in_voltage2_raw | SXM   |
> +  +-+---+
>| in_voltage3_raw | SYP   |
> +  +-+---+
>| in_voltage4_raw | SYM   |
> +  +-+---+
>| in_voltage5_raw | XP|
> +  +-+---+
>| in_voltage6_raw | XM|
> +  +-+---+
>| in_voltage7_raw | YP|
>+-+---+
> diff --git a/Documentation/iio/iio_configfs.txt 
> b/Documentation/iio/iio_configfs.rst
> similarity index 73%
> rename from Documentation/iio/iio_configfs.txt
> rename to Documentation/iio/iio_configfs.rst
> index 4e5f101837a8..ecbfdb3afef7 100644
> --- a/Documentation/iio/iio_configfs.txt
> +++ b/Documentation/iio/iio_configfs.rst
> @@ -1,6 +1,9 @@
> +===
>  Industrial IIO configfs support
> +===
>  
>  1. Overview
> +===
>  
>  Configfs is a filesystem-based manager of kernel objects. IIO uses some
>  objects that could be easily configured using configfs (e.g.: devices,
> @@ -10,20 +13,22 @@ See Documentation/filesystems/configfs/configfs.txt for 
> more information
>  about how configfs works.
>  
>  2. Usage
> +
>  
>  In order to use configfs support in IIO we need to select it at compile
>  time via CONFIG_IIO_CONFIGFS config option.
>  
> -Then, mount the configfs filesystem (usually under /config directory):
> +Then, mount the configfs filesystem (usually under /config directory)::
>  
> -$ mkdir /config
> -$ mount -t configfs none /config
> +  $ mkdir /config
> +  $ mount -t configfs none /config
>  
>  At this point, all default IIO groups will be created and can be accessed
>  under /config/iio. Next chapters will describe available IIO configuration
>  objects.
>  
>  3. Software triggers
> +
>  
>  One of the IIO default configfs groups is the "triggers" group. It is
>  automagically accessible when the configfs is mounted and can be found
> @@ -31,40 +36,40 @@ under /config/iio/triggers.
>  
>  IIO software triggers implementation offers support for creating multiple
>  trigger types. A new trigger type is usually implemented as a separate
> -kernel module following the interface in include/linux/iio/sw_trigger.h:
> +kernel module following the interface in include/linux/iio/sw_trigger.h::
>  
> -/*

Re: [PATCH 14/14] docs: sphinx/kernel_abi.py: fix UTF-8 support

2019-06-16 Thread Markus Heiser




Am 14.06.19 um 18:25 schrieb Mauro Carvalho Chehab:

Em Fri, 14 Jun 2019 18:18:37 +0200
Greg Kroah-Hartman  escreveu:


On Thu, Jun 13, 2019 at 11:04:20PM -0300, Mauro Carvalho Chehab wrote:

The parser breaks with UTF-8 characters with Sphinx 1.4.

Signed-off-by: Mauro Carvalho Chehab 
---
  Documentation/sphinx/kernel_abi.py | 10 ++
  1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Documentation/sphinx/kernel_abi.py 
b/Documentation/sphinx/kernel_abi.py
index 7fa7806532dc..460cee48a245 100644
--- a/Documentation/sphinx/kernel_abi.py
+++ b/Documentation/sphinx/kernel_abi.py
@@ -1,4 +1,5 @@
-# -*- coding: utf-8; mode: python -*-
+# coding=utf-8
+#


Is this an emacs vs. vim fight?


No. This is a python-specific thing:

https://www.python.org/dev/peps/pep-0263/


No need to change, the emacs notation is also OK, see your link

  """or (using formats recognized by popular editors):"""

  https://www.python.org/dev/peps/pep-0263/#defining-the-encoding

I prefer emacs notation, this is also evaluated by many other editors / tools.

-- Markus --

Re: [PATCH 12/14] doc-rst: add ABI documentation to the admin-guide book

2019-06-16 Thread Markus Heiser


Am 14.06.19 um 16:15 schrieb Jonathan Corbet:

On Fri, 14 Jun 2019 16:10:31 +0200
Markus Heiser  wrote:


I agree with Jani. No matter how the decision ends, since I can't help here, I'd
rather not show up in the copyright.


Is there something specific you are asking us to do here?




I have lost the overview, but there was a patch Mauro added a
kernel_abi.py.  There was my name (Markus Heiser) listed with a
copyright notation.

I guess Mauro picked up some old RFC or an other old patch of
mine from 2016 and made some C&P .. whatever .. ATM I do not have
time to give any support on parsing ABI and I'am not interested
in holding copyrights on a C&P of a old source  ;)

-- Markus --

Re: [PATCH v4 00/14] ima: introduce IMA Digest Lists extension

2019-06-16 Thread Roberto Sassu


On 6/14/2019 7:54 PM, Roberto Sassu wrote:

This patch set introduces a new IMA extension called IMA Digest Lists.

