Inter-revision diff: cover letter

Comparing v7 (message) to v1 (message) 

--- v7
+++ v1
@@ -1,47 +1,42 @@
-This new patch series is a rebase on David Howells's and Eric Snowberg's
-keys-cve-2020-26541-v3.
+Hi,
 
-I successfully tested this patch series with the 186 entries from
-https://uefi.org/sites/default/files/resources/dbxupdate_x64.bin (184
-binary hashes and 2 certificates).
-
-The goal of these patches is to add a new configuration option to enable the
-root user to load signed keys in the blacklist keyring.  This keyring is useful
-to "untrust" certificates or files.  Enabling to safely update this keyring
-without recompiling the kernel makes it more usable.
-
-This can be applied on top of David Howells's keys-cve-2020-26541-branch:
-https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-cve-2020-26541-branch
-
-Previous patch series:
-https://lore.kernel.org/lkml/20210210120410.471693-1-mic@digikod.net/
+This patch series mainly add a new configuration option to enable the
+root user to load signed keys in the blacklist keyring.  This keyring is
+useful to "untrust" certificates or files.  Enabling to safely update
+this keyring without recompiling the kernel makes it more usable.
 
 Regards,
 
-Mickaël Salaün (5):
-  tools/certs: Add print-cert-tbs-hash.sh
-  certs: Check that builtin blacklist hashes are valid
+Mickaël Salaün (9):
+  certs: Fix blacklisted hexadecimal hash string check
   certs: Make blacklist_vet_description() more strict
   certs: Factor out the blacklist hash creation
+  certs: Check that builtin blacklist hashes are valid
+  PKCS#7: Fix missing include
+  certs: Fix blacklist flag type confusion
   certs: Allow root user to append signed hashes to the blacklist
     keyring
+  certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
+  tools/certs: Add print-cert-tbs-hash.sh
 
  MAINTAINERS                                   |   2 +
  certs/.gitignore                              |   1 +
- certs/Kconfig                                 |  17 +-
- certs/Makefile                                |  17 +-
- certs/blacklist.c                             | 218 ++++++++++++++----
+ certs/Kconfig                                 |  10 +
+ certs/Makefile                                |  15 +-
+ certs/blacklist.c                             | 210 +++++++++++++-----
+ certs/system_keyring.c                        |   5 +-
  crypto/asymmetric_keys/x509_public_key.c      |   3 +-
  include/keys/system_keyring.h                 |  14 +-
+ include/linux/verification.h                  |   2 +
  scripts/check-blacklist-hashes.awk            |  37 +++
  .../platform_certs/keyring_handler.c          |  26 +--
  tools/certs/print-cert-tbs-hash.sh            |  91 ++++++++
- 10 files changed, 346 insertions(+), 80 deletions(-)
+ 12 files changed, 335 insertions(+), 81 deletions(-)
  create mode 100755 scripts/check-blacklist-hashes.awk
  create mode 100755 tools/certs/print-cert-tbs-hash.sh
 
 
-base-commit: ebd9c2ae369a45bdd9f8615484db09be58fc242b
+base-commit: 09162bc32c880a791c6c0668ce0745cf7958f576
 -- 
-2.30.2
+2.29.2
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help