On Wed, Jan 27, 2021 at 08:41:29AM -0700, Eric Snowberg wrote:
>
> > On Jan 27, 2021, at 7:03 AM, Mimi Zohar wrote:
> >
> > [Cc'ing linux-integrity]
> >
> > On Wed, 2021-01-27 at 11:46 +, David Howells wrote:
> >> Jarkko Sakkinen wrote:
> >>
> I suppose a user space tool could be cre
On Wed, Jan 27, 2021 at 09:03:59AM -0500, Mimi Zohar wrote:
> [Cc'ing linux-integrity]
>
> On Wed, 2021-01-27 at 11:46 +, David Howells wrote:
> > Jarkko Sakkinen wrote:
> >
> > > > I suppose a user space tool could be created. But wouldn’t what is
> > > > currently done in the kernel in thi
On 1/27/21 10:41 AM, Eric Snowberg wrote:
On Jan 27, 2021, at 7:03 AM, Mimi Zohar wrote:
[Cc'ing linux-integrity]
On Wed, 2021-01-27 at 11:46 +, David Howells wrote:
Jarkko Sakkinen wrote:
I suppose a user space tool could be created. But wouldn’t what is
currently done in the kernel
> On Jan 27, 2021, at 7:03 AM, Mimi Zohar wrote:
>
> [Cc'ing linux-integrity]
>
> On Wed, 2021-01-27 at 11:46 +, David Howells wrote:
>> Jarkko Sakkinen wrote:
>>
I suppose a user space tool could be created. But wouldn’t what is
currently done in the kernel in this area need t
[Cc'ing linux-integrity]
On Wed, 2021-01-27 at 11:46 +, David Howells wrote:
> Jarkko Sakkinen wrote:
>
> > > I suppose a user space tool could be created. But wouldn’t what is
> > > currently done in the kernel in this area need to be removed?
> >
> > Right. I don't think this was a great
Jarkko Sakkinen wrote:
> > I suppose a user space tool could be created. But wouldn’t what is
> > currently done in the kernel in this area need to be removed?
>
> Right. I don't think this was a great idea in the first place to
> do to the kernel but since it exists, I guess the patch does make
> On Jan 20, 2021, at 4:26 AM, Jarkko Sakkinen wrote:
>
> On Fri, Jan 15, 2021 at 09:49:02AM -0700, Eric Snowberg wrote:
>>
>>> On Jan 15, 2021, at 2:15 AM, Jarkko Sakkinen wrote:
>>>
>>> On Wed, Jan 13, 2021 at 05:11:10PM -0700, Eric Snowberg wrote:
> On Jan 13, 2021, at 1:41 PM,
On Wed, Jan 20, 2021 at 03:13:11PM -0700, Eric Snowberg wrote:
>
> > On Jan 20, 2021, at 4:26 AM, Jarkko Sakkinen wrote:
> >
> > On Fri, Jan 15, 2021 at 09:49:02AM -0700, Eric Snowberg wrote:
> >>
> >>> On Jan 15, 2021, at 2:15 AM, Jarkko Sakkinen wrote:
> >>>
> >>> On Wed, Jan 13, 2021 at 05
On Fri, Jan 15, 2021 at 09:49:02AM -0700, Eric Snowberg wrote:
>
> > On Jan 15, 2021, at 2:15 AM, Jarkko Sakkinen wrote:
> >
> > On Wed, Jan 13, 2021 at 05:11:10PM -0700, Eric Snowberg wrote:
> >>
> >>> On Jan 13, 2021, at 1:41 PM, Jarkko Sakkinen
> >>> wrote:
> >>>
> >>> On Tue, Jan 12, 202
> On Jan 15, 2021, at 10:21 AM, James Bottomley
> wrote:
>
> On Tue, 2020-09-15 at 20:49 -0400, Eric Snowberg wrote:
>> The Secure Boot Forbidden Signature Database, dbx, contains a list of
>> now revoked signatures and keys previously approved to boot with UEFI
>> Secure Boot enabled. The db
On Tue, 2020-09-15 at 20:49 -0400, Eric Snowberg wrote:
> The Secure Boot Forbidden Signature Database, dbx, contains a list of
> now revoked signatures and keys previously approved to boot with UEFI
> Secure Boot enabled. The dbx is capable of containing any number of
> EFI_CERT_X509_SHA256_GUID,
