Re: [PATCH v10 6/9] certs: add wrapper function to check blacklisted binary hash

[PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
[PATCH v10 1/9] powerpc: detect the secure boot mode of the system · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 1/9] powerpc: detect the secure boot mode of the system · Eric Richter <hidden> · 2019-11