Re: [PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot

[PATCH v2 0/7] add platform/firmware keys support for kernel verification by IMA · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
[PATCH v2 1/7] integrity: Define a trusted platform keyring · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
[PATCH v2 1/7] integrity: Define a trusted platform keyring · Nayna Jain <nayna@linux.ibm.com> · 2018-12-09
Re: [PATCH v2 1/7] integrity: Define a trusted platform keyring · Thiago Jung Bauermann <hidden> · 2018-12-13
Re: [PATCH v2 1/7] integrity: Define a trusted platform keyring · James Morris <jmorris@namei.org> · 2018-12-11
[PATCH v2 2/7] integrity: Load certs to the platform keyring · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 2/7] integrity: Load certs to the platform keyring · James Morris <jmorris@namei.org> · 2018-12-11
Re: [PATCH v2 2/7] integrity: Load certs to the platform keyring · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v2 3/7] efi: Add EFI signature data types · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 3/7] efi: Add EFI signature data types · James Morris <jmorris@namei.org> · 2018-12-11
[PATCH v2 4/7] efi: Add an EFI signature blob parser · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
[PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot · James Morris <jmorris@namei.org> · 2018-12-11
Re: [PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot · Nayna Jain <nayna@linux.ibm.com> · 2018-12-12
[PATCH v2a 5/7] efi: Import certificates from UEFI Secure Boot · Nayna Jain <nayna@linux.ibm.com> · 2018-12-12
[PATCH v2 6/7] efi: Allow the "db" UEFI variable to be suppressed · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 6/7] efi: Allow the "db" UEFI variable to be suppressed · James Morris <jmorris@namei.org> · 2018-12-11
[PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · James Morris <jmorris@namei.org> · 2018-12-11
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Thiago Jung Bauermann <hidden> · 2018-12-12
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2018-12-13
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Thiago Jung Bauermann <hidden> · 2018-12-13
Re: [PATCH v2 0/7] add platform/firmware keys support for kernel verification by IMA · Mimi Zohar <zohar@linux.ibm.com> · 2018-12-09

From: James Morris <jmorris@namei.org>
Date: 2018-12-11 18:48:21
Also in: kexec, keyrings, linux-efi, linux-integrity, lkml

On Sun, 9 Dec 2018, Nayna Jain wrote:

+/*
+ * Blacklist an X509 TBS hash.
+ */
+static __init void uefi_blacklist_x509_tbs(const char *source,
+					   const void *data, size_t len)
+{
+	char *hash, *p;
+
+	hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
+	if (!hash)
+		return;
+	p = memcpy(hash, "tbs:", 4);
+	p += 4;
+	bin2hex(p, data, len);
+	p += len * 2;
+	*p = 0;
+
+	mark_hash_blacklisted(hash);
+	kfree(hash);
+}
+
+/*
+ * Blacklist the hash of an executable.
+ */
+static __init void uefi_blacklist_binary(const char *source,
+					 const void *data, size_t len)
+{
+	char *hash, *p;
+
+	hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
+	if (!hash)
+		return;
+	p = memcpy(hash, "bin:", 4);
+	p += 4;
+	bin2hex(p, data, len);
+	p += len * 2;
+	*p = 0;
+
+	mark_hash_blacklisted(hash);
+	kfree(hash);
+}

These could be refactored into one function.


-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help