> On Jan 15, 2021, at 2:15 AM, Jarkko Sakkinen wrote:
>
> On Wed, Jan 13, 2021 at 05:11:10PM -0700, Eric Snowberg wrote:
>>
>>> On Jan 13, 2021, at 1:41 PM, Jarkko Sakkinen
>>> wrote:
>>>
>>> On Tue, Jan 12, 2021 at 02:57:39PM +, David Howells wrote:
Eric Snowberg wrote:
>>>
On Wed, Jan 13, 2021 at 05:11:10PM -0700, Eric Snowberg wrote:
>
> > On Jan 13, 2021, at 1:41 PM, Jarkko Sakkinen
> > wrote:
> >
> > On Tue, Jan 12, 2021 at 02:57:39PM +, David Howells wrote:
> >> Eric Snowberg wrote:
> >>
> On Dec 10, 2020, at 2:49 AM, David Howells wrote:
>
> On Jan 13, 2021, at 1:41 PM, Jarkko Sakkinen
> wrote:
>
> On Tue, Jan 12, 2021 at 02:57:39PM +, David Howells wrote:
>> Eric Snowberg wrote:
>>
On Dec 10, 2020, at 2:49 AM, David Howells wrote:
Eric Snowberg wrote:
> Add support for EFI_CERT_X509_GUID dbx en
On Tue, Jan 12, 2021 at 02:57:39PM +, David Howells wrote:
> Eric Snowberg wrote:
>
> > > On Dec 10, 2020, at 2:49 AM, David Howells wrote:
> > >
> > > Eric Snowberg wrote:
> > >
> > >> Add support for EFI_CERT_X509_GUID dbx entries. When a EFI_CERT_X509_GUID
> > >> is found, it is added
> On Jan 12, 2021, at 10:10 AM, David Howells wrote:
>
> How about the attached?
This looks good to me.
> I've changed the function names to something that I
> think reads better, but otherwise it's the same.
I agree, the function name changes you made sound better.
We are starting to see p
How about the attached? I've changed the function names to something that I
think reads better, but otherwise it's the same.
David
---
commit 8913866babb96fcfe452aac6042ca8862d4c0b53
Author: Eric Snowberg
Date: Tue Sep 15 20:49:27 2020 -0400
certs: Add EFI_CERT_X509_GUID support for dbx e
Eric Snowberg wrote:
> > On Dec 10, 2020, at 2:49 AM, David Howells wrote:
> >
> > Eric Snowberg wrote:
> >
> >> Add support for EFI_CERT_X509_GUID dbx entries. When a EFI_CERT_X509_GUID
> >> is found, it is added as an asymmetrical key to the .blacklist keyring.
> >> Anytime the .platform ke
> On Dec 10, 2020, at 2:49 AM, David Howells wrote:
>
> Eric Snowberg wrote:
>
>> Add support for EFI_CERT_X509_GUID dbx entries. When a EFI_CERT_X509_GUID
>> is found, it is added as an asymmetrical key to the .blacklist keyring.
>> Anytime the .platform keyring is used, the keys in the .bla
Eric Snowberg wrote:
> Add support for EFI_CERT_X509_GUID dbx entries. When a EFI_CERT_X509_GUID
> is found, it is added as an asymmetrical key to the .blacklist keyring.
> Anytime the .platform keyring is used, the keys in the .blacklist keyring
> are referenced, if a matching key is found, the
On Tue, Sep 15, 2020 at 08:49:27PM -0400, Eric Snowberg wrote:
> The Secure Boot Forbidden Signature Database, dbx, contains a list of now
> revoked signatures and keys previously approved to boot with UEFI Secure
> Boot enabled. The dbx is capable of containing any number of
> EFI_CERT_X509_SHA25
The Secure Boot Forbidden Signature Database, dbx, contains a list of now
revoked signatures and keys previously approved to boot with UEFI Secure
Boot enabled. The dbx is capable of containing any number of
EFI_CERT_X509_SHA256_GUID, EFI_CERT_SHA256_GUID, and EFI_CERT_X509_GUID
entries.
Currentl
22 matches
Mail list logo
