mirror of
https://github.com/torvalds/linux.git
synced 2024-12-29 14:21:47 +00:00
7cf6a8a17f
- Strictened validation of key hashes for SYSTEM_BLACKLIST_HASH_LIST. An invalid hash format causes a compilation error. Previously, they got included to the kernel binary but were silently ignored at run-time. - Allow root user to append new hashes to the blacklist keyring. - Trusted keys backed with Cryptographic Acceleration and Assurance Module (CAAM), which part of some of the new NXP's SoC's. Now there is total three hardware backends for trusted keys: TPM, ARM TEE and CAAM. - A scattered set of fixes and small improvements for the TPM driver. Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> -----BEGIN PGP SIGNATURE----- iIgEABYIADAWIQRE6pSOnaBC00OEHEIaerohdGur0gUCYoux6xIcamFya2tvQGtl cm5lbC5vcmcACgkQGnq6IXRrq9LTQgEA4zRrlmLPjhZ1iZpPZiyBBv5eOx20/c+y R7tCfJFB2+ABAOT1E885vt+GgKTY4mYloHJ+ZtnTIf1QRMP6EoSX+TwP =oBOO -----END PGP SIGNATURE----- Merge tag 'tpmdd-next-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd Pull tpm updates from Jarkko Sakkinen: - Tightened validation of key hashes for SYSTEM_BLACKLIST_HASH_LIST. An invalid hash format causes a compilation error. Previously, they got included to the kernel binary but were silently ignored at run-time. - Allow root user to append new hashes to the blacklist keyring. - Trusted keys backed with Cryptographic Acceleration and Assurance Module (CAAM), which part of some of the new NXP's SoC's. Now there is total three hardware backends for trusted keys: TPM, ARM TEE and CAAM. - A scattered set of fixes and small improvements for the TPM driver. * tag 'tpmdd-next-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: MAINTAINERS: add KEYS-TRUSTED-CAAM doc: trusted-encrypted: describe new CAAM trust source KEYS: trusted: Introduce support for NXP CAAM-based trusted keys crypto: caam - add in-kernel interface for blob generator crypto: caam - determine whether CAAM supports blob encap/decap KEYS: trusted: allow use of kernel RNG for key material KEYS: trusted: allow use of TEE as backend without TCG_TPM support tpm: Add field upgrade mode support for Infineon TPM2 modules tpm: Fix buffer access in tpm2_get_tpm_pt() char: tpm: cr50_i2c: Suppress duplicated error message in .remove() tpm: cr50: Add new device/vendor ID 0x504a6666 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() tpm/tpm_ftpm_tee: Return true/false (not 1/0) from bool functions certs: Explain the rationale to call panic() certs: Allow root user to append signed hashes to the blacklist keyring certs: Check that builtin blacklist hashes are valid certs: Make blacklist_vet_description() more strict certs: Factor out the blacklist hash creation tools/certs: Add print-cert-tbs-hash.sh |
||
---|---|---|
.. | ||
eventlog | ||
st33zp24 | ||
Kconfig | ||
Makefile | ||
tpm1-cmd.c | ||
tpm2-cmd.c | ||
tpm2-space.c | ||
tpm_atmel.c | ||
tpm_atmel.h | ||
tpm_crb.c | ||
tpm_ftpm_tee.c | ||
tpm_ftpm_tee.h | ||
tpm_i2c_atmel.c | ||
tpm_i2c_infineon.c | ||
tpm_i2c_nuvoton.c | ||
tpm_ibmvtpm.c | ||
tpm_ibmvtpm.h | ||
tpm_infineon.c | ||
tpm_nsc.c | ||
tpm_ppi.c | ||
tpm_tis_core.c | ||
tpm_tis_core.h | ||
tpm_tis_i2c_cr50.c | ||
tpm_tis_spi_cr50.c | ||
tpm_tis_spi_main.c | ||
tpm_tis_spi.h | ||
tpm_tis_synquacer.c | ||
tpm_tis.c | ||
tpm_vtpm_proxy.c | ||
tpm-chip.c | ||
tpm-dev-common.c | ||
tpm-dev.c | ||
tpm-dev.h | ||
tpm-interface.c | ||
tpm-sysfs.c | ||
tpm.h | ||
tpmrm-dev.c | ||
xen-tpmfront.c |