long form format against
Authority Key Identifier.
Cc: David Howells
Cc: Rusty Russell
Cc: Josh Boyer
Cc: Randy Dunlap
Cc: Herbert Xu
Cc: "David S. Miller"
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/x509_cert_parser.c | 56
1 files c
long form format against
Authority Key Identifier.
Cc: David Howells
Cc: Rusty Russell
Cc: Josh Boyer
Cc: Randy Dunlap
Cc: Herbert Xu
Cc: "David S. Miller"
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/x509_cert_parser.c | 56
1 files c
y: Matthew Garrett
Acked-by: Greg Kroah-Hartman
Signed-off-by: Lee, Chun-Yi
---
drivers/gpu/Makefile |2 +-
drivers/gpu/stub/Kconfig | 18
drivers/gpu/stub/Makefile |1 -
drivers/gpu/stub/poulsbo.c | 64
drivers/vid
From: Chun-Yi Lee
Per X.509 spec in 4.2.1.1 section, the structure of Authority Key
Identifier Extension is:
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNamesOPTIONAL,
UEFI variable filesystem need a new mount point, so this patch add
efivars kobject to efi_kobj for create a /sys/firmware/efi/efivars
folder.
Cc: Matt Fleming
Cc: Jeremy Kerr
Cc: Matthew Garrett
Cc: H. Peter Anvin
Signed-off-by: Lee, Chun-Yi
---
drivers/firmware/efivars.c | 11
From: Chun-Yi Lee
Per PKCS1 spec, the EMSA-PKCS1-v1_5 encoded message is leading by 0x00 0x01 in
its first 2 bytes. The leading zero byte is suppressed by MPI so we pass a
pointer to the _preceding_ byte to RSA_verify() in original code, but it has
risk for the byte is not zero because it's not i
RIFICATION kernel config to earlier patch.
- Add dummy functions to simplify the ifdef check.
- Sent to opensuse-ker...@opensuse.org for review:
http://lists.opensuse.org/opensuse-kernel/2013-08/msg00025.html
V1:
- Internal review
- github:
https://github.com/joeyli/linux-s4sign/commit
te to zero in EM and copy the
remaining bytes from _EM.
V2:
- Check the memory allocate result of EM to avoid use it when allocate fail.
Cc: Pavel Machek
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa.c | 20 +++-
1 files changed, 15 insert
el naming convention, it useful when look at them with
spec.
Reference: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1v2/pkcs1ietffinal.txt
Reference:
http://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf
Cc: Pavel Machek
Reviewed-by: Jiri Kosina
Signed-off-by: Lee
go in struct pkcs8_info because it does
not help on reduce memory space.
- Replace privkey_algo by pkey_algo in struct pkcs8_info to simplify naming.
Cc: Pavel Machek
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/Kconfig | 11 ++
c
www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf
V2:
- Clean up naming of variable: replace _EM by EM, replace EM by EM_tmp.
- Add comment to EMSA_PKCS1-v1_5-ENCODE function.
Cc: Pavel Machek
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asym
mage. It makes sure the new sign key will be
transfer to resume target kernel.
- Set "depends on EFI_STUB" in Kconfig
V2:
Add CONFIG_SNAPSHOT_VERIFICATION for build of hibernate_keys.c depend on
Kconfig.
Cc: Matthew Garrett
Cc: Takashi Iwai
Reviewed-by: Jiri Kosina
Signed-off-by: Lee,
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa.c | 29 -
1 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index aac8b77..a092aac 100644
--- a/crypto/asymmetric_keys/rsa.c
+++
This patch introduced SNAPSHOT_SIG_HASH config for user to select which
hash algorithm will be used during signature generation of snapshot.
v2:
Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
declare pkey_hash().
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
ed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/power.h| 13 ++
kernel/power/snapshot.c | 288 ++-
kernel/power/swap.c |4 +
kernel/power/user.c |5 +
4 files changed, 307 insertions(+), 3 deletions(-)
diff --git a/k
Show the verification time for monitor the performance of SHA256 and RSA
verification.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/snapshot.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/kernel/power/snapshot.c b/kernel/power
This patch add swsusp_page_is_sign_key() method to hibernate_key.c and
check the page is S4 sign key data when collect saveable page in
snapshot.c to avoid sign key data included in snapshot image.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/snapshot.c |6
off)
taint kernel when signature check fail or didn't find key-pair.
