Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-24 21:21:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
b0e22b47f6
linux/include/keys
History
Linus Torvalds b0e22b47f6 Fix CVE-2020-26541 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmBKRxMACgkQ+7dXa6fL
 C2trYg/7Brf6d0JUAw/MbjCcPVL5SmTHRGJwmKq7+du/Z4yqz3VcL/flk2cyvMr3
 lvGQK+KTWTZLidovQA42e54XIaUh3cqwUhz9H3+X61gY7kWJvioEhvg1tD007L7O
 DrMMkRhh9nnAV5GOhHj1nxIcgmxwrKNkzevf157RRKWnm9VBNmeZsu0kd2Ffx0i0
 EqsejQU+sP6MgeKjTTKXKVpvH2GGB0NJRrpQCJSR4t9GrAt+rGlcNJFdqqmyxhpj
 cGtEhtNO7MiigGHxCbzpK0g6l6f31si+WIAywdxF65DGQOF3gcgxHQlPDcNiC/RH
 PLPEchUH2fOv4koDQWM8HJ4XDS5eRZmYSh6WPrSxJwuNH/NDyWxKSxrBXGhRWTfx
 RaMe2wQcQq9Rge+e6PwR+nJEbdSL2BHxdAaBDqBlxY9A0c6onTy+XzVSLTKYUJ5u
 /Y/fND3eHvMPZt4WMMZDQzHVnHscXFYPI4y1EMDLcAof9ltNG5zLAJZ6mHi6rqGl
 q+VhSPFi6equ7szdV2cZ5ltSROdAnwkbycs1LgeSzh8LWe83Tkq0eDEHSTjGpQFY
 VWGBs6JGl1QPdQdSc3uqki1LdTYUy5w0Pr3h0Ff6L3NS9fUrzCMtsN+/4aQNzS+C
 cP22WM2IRDtN17pRASNjI4/6sL7X7/rLQ8KNq/QpQeD4+ZkINaI=
 =fLQY
 -----END PGP SIGNATURE-----

Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull x509 dbx/mokx UEFI support from David Howells:
 "Here's a set of patches from Eric Snowberg[1] that add support for
  EFI_CERT_X509_GUID entries in the dbx and mokx UEFI tables (such
  entries cause matching certificates to be rejected).

  These are currently ignored and only the hash entries are made use of.

  Additionally Eric included his patches to allow such certificates to
  be preloaded.

  These patches deal with CVE-2020-26541.

  To quote Eric:
       'This is the fifth patch series for adding support for
        EFI_CERT_X509_GUID entries [2]. It has been expanded to not only
        include dbx entries but also entries in the mokx. Additionally
        my series to preload these certificate [3] has also been
        included'"

Link: https://lore.kernel.org/r/20210122181054.32635-1-eric.snowberg@oracle.com [1]
Link: https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/ [2]
Link: https://lore.kernel.org/patchwork/cover/1315485/ [3]

* tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
  integrity: Load mokx variables into the blacklist keyring
  certs: Add ability to preload revocation certs
  certs: Move load_system_certificate_list to a common function
  certs: Add EFI_CERT_X509_GUID support for dbx entries
2021-04-26 08:38:10 -07:00
..
asymmetric-parser.h docs: crypto: convert asymmetric-keys.txt to ReST 2020-06-19 14:03:46 -06:00
asymmetric-subtype.h docs: crypto: convert asymmetric-keys.txt to ReST 2020-06-19 14:03:46 -06:00
asymmetric-type.h docs: crypto: convert asymmetric-keys.txt to ReST 2020-06-19 14:03:46 -06:00
big_key-type.h keys: Implement update for the big_key type 2020-06-02 17:22:31 +01:00
ceph-type.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dns_resolver-type.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
encrypted-type.h encrypted-keys: Replace HTTP links with HTTPS ones 2021-01-21 16:16:09 +00:00
keyring-type.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
request_key_auth-type.h request_key improvements 2019-07-08 19:19:37 -07:00
rxrpc-type.h rxrpc: Don't leak the service-side session key to userspace 2020-11-23 18:09:29 +00:00
system_keyring.h certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-03-11 16:31:28 +00:00
trusted_tee.h KEYS: trusted: Introduce TEE based Trusted Keys 2021-04-14 16:30:30 +03:00
trusted_tpm.h KEYS: trusted: Add generic trusted keys framework 2021-04-14 16:30:30 +03:00
trusted-type.h KEYS: trusted: Add generic trusted keys framework 2021-04-14 16:30:30 +03:00
user-type.h KEYS: Replace zero-length array with flexible-array 2020-06-02 17:22:31 +01:00