leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mainlining shenanigans
1,074,208 Commits 2 Branches 0 Tags 5.1 GiB
C 97.7%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.2%
Other 0.1%
087aa4ed37
Go to file
Eric Snowberg 087aa4ed37 KEYS: Introduce link restriction for machine keys 
Introduce a new link restriction that includes the trusted builtin,
secondary and machine keys. The restriction is based on the key to be
added being vouched for by a key in any of these three keyrings.

With the introduction of the machine keyring, the end-user may choose to
trust Machine Owner Keys (MOK) within the kernel. If they have chosen to
trust them, the .machine keyring will contain these keys.  If not, the
machine keyring will always be empty.  Update the restriction check to
allow the secondary trusted keyring to also trust machine keys.

Allow the .machine keyring to be linked to the secondary_trusted_keys.
After the link is created, keys contained in the .machine keyring will
automatically be searched when searching secondary_trusted_keys.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2022-03-08 13:55:52 +02:00
arch x86 guest: 2022-03-06 12:08:42 -08:00
block block: clear iocb->private in blkdev_bio_end_io_async() 2022-02-22 06:59:49 -07:00
certs KEYS: Introduce link restriction for machine keys 2022-03-08 13:55:52 +02:00
crypto KEYS: x509: remove dead code that set ->unsupported_sig 2022-03-08 10:33:18 +02:00
Documentation swiotlb: rework "fix info leak with DMA_FROM_DEVICE" 2022-03-07 11:26:02 -08:00
drivers tpm: xen-tpmfront: Use struct_size() helper 2022-03-08 10:33:18 +02:00
fs for-5.17-rc6-tag 2022-03-06 12:19:36 -08:00
include KEYS: Introduce link restriction for machine keys 2022-03-08 13:55:52 +02:00
init lib/stackdepot: allow optional init and stack_table allocation by kvmalloc() 2022-01-22 08:33:37 +02:00
ipc ipc/sem: do not sleep with a spin lock held 2022-02-04 09:25:05 -08:00
kernel swiotlb: rework "fix info leak with DMA_FROM_DEVICE" 2022-03-07 11:26:02 -08:00
lib ARM further fixes for 5.17-rc: 2022-03-02 16:11:56 -08:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm memfd: fix F_SEAL_WRITE after shmem huge page allocated 2022-03-05 11:08:32 -08:00
net ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() 2022-03-03 09:47:06 -08:00
samples samples/seccomp: Adjust sample to also provide kill option 2022-02-10 19:09:12 -08:00
scripts kconfig: fix failing to generate auto.conf 2022-02-12 23:24:19 +09:00
security KEYS: store reference to machine keyring 2022-03-08 13:55:52 +02:00
sound ALSA: intel_hdmi: Fix reference to PCM buffer address 2022-03-02 09:25:37 +01:00
tools selftests: tpm: add async space test with noneexisting handle 2022-03-08 10:33:17 +02:00
usr kbuild: remove include/linux/cyclades.h from header file check 2022-01-27 08:51:08 +01:00
virt KVM: Fix lockdep false negative during host resume 2022-02-17 09:52:50 -05:00
.clang-format genirq/msi: Make interrupt allocation less convoluted 2021-12-16 22:22:20 +01:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap mailmap: update Roman Gushchin's email 2022-02-26 09:51:17 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: replace a Microchip AT91 maintainer 2022-02-09 11:30:01 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: Remove dead patchwork link 2022-03-03 12:14:36 -08:00
Makefile Linux 5.17-rc7 2022-03-06 14:28:31 -08:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.