Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.5 2015-11-23T19:30:02Z 2015-11-23T19:30:02Z Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:10Z urn:sha1:f4dc37785e9b3373d0cb93125d5579fed2af3a43 Require all keys added to the EVM keyring be signed by an existing trusted key on the system trusted keyring. This patch also switches IMA to use integrity_init_keyring(). Changes in v3: * Added 'init_keyring' config based variable to skip initializing keyring instead of using __integrity_init_keyring() wrapper. * Added dependency back to CONFIG_IMA_TRUSTED_KEYRING Changes in v2: * Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option * Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config file compatibility. (Mimi Zohar) Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-10-09T19:31:18Z Dmitry Kasatkin dmitry.kasatkin@gmail.com 2015-09-10T19:06:15Z urn:sha1:72e1eed8abb11c79749266d433c817ce36732893 If IMA_LOAD_X509 is enabled, either directly or indirectly via IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA trusted keyring by the kernel via key_create_or_update(). When the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded without first verifying the certificate is properly signed by a trusted key on the system keyring. This patch removes the KEY_ALLOC_TRUSTED flag. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Cc: <stable@vger.kernel.org> # 3.19+ Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-05-21T17:59:28Z Dmitry Kasatkin d.kasatkin@samsung.com 2014-11-26T14:55:00Z urn:sha1:9d03a721a3a4a5120de790a0e67dc324c2ed9184 This patch adds validity checks for 'path' parameter and makes it const. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2014-11-18T04:11:59Z Dmitry Kasatkin d.kasatkin@samsung.com 2014-11-05T15:01:13Z urn:sha1:65d543b2335ede80e5e66bc4f559f62db5f469bd Provide the function to load x509 certificates from the kernel into the integrity kernel keyring. Changes in v2: * configuration option removed * function declared as '__init' Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2014-10-07T18:32:53Z Dmitry Kasatkin dmitry.kasatkin@gmail.com 2014-10-01T18:43:07Z urn:sha1:d16a8585d3715ef161cc9858b50ea5d3c8b6079b integrity_init_keyring() is used only from kernel '__init' functions. Add it there as well. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2014-07-17T13:35:17Z Mimi Zohar zohar@linux.vnet.ibm.com 2013-08-13T12:47:43Z urn:sha1:7d2ce2320e8efdc4a6dcbae7b329ed3f0d1cd778 Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog v6: - remove ifdef CONFIG_IMA_TRUSTED_KEYRING in C code - Dmitry - update Kconfig dependency and help - select KEYS_DEBUG_PROC_KEYS - Dmitry Changelog v5: - Move integrity_init_keyring() to init_ima() - Dmitry - reset keyring[id] on failure - Dmitry Changelog v1: - don't link IMA trusted keyring to user keyring Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) - only make the IMA keyring a trusted keyring (reported-by D. Kastatkin) - define stub integrity_init_keyring() definition based on CONFIG_INTEGRITY_SIGNATURE, not CONFIG_INTEGRITY_ASYMMETRIC_KEYS. (reported-by Jim Davis) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Acked-by: David Howells <dhowells@redhat.com> 2013-11-24T00:36:35Z Linus Torvalds torvalds@linux-foundation.org 2013-11-24T00:36:35Z urn:sha1:34ef7bd3823bf4401bf8f1f855e1bc77b82b1a43 This reverts commit 217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241, which caused the following build error: security/integrity/digsig.c:70:5: error: redefinition of ‘integrity_init_keyring’ security/integrity/integrity.h:149:12: note: previous definition of ‘integrity_init_keyring’ w security/integrity/integrity.h:149:12: warning: ‘integrity_init_keyring’ defined but not used reported by Krzysztof Kolasa. Mimi says: "I made the classic mistake of requesting this patch to be upstreamed at the last second, rather than waiting until the next open window. At this point, the best course would probably be to revert the two commits and fix them for the next open window" Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-01T00:20:48Z Mimi Zohar zohar@linux.vnet.ibm.com 2013-08-13T12:47:43Z urn:sha1:217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241 Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2013-10-25T21:16:59Z Dmitry Kasatkin d.kasatkin@samsung.com 2013-10-10T07:12:03Z urn:sha1:b1aaab22e263d0cca1effe319b7d2bf895444219 For possibility to use xattr type for new signature formats, pass full xattr to the signature verification function. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2013-10-25T17:17:19Z Dmitry Kasatkin d.kasatkin@samsung.com 2013-10-10T06:56:13Z urn:sha1:089bc8e95ae07b1ada14069935c30fd88204c21c Fix checkpatch, lindent, etc, warnings/errors Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>