Re: [RFC] [PATCH] Fix for a warning - crypto/fcrypt,c

On Wed, Aug 21, 2013 at 10:42:01PM +0200, Jan-Simon Möller wrote: > > Should I resend a fixed version with > (1U << 27) - 1) instead ? Sure. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe f

Re: [PATCH v2] kernel/padata.c: share code between CPU_ONLINE and CPU_DOWN_FAILED, same to CPU_DOWN_PREPARE and CPU_UP_CANCELED

On 08/23/2013 06:47 PM, Herbert Xu wrote: > On Fri, Aug 23, 2013 at 12:44:48PM +0200, Steffen Klassert wrote: >> On Thu, Aug 22, 2013 at 02:43:37PM +0800, Chen Gang wrote: >>> Share code between CPU_ONLINE and CPU_DOWN_FAILED, same to >>> CPU_DOWN_PREPARE and CPU_UP_CANCELED. >>> >>> It will fix 2

Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm

On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote: > This patch introduced SNAPSHOT_SIG_HASH config for user to select which > hash algorithm will be used during signature generation of snapshot. > > v2: > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before > declare pkey_hash(). >

Re: [PATCH 15/18] Hibernate: adapt to UEFI secure boot with signature check

On Thu 2013-08-22 19:01:54, Lee, Chun-Yi wrote: > In current solution, the snapshot signature check used the RSA key-pair > that are generated by bootloader(e.g. shim) and pass the key-pair to > kernel through EFI variables. I choice to binding the snapshot > signature check mechanism with UEFI sec

Re: [PATCH 13/18] Hibernate: Avoid S4 sign key data included in snapshot image

On Thu 2013-08-22 19:01:52, Lee, Chun-Yi wrote: > This patch add swsusp_page_is_sign_key() method to hibernate_key.c and > check the page is S4 sign key data when collect saveable page in > snapshot.c to avoid sign key data included in snapshot image. > > Reviewed-by: Jiri Kosina > Signed-off-by:

Re: [PATCH 12/18] Hibernate: generate and verify signature of snapshot

On Thu 2013-08-22 19:01:51, Lee, Chun-Yi wrote: > This patch add the code for generate/verify signature of snapshot, it > put the signature to snapshot header. This approach can support both > on userspace hibernate and in-kernel hibernate. > > v2: > - Due to loaded S4 sign key before ExitBootServ

Re: [PATCH 10/18] efi: Enable secure boot lockdown automatically when enabled in firmware

On Sun, Aug 25, 2013 at 06:22:43PM +0200, Pavel Machek wrote: > On Thu 2013-08-22 19:01:49, Lee, Chun-Yi wrote: > > From: Matthew Garrett > > > > The firmware has a set of flags that indicate whether secure boot is enabled > > and enforcing. Use them to indicate whether the kernel should lock its

Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot

On Thu 2013-08-22 19:01:50, Lee, Chun-Yi wrote: > Introduced a hibernate_key.c file to query the key pair from EFI variables > and maintain key pair for check signature of S4 snapshot image. We > loaded the private key when snapshot image stored success. > > This patch introduced 2 EFI variables f

Re: [PATCH 10/18] efi: Enable secure boot lockdown automatically when enabled in firmware

On Thu 2013-08-22 19:01:49, Lee, Chun-Yi wrote: > From: Matthew Garrett > > The firmware has a set of flags that indicate whether secure boot is enabled > and enforcing. Use them to indicate whether the kernel should lock itself > down. We also indicate the machine is in secure boot mode by addi

Re: [PATCH 09/18] Secure boot: Add a dummy kernel parameter that will switch on Secure Boot mode

You may want to check subject. If it does something, it is not dummy. > --- a/Documentation/kernel-parameters.txt > +++ b/Documentation/kernel-parameters.txt > @@ -2784,6 +2784,13 @@ bytes respectively. Such letter suffixes can also be > entirely omitted. > Note: increases p

Re: [PATCH 08/18] Secure boot: Add new capability

On Thu 2013-08-22 19:01:47, Lee, Chun-Yi wrote: > From: Matthew Garrett > > Secure boot adds certain policy requirements, including that root must not > be able to do anything that could cause the kernel to execute arbitrary code. > The simplest way to handle this would seem to be to add a new ca

Re: [PATCH 07/18] asymmetric keys: explicitly add the leading zero byte to encoded message

On Thu 2013-08-22 19:01:46, Lee, Chun-Yi wrote: > Per PKCS1 spec, the EMSA-PKCS1-v1_5 encoded message is leading by 0x00 0x01 in > its first 2 bytes. The leading zero byte is suppressed by MPI so we pass a > pointer to the _preceding_ byte to RSA_verify() in original code, but it has > risk for the

Re: [PATCH 06/18] asymmetric keys: support parsing PKCS #8 private key information

On Thu 2013-08-22 19:01:45, Lee, Chun-Yi wrote: > Add ASN.1 files and parser to support parsing PKCS #8 noncompressed private > key information. It's better than direct parsing pure private key because > PKCS #8 has a privateKeyAlgorithm to indicate the algorithm of private > key, e.g. RSA from PKC

Re: [PATCH 03/18] asymmetric keys: separate the length checking of octet string from RSA_I2OSP

On Thu 2013-08-22 19:01:42, Lee, Chun-Yi wrote: > Due to RSA_I2OSP is not only used by signature verification path but also used > in signature generation path. So, separate the length checking of octet string > because it's not for generate 0x00 0x01 leading string when used in signature > generat

Re: [PATCH 02/18] asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa

On Thu 2013-08-22 19:01:41, Lee, Chun-Yi wrote: > Implement EMSA_PKCS1-v1_5-ENCODE [RFC3447 sec 9.2] in rsa.c. It's the > first step of signature generation operation > (RSASSA-PKCS1-v1_5-SIGN). Is this your own code, or did you copy it from somewhere? > + if (!T) > + goto error_T