V3:
Use helper function secure_hibernate() to reduce ifdef block.
V2:
Replace sign_key_data_loaded() by skey_data_available() to check sign key data
is available for hibernate.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee,
it through snapshot_sig_enforce parameter or
EFI_SECURE_BOOT_SNAPSHOT_SIG_ENFORCE.
Signed-off-by: Lee, Chun-Yi
---
Documentation/kernel-parameters.txt |7 +++
arch/x86/Kconfig| 11 +++
include/linux/kernel.h |1 +
include/linux/suspend.h
() in hibernate.c and user.c
Cc: Matthew Garrett
Signed-off-by: Lee, Chun-Yi
---
kernel/power/Kconfig | 15 +
kernel/power/hibernate.c |4 ++-
kernel/power/hibernate_keys.c | 67 +
kernel/power/power.h |5
Add generate_signature interface on signature.c, asymmetric-subtype and
rsa.c for prepare to implement signature generation.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/private_key.h | 29 +
crypto/asymmetric_keys/public_key.c
f
Cc: Pavel Machek
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa.c | 33 -
1 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index 352ba45..aac8b77 1
;[PATCH] X.509: Remove
certificate date checks":
https://lkml.org/lkml/2013/3/14/257
This patch removed the validity check of certificate date but still keep
the valid_from and valid_to fields for future usage.
Signed-off-by: Lee, Chun-Yi
cc: David Howells
cc: David Woodhouse
cc: Rusty Ru
r
Cc: Ingo Molnar
Cc: Jan Beulich
Signed-off-by: Lee, Chun-Yi
---
drivers/rtc/rtc-efi.c| 20 +---
include/uapi/linux/rtc.h |1 +
2 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/drivers/rtc/rtc-efi.c b/drivers/rtc/rtc-efi.c
index c9f890b..4e74ec0 100644
IE_EMUL to emulate
RTC_UIE on rtc-efi.
Cc: Matt Fleming
Cc: H. Peter Anvin
Cc: Matthew Garrett
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: Jan Beulich
Signed-off-by: Lee, Chun-Yi
---
drivers/rtc/rtc-efi.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/rtc/r
.
Cc: Matt Fleming
Cc: H. Peter Anvin
Cc: Matthew Garrett
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: Jan Beulich
Signed-off-by: Lee, Chun-Yi
---
arch/x86/platform/efi/efi.c | 20
drivers/rtc/Kconfig |2 +-
2 files changed, 21 insertions(+), 1 deletions(-)
diff
good for debug and discover typo.
Cc: Matthew Garrett
Cc: H. Peter Anvin
Cc: Matt Fleming
Signed-off-by: Lee, Chun-Yi
---
arch/x86/boot/compressed/eboot.c | 26 +++---
1 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/arch/x86/boot/compressed/eboot.c
161.
Found = in conditional, should be == at scripts/sign-file line 159.
This patch change replace '=' by '==' in elsif conditions for avoid the above
warning messages.
Signed-off-by: Lee, Chun-Yi
---
scripts/sign-file |6 +++---
1 files changed, 3 insertions(+), 3 deleti
From: Chun-Yi Lee
Per X.509 spec in 4.2.1.1 section, the structure of Authority Key
Identifier Extension is:
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNamesOPTIONAL,
From: Chun-Yi Lee
Per PKCS1 spec, the EMSA-PKCS1-v1_5 encoded message is leading by 0x00 0x01 in
its first 2 bytes. The leading zero byte is suppressed by MPI so we pass a
pointer to the _preceding_ byte to RSA_verify() in original code, but it has
risk for the byte is not zero because it's not i
: Also unregister cooling devices.
