certificate handling · Maintained

Maintainers

• M David Howells <dhowells@redhat.com>
• M David Woodhouse <dwmw2@infradead.org>

Paths

• F Documentation/admin-guide/module-signing.rst
• F certs/
• F scripts/sign-file.c
• F scripts/ssl-common.h
• F tools/certs/

Last 30 days

Recent patches

Most-recent 30 patches in this subsystem on linux-security-module (capped at 30), ordered by date desc.

• DORMANTno replies [PATCH] crypto: pkcs7: export verify_pkcs7_message_sig() as EXPORT_SYMBOL_GPL
  2026-05-23 · Paul Moore <paul@paul-moore.com>
• COLD26d [PATCH v7 01/10] crypto: pkcs7: add flag for validated trust on a signed info block
  2026-05-07 · Blaise Boscaccy <hidden>
• COLD31d [v6 01/10] crypto: pkcs7: add flag for validated trust on a signed info block
  2026-04-29 · Blaise Boscaccy <hidden>
• COLD40d [PATCH v5 01/10] crypto: pkcs7: add flag for validated trust on a signed info block
  2026-04-20 · Blaise Boscaccy <hidden>
• COLD53d [PATCH v4 01/10] crypto: pkcs7: add flag for validated trust on a signed info block
  2026-04-16 · Blaise Boscaccy <hidden>
• STALE69d [PATCH v3 1/9] crypto: pkcs7: add flag for validated trust on a signed info block
  2026-03-26 · Blaise Boscaccy <hidden>
• STALE74d REVIEWED: 1 (1M) [PATCH v3 7/8] sign-file: use 'struct module_signature' from the UAPI headers
  2026-03-05 · Thomas Weißschuh <hidden>
• STALE74d REVIEWED: 1 (1M) [PATCH v3 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
  2026-03-05 · Thomas Weißschuh <hidden>
• DORMANTno replies REVIEWED: 1 (1M) [PATCH v2 7/8] sign-file: use 'struct module_signature' from the UAPI headers
  2026-03-05 · Thomas Weißschuh <hidden>
• STALE95d REVIEWED: 1 (1M) [PATCH v2 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
  2026-03-05 · Thomas Weißschuh <hidden>
• STALE96d [PATCH 7/8] sign-file: use 'struct module_signature' from the UAPI headers
  2026-03-02 · Thomas Weißschuh <hidden>
• STALE96d [PATCH 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
  2026-03-02 · Thomas Weißschuh <hidden>
• STALE82d [PATCH v2 01/10] certs: break out pkcs7 check into its own function
  2026-02-27 · Blaise Boscaccy <hidden>
• STALE172d [RFC 03/11] certs: break out pkcs7 check into its own function
  2025-12-11 · Blaise Boscaccy <hidden>
• STALE364d [PATCH RFC 1/1] module: Make use of platform keyring for module signature verify
  2025-06-02 · Vitaly Kuznetsov <vkuznets@redhat.com>
• STALE441d [RFC PATCH v3 01/13] certs: Remove CONFIG_INTEGRITY_PLATFORM_KEYRING check
  2024-10-17 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE441d [RFC PATCH v3 07/13] keys: Add ability to track intended usage of the public key
  2024-10-17 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE441d [RFC PATCH v3 02/13] certs: Introduce ability to link to a system key
  2024-10-17 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE441d [RFC PATCH v3 06/13] clavis: Populate clavis keyring acl with kernel module signature
  2024-10-17 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE718d [RFC PATCH v2 6/8] keys: Add ability to track intended usage of the public key
  2024-05-31 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE718d [RFC PATCH v2 1/8] certs: Introduce ability to link to a system key
  2024-05-31 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE794d [PATCH RFC 6/8] keys: Add ability to track intended usage of the public key
  2024-03-11 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE794d [PATCH RFC 1/8] certs: Introduce ability to link to a system key
  2024-03-11 · Eric Snowberg <eric.snowberg@oracle.com>
• STALE1027d [PATCH v4 6/6] integrity: PowerVM support for loading third party code signing keys
  2023-08-15 · Nayna Jain <nayna@linux.ibm.com>
• STALE1027d [PATCH v3 6/6] integrity: PowerVM support for loading third party code signing keys
  2023-08-13 · Nayna Jain <nayna@linux.ibm.com>
• STALE1033d [PATCH v2 6/6] integrity: PowerVM support for loading third party code signing keys
  2023-08-09 · Nayna Jain <nayna@linux.ibm.com>
• STALE1053d [RFC][PATCH v3 8/9] KEYS: Introduce load_uasym_keyring()
  2023-07-20 · Roberto Sassu <hidden>
• STALE1053d [RFC][PATCH v3 6/9] verification: Add verify_uasym_signature() and verify_uasym_sig_message()
  2023-07-20 · Roberto Sassu <hidden>
• STALE1041d [PATCH 6/6] integrity: PowerVM support for loading third party code signing keys
  2023-07-14 · Nayna Jain <nayna@linux.ibm.com>
• STALE1067d [RFC][PATCH 08/10] KEYS: Introduce load_uasym_keyring()
  2023-07-06 · Roberto Sassu <hidden>

Needs attention (review trailers in, no pickup)

Patches with review trailers that haven't landed in mainline and haven't been Acked by a maintainer. Oldest first.

• STALE95d REVIEWED: 1 (1M) [PATCH v2 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
  2026-03-05 · Thomas Weißschuh <hidden> · 1 Reviewed-by
• DORMANTno replies REVIEWED: 1 (1M) [PATCH v2 7/8] sign-file: use 'struct module_signature' from the UAPI headers
  2026-03-05 · Thomas Weißschuh <hidden> · 1 Reviewed-by
• STALE74d REVIEWED: 1 (1M) [PATCH v3 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
  2026-03-05 · Thomas Weißschuh <hidden> · 1 Reviewed-by
• STALE74d REVIEWED: 1 (1M) [PATCH v3 7/8] sign-file: use 'struct module_signature' from the UAPI headers
  2026-03-05 · Thomas Weißschuh <hidden> · 1 Reviewed-by

Quiet for 30+ days

Patches with no review trailers and no replies. Either the author is heads-down elsewhere or these slipped through. Oldest first.

• STALE172d [RFC 03/11] certs: break out pkcs7 check into its own function
  2025-12-11 · Blaise Boscaccy <hidden>
• STALE82d [PATCH v2 01/10] certs: break out pkcs7 check into its own function
  2026-02-27 · Blaise Boscaccy <hidden>
• STALE96d [PATCH 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
  2026-03-02 · Thomas Weißschuh <hidden>
• STALE96d [PATCH 7/8] sign-file: use 'struct module_signature' from the UAPI headers
  2026-03-02 · Thomas Weißschuh <hidden>
• STALE69d [PATCH v3 1/9] crypto: pkcs7: add flag for validated trust on a signed info block
  2026-03-26 · Blaise Boscaccy <hidden>