Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-21 15:33:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
436529562d
linux/include
History
David Howells 734114f878 KEYS: Add a system blacklist keyring 
Add the following:

 (1) A new system keyring that is used to store information about
     blacklisted certificates and signatures.

 (2) A new key type (called 'blacklist') that is used to store a
     blacklisted hash in its description as a hex string.  The key accepts
     no payload.

 (3) The ability to configure a list of blacklisted hashes into the kernel
     at build time.  This is done by setting
     CONFIG_SYSTEM_BLACKLIST_HASH_LIST to the filename of a list of hashes
     that are in the form:

	"<hash>", "<hash>", ..., "<hash>"

     where each <hash> is a hex string representation of the hash and must
     include all necessary leading zeros to pad the hash to the right size.

The above are enabled with CONFIG_SYSTEM_BLACKLIST_KEYRING.

Once the kernel is booted, the blacklist keyring can be listed:

	root@andromeda ~]# keyctl show %:.blacklist
	Keyring
	 723359729 ---lswrv      0     0  keyring: .blacklist
	 676257228 ---lswrv      0     0   \_ blacklist: 123412341234c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46

The blacklist cannot currently be modified by userspace, but it will be
possible to load it, for example, from the UEFI blacklist database.

A later commit will make it possible to load blacklisted asymmetric keys in
here too.

Signed-off-by: David Howells <dhowells@redhat.com>
2017-04-03 16:07:24 +01:00
..
acpi Merge branches 'acpi-bus', 'acpi-sleep' and 'acpi-processor' 2017-02-20 14:28:03 +01:00
asm-generic mm: convert generic code to 5-level paging 2017-03-09 11:48:47 -08:00
clocksource
crypto net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
drm sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
dt-bindings scripts/spelling.txt: add "overide" pattern and fix typo instances 2017-03-09 17:01:09 -08:00
keys KEYS: Add a system blacklist keyring 2017-04-03 16:07:24 +01:00
kvm KVM: arm/arm64: Emulate the EL1 phys timer registers 2017-02-08 15:13:37 +00:00
linux security, keys: convert key.usage from atomic_t to refcount_t 2017-04-03 10:49:05 +10:00
math-emu
media media fixes for v4.11-rc2 2017-03-09 15:50:56 -08:00
memory
misc
net sctp: declare struct sctp_stream before using it 2017-03-22 10:57:52 -07:00
pcmcia
ras
rdma IB/core: Restore I/O MMU, s390 and powerpc support 2017-03-24 21:51:16 -04:00
rxrpc
scsi scsi: mpt3sas: Avoid sleeping in interrupt context 2017-03-01 21:52:13 -05:00
soc ARC updates for 4.11 rc1 2017-02-22 10:33:53 -08:00
sound sched/headers: Prepare to remove spurious <linux/sched.h> inclusion dependencies 2017-03-02 08:42:41 +01:00
target target: fix ALUA transition timeout handling 2017-03-18 14:47:28 -07:00
trace There was some breakage with the changes for jump labels in the 4.11 merge 2017-03-07 09:37:28 -08:00
uapi Fixups for -rc4 kernel 2017-03-25 15:25:58 -07:00
video drm/exynos/decon5433: signal frame done interrupt at front porch 2017-03-21 13:17:22 +09:00
xen Merge branch 'stable/for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb 2017-03-07 10:23:17 -08:00
Kbuild