Tested-by: Andrzej Krentosz
Cc: Zhang Rui
Cc: Len Brown
Cc: Rafael J. Wysocki
Cc: Carlos Corbacho
Cc: Matthew Garrett
Cc: Dmitry Torokhov
Cc: Corentin Chary
Cc: Aaron Lu
Cc: Thomas Renninger
Signed-off-by: Lee, Chun-Yi
---
drivers/acpi/video.c | 54
d the information statement of keeping acpi video driver.
Tested-by: Andrzej Krentosz
Cc: Zhang Rui
Cc: Len Brown
Cc: Carlos Corbacho
Cc: Matthew Garrett
Cc: Dmitry Torokhov
Cc: Corentin Chary
Cc: Rafael J. Wysocki
Cc: Aaron Lu
Cc: Thomas Renninger
Signed-off-by: Lee, Chun-Yi
---
drivers/platfor
From: Chun-Yi Lee
Per PKCS1 spec, the EMSA-PKCS1-v1_5 encoded message is leading by 0x00 0x01 in
its first 2 bytes. The leading zero byte is suppressed by MPI so we pass a
pointer to the _preceding_ byte to RSA_verify() in original code, but it has
risk for the byte is not zero because it's not i
From: Chun-Yi Lee
Per PKCS1 spec, the EMSA-PKCS1-v1_5 encoded message is leading by 0x00 0x01 in
its first 2 bytes. The leading zero byte is suppressed by MPI so we pass a
pointer to the _preceding_ byte to RSA_verify() in original code, but it has
risk for the byte is not zero because it's not i
ign
Josh Boyer (1):
Secure boot: Add a dummy kernel parameter that will switch on Secure
Boot mode
Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
asymmetric keys: separate th
Add generate_signature interface on signature.c, asymmetric-subtype and
rsa.c for prepare to implement signature generation.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/private_key.h | 29 +
crypto/asymmetric_keys/public_key.c
ign
Josh Boyer (1):
Secure boot: Add a dummy kernel parameter that will switch on Secure
Boot mode
Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
asymmetric keys: separate th
Add generate_signature interface on signature.c, asymmetric-subtype and
rsa.c for prepare to implement signature generation.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/private_key.h | 29 +
crypto/asymmetric_keys/public_key.c
ature
after implement RSASP1.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa.c | 158 +-
include/crypto/public_key.h |2 +
2 files changed, 158 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa
Implement Octet String to Integer conversion [RFC3447 sec 4.2] in rsa.c. It's
the second step of signature generation operation.
This patch is temporary set non-RSASP1 message to pks->S for debugging.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa.
: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa.c | 33 -
1 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index 6996ff7..c26ae77 100644
--- a/crypto/asymmetric_keys/rsa.c
+++ b/crypto/asymmetric
te to zero in EM and copy the
remaining bytes from _EM.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa.c | 14 ++
1 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
in
Implement RSASP1 and fill-in the following data to public key signature
structure: signature length (pkcs->k), signature octet
strings (pks->S) and MPI of signature (pks->rsa.s).
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/rsa
tificate parser
+ *
+ * Copyright (C) 2013 SUSE Linux Products GmbH. All rights reserved.
+ * Written by Lee, Chun-Yi (j...@suse.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Soft
27;ll then strip it from the initial
capability set if required.
Signed-off-by: Matthew Garrett
Acked-by: Lee, Chun-Yi
Signed-off-by: Lee, Chun-Yi
---
include/uapi/linux/capability.h |6 +-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/include/uapi/linux/capability.h b/in
depends on EFI_STUB" in Kconfig
v2:
Add CONFIG_SNAPSHOT_VERIFICATION for build of hibernate_keys.c depend on
Kconfig.
Cc: Matthew Garrett
Cc: Takashi Iwai
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
arch/x86/boot/compressed/eboot.c | 89 ++
arch/x86/in
Chun-Yi
Signed-off-by: Lee, Chun-Yi
---
Documentation/kernel-parameters.txt |7 +++
kernel/cred.c | 17 +
2 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/Documentation/kernel-parameters.txt
b/Documentation/kernel-parameters.txt
.