At early boot, the extension preloads in kernel memory reference digest
values, that can be compared with actual file digests when files are
accessed in the system.

The extension will open for new possibilities: PCR with predictable value,
that can be used for sealing policies associated to data or TPM keys;
appraisal based on reference digests already provided by Linux distribution
vendors in the software packages.

The first objective can be achieved because the PCR values does not depend
on which and when files are measured: the extension measures digest lists
sequentially and files whose digest is not in the digest list.

The second objective can be reached because the extension is able to
extract reference measurements from packages (with a user space tool) and
use it as a source for appraisal verification as the reference came from
the security.ima xattr. This approach will also reduce the overhead as only
one signature is verified for many files (as opposed to one signature for
each file with the current implementation).

This version of the patch set provides a clear separation between current
and new functionality. First, the new functionality must be explicitly
enabled from the kernel command line. Second, results of operations
performed by the extension can be distinguished from those obtained from
the existing code: measurement entries created by the extension have a
different PCR; mutable files appraised with the extension have a different
security.ima type.

The review of this patch set should start from patch 11 and 12, which
modify the IMA-Measure and IMA-Appraise submodules to use digest lists.
Patch 1 to 5 are prerequisites. Patch 6 to 10 adds support for digest
lists. Finally, patch 13 introduces two new policies to measure/appraise
rootfs and patch 14 adds the documentation (including a flow chart to
show how IMA has been modified).

The user space tools to configure digest lists are available at:

https://github.com/euleros/digest-list-tools/releases/tag/v0.3

The patch set applies on top of linux-integrity/next-queued-testing
(73589972b987).

It is necessary to apply also:
https://patchwork.kernel.org/cover/10957495/


Another dependency is:

https://patchwork.kernel.org/cover/10979341/

Roberto



To use appraisal, it is necessary to use a modified cpio and a modified
dracut:

https://github.com/euleros/cpio/tree/xattr-v1
https://github.com/euleros/dracut/tree/digest-lists

For now, please use it only in a testing environment.


Changelog

v3:
- move ima_lookup_loaded_digest() and ima_add_digest_data_entry() from
   ima_queue.c to ima_digest_list.c
- remove patch that introduces security.ima_algo
- add version number and type modifiers to the compact list header
- remove digest list metadata, all digest lists in the directory are
   accessed
- move loading of signing keys to user space
- add violation for both PCRs if they are selected
- introduce two new appraisal modes

v2:
- add support for multiple hash algorithms
- remove RPM parser from the kernel
- add support for parsing digest lists in user space

v1:
- add support for immutable/mutable files
- add support for appraisal with digest lists


Roberto Sassu (14):
   ima: read hash algorithm from security.ima even if appraisal is not
 enabled
   ima: generalize ima_read_policy()
   ima: generalize ima_write_policy() and raise uploaded data size limit
   ima: generalize policy file operations
   ima: use ima_show_htable_value to show violations and hash table data
   ima: add parser of compact digest list
   ima: restrict upload of converted digest lists
   ima: prevent usage of digest lists that are not measured/appraised
   ima: introduce new securityfs files
   ima: load parser digests and execute the parser at boot time
   ima: add support for measurement with digest lists
   ima: add support for appraisal with digest lists
   ima: introduce new policies initrd and appraise_initrd
   ima: add Documentation/security/IMA-digest-lists.txt

  .../admin-guide/kernel-parameters.txt |  16 +-
  Documentation/security/IMA-digest-lists.txt   | 226 +
  include/linux/evm.h   |   6 +
  include/linux/fs.h|   1 +
  security/integrity/evm/evm_main.c |   2 +-
  security/integrity/iint.c |   1 +
  security/integrity/ima/Kconfig|  25 ++
  security/integrity/ima/Makefile   |   1 +
  security/integrity/ima/ima.h  |  32 +-
  security/integrity/ima/ima_api.c  |  43 ++-
  security/integrity/ima/ima_appraise.c |  92 +++---
  security/integrity/ima/ima_digest_list.c  | 309 ++
  security/integrity/ima/ima_digest_list.h  |  69 
  security/integrity/ima/ima_fs.c   | 224 -
  security/integrity/ima/ima_init.c

Re: [PATCH v1 24/31] docs: iio: convert to ReST

Re: [PATCH 14/14] docs: sphinx/kernel_abi.py: fix UTF-8 support

Re: [PATCH 12/14] doc-rst: add ABI documentation to the admin-guide book

Re: [PATCH v4 00/14] ima: introduce IMA Digest Lists extension

4 matches

Site Navigation

Mail list logo

Footer information