Signed-off-by: Matthew Garrett
Signed-off-by: Josh Boyer
Acked-by: Lee, Chun-Yi
Signed-off-by: Lee, Chun-Yi
---
Documentation/x86/zero-page.txt|2 ++
arch/x86/boot/compressed/eboot.c | 32
arch/x86/include/asm/bootparam_utils.h |8
This patch add swsusp_page_is_sign_key() method to hibernate_key.c and
check the page is S4 sign key data when collect saveable page in
snapshot.c to avoid sign key data included in snapshot image.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/snapshot.c |6
Show the verification time for monitor the performance of SHA256 and RSA
verification.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/snapshot.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/kernel/power/snapshot.c b/kernel/power
to resume target kernel but don't need write new private
key to any other storage, e.g. swap.
Cc: Matthew Garrett
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/power.h|6 +
kernel/power/snapshot.c | 280 +-
k
This patch applied SNAPSHOT_VERIFICATION kernel config for switching
signature check of hibernate snapshot image.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/snapshot.c | 19 +++
kernel/power/swap.c | 30 +++---
kernel
e any keys from bootloader.
v2:
Replace sign_key_data_loaded() by skey_data_available() to check sign key data
is available for hibernate.
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
---
kernel/power/hibernate.c | 36 +-
kernel/power/main.c | 11 +-
kernel/
This patch introduced SNAPSHOT_SIG_HASH config for user to select which
hash algorithm will be used during signature generation of snapshot.
v2:
Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
declare pkey_hash().
Reviewed-by: Jiri Kosina
Signed-off-by: Lee, Chun-Yi
.
Userland hibernate tool can write GenS4Key at runtime, kernel will
respect the value but not overwrite it when S4. This mechanism let
userland tool can also notify bootloader to regenerate key-pair through
GenS4Key flag.
Cc: Matthew Garrett
Signed-off-by: Lee, Chun-Yi
---
kernel/power/Kconfig
ached before GUID.
Tested on On HP z220.
Cc: Matt Fleming
Cc: Josh Boyer
Cc: Jeremy Kerr
Cc: Michael Schroeder
Reported-by: Frederic Crozat
Tested-by: Frederic Crozat
Signed-off-by: Lee, Chun-Yi
---
drivers/firmware/efivars.c |2 +-
1 files changed, 1 insertions(+), 1 deletion
: Also unregister cooling devices.
Tested-by: Andrzej Krentosz
Cc: Carlos Corbacho
Cc: Matthew Garrett
Cc: Dmitry Torokhov
Cc: Corentin Chary
Cc: Rafael J. Wysocki
Cc: Aaron Lu
Cc: Thomas Renninger
Signed-off-by: Lee, Chun-Yi
---
drivers/acpi/video.c | 54
d the information statement of keeping acpi video driver.
Tested-by: Andrzej Krentosz
Cc: Carlos Corbacho
Cc: Matthew Garrett
Cc: Dmitry Torokhov
Cc: Corentin Chary
Cc: Rafael J. Wysocki
Cc: Aaron Lu
Cc: Thomas Renninger
Signed-off-by: Lee, Chun-Yi
---
drivers/platform/x86/acer-wmi.c |
: Also unregister cooling devices.
Tested-by: Andrzej Krentosz
Cc: Zhang Rui
Cc: Len Brown
Cc: Rafael J. Wysocki
Cc: Carlos Corbacho
Cc: Matthew Garrett
Cc: Dmitry Torokhov
Cc: Corentin Chary
Cc: Aaron Lu
Cc: Thomas Renninger
Signed-off-by: Lee, Chun-Yi
---
drivers/acpi/video.c | 54
d the information statement of keeping acpi video driver.
Tested-by: Andrzej Krentosz
Cc: Zhang Rui
Cc: Len Brown
Cc: Carlos Corbacho
Cc: Matthew Garrett
Cc: Dmitry Torokhov
Cc: Corentin Chary
Cc: Rafael J. Wysocki
Cc: Aaron Lu
Cc: Thomas Renninger
Signed-off-by: Lee, Chun-Yi
---
drivers/platfor
ire V3 BIOS, it will not return the size of data if we input a
non-zero DataSize.
Cc: Matthew Garrett
Cc: Matt Fleming
Cc: H. Peter Anvin
Signed-off-by: Lee, Chun-Yi
---
arch/x86/platform/efi/efi.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/arch/x86/platform/efi/
e of data if we input a
non-zero DataSize.
Cc: Matthew Garrett
Cc: Matt Fleming
Cc: H. Peter Anvin
Signed-off-by: Lee, Chun-Yi
---
arch/x86/platform/efi/efi.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.
From: Chun-Yi Lee
Per X.509 spec in 4.2.1.1 section, the structure of Authority Key
Identifier Extension is:
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNamesOPTIONAL,
ass
the "GUID should be right after the first '-'" check. This patch allow
the variable name that has 'dump-type' pass the name check.
Cc: Seiji Aguchi
Cc: Matthew Garrett
Cc: Al Viro
Cc: Lingzhu Xiang
Signed-off-by: Lee, Chun-Yi
---
drivers/firmware/efivar
ass
the "GUID should be right after the first '-'" check. This patch allow
the variable name that has 'dump-type' pass the name check.
Cc: Matt Fleming
Cc: Seiji Aguchi
Cc: Matthew Garrett
Cc: Al Viro
Cc: Lingzhu Xiang
Signed-off-by: Lee, Chun-Yi
---
driver
From: Chun-Yi Lee
Per X.509 spec in 4.2.1.1 section, the structure of Authority Key
Identifier Extension is:
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNamesOPTIONAL,
y: Matthew Garrett
Acked-by: Greg Kroah-Hartman
Signed-off-by: Lee, Chun-Yi
---
drivers/gpu/Makefile |2 +-
drivers/gpu/stub/Kconfig | 18
drivers/gpu/stub/Makefile |1 -
drivers/gpu/stub/poulsbo.c | 64
drivers/vid
Hart
Cc: Andy Shevchenko
Cc: Pali Rohár
Signed-off-by: "Lee, Chun-Yi"
---
drivers/platform/x86/acer-wmi.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c
index 79fa5ab..ef420b6 100644
--- a/
Shevchenko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/bus.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index 34fbe02..91adb71 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -427,12 +427,17 @@ static
)
Cc: "Rafael J. Wysocki"
Cc: Len Brown
Cc: Andy Shevchenko
Cc: Michal Hocko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 21 +++--
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 3a
ecure boot flag can be kept when
the secure mode is not _unset_. Therefore the flag value from EFI stub
can also be kept.
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1418360
Signed-off-by: "Lee, Chun-Yi"
Cc: Matt Fleming
Cc: David Howells
Cc: Ard Biesheuvel
---
arch/x86/boo
exposes which ACPI-WMI method used by acer-wmi
driver on the machine. The information is already exposed by the acer-wmi
initial log.
Cc: Carlos Corbacho
Cc: Matthew Garrett
Cc: Dmitry Torokhov
Cc: Corentin Chary
Cc: Martin Kepplinger
Cc: Darren Hart
Signed-off-by: Lee, Chun-Yi
---
drivers
claims the resources of firmware enabled IOAPIC before
children bus. Then kernel gets a chance to reassign the resources of
children bus to avoid the conflict.
Cc: Bjorn Helgaas
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: "H. Peter Anvin"
Signed-off-by: "Lee, Chun-Yi"
: Ingo Molnar
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c
index 5fc7052..1f592d8 100644
--- a/drivers/firmware/efi/memmap.c
+++ b/dr
ocko
Signed-off-by: "Lee, Chun-Yi"
---
drivers/acpi/scan.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 8e63d93..490498e 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -116,6 +116,7 @@ bool acpi_scan_
error message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates
t get UEFI MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: Lee, Chun-Yi
---
certs/load_uefi.c | 43 ++-
include/l
Josh Boyer
Cc: James Bottomley
Signed-off-by: Lee, Chun-Yi
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459..d6de4d0 100644
--- a/certs/load_uefi.c
+++ b/certs/load_u
bit before we trust it.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 35 +++
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index dc6
, the hash can be
compared by kernel.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
kernel/module_signing.c | 62 +++--
1 file changed, 60 insertions(+), 2 deletions(-)
diff --git a/kernel/module_sig
t get UEFI MokListRT: EFI_NOT_FOUND
[0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 43 ++-
This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.
Cc: David Howells
Cc: Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 16 +---
1 file changed, 13 insert
error message
prints out appropriate status string for reading by human being.
v2:
Chekcikng the attributes of db and mok before loading certificates.
Lee, Chun-Yi (5):
MODSIGN: do not load mok when secure boot disabled
MODSIGN: print appropriate status message when getting UEFI
certificates
Josh Boyer
Cc: James Bottomley
Signed-off-by: "Lee, Chun-Yi"
---
certs/load_uefi.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/certs/load_uefi.c b/certs/load_uefi.c
index 3d88459..d6de4d0 100644
--- a/certs/load_uefi.c
+++ b/ce
Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
Lee, Chun-Yi (5):
PM / hibernate: Create snapshot keys handler
PM / hibernate: Generate and
g.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/Kconfig| 14 +++
kernel/power
ael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/hibernate.c | 18 ++-
kernel/power/power.h | 2
Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
kernel/power/power.h| 6
kernel/power/snapshot.c | 5
kernel/power/snapshot_key.c | 67 +
3 files changed, 78 insertions(+)
diff --git a/kernel/power/power.h b/kernel
y. And the initialization
vector will be kept in snapshot header for resuming.
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Ch
Kconfig
Cc: "Rafael J. Wysocki"
Cc: Pavel Machek
Cc: Chen Yu
Cc: Oliver Neukum
Cc: Ryan Chen
Cc: David Howells
Cc: Giovanni Gherdovich
Cc: Randy Dunlap
Cc: Jann Horn
Cc: Andy Lutomirski
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/kernel-parameters.tx
achek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, Chun-Yi"
---
fs/sysfs/file.c | 8
include/linux/kobject.h | 2 ++
include/linux/sysfs.h | 2 ++
lib/kobject.c | 26 +++
capability.
Cc: Greg Kroah-Hartman
Cc: "Rafael J. Wysocki"
Cc: Chen Yu
Cc: Giovanni Gherdovich
Cc: Jann Horn
Cc: Andy Lutomirski
Cc: Pavel Machek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, C
oah-Hartman
Cc: "Rafael J. Wysocki"
Cc: Chen Yu
Cc: Giovanni Gherdovich
Cc: Jann Horn
Cc: Andy Lutomirski
Cc: Pavel Machek
Cc: Len Brown
Cc: "Martin K. Petersen"
Cc: Randy Dunlap
Cc: Joe Perches
Cc: Bart Van Assche
Signed-off-by: "Lee, Chun-Yi"
---
kernel/p
option example for generating CodeSign EKU to
module-signing.rst document.
v2:
Changed the help wording in the Kconfig.
Lee, Chun-Yi (4):
X.509: Add CodeSigning extended key usage parsing
PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification
modsign: Add
This patch adds the logic for parsing the CodeSign extended key usage
extension in X.509. The parsing result will be set to the eku flag
which is carried by public key. It can be used in the PKCS#7
verification.
Signed-off-by: "Lee, Chun-Yi"
---
crypto/asymmetric_keys/x509_cert_par
This patch adds the logic for checking the CodeSigning extended
key usage when verifying signature of kernel module or
kexec PE binary in PKCS#7.
Signed-off-by: "Lee, Chun-Yi"
---
certs/system_keyring.c | 2 +-
crypto/asymmetric_keys/Kconfig | 9 +++
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi"
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/cert
Add an openssl command option example for generating CodeSign extended
key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
Signed-off-by: "Lee, Chun-Yi"
---
Documentation/admin-guide/module-signing.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Documentation/a
Biesheuvel
Cc: Takashi Iwai
Cc: Vivek Goyal
Cc: Ingo Molnar
Tested-by: Randy Wright
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/memmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c
index 5
Apalodimas
Cc: Ard Biesheuvel
Signed-off-by: "Lee, Chun-Yi"
---
drivers/firmware/efi/efi.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index fdd1db025dbf..929fbf4dfd5d 100644
--- a/drivers/fi
1 - 100 of 259 matches
Mail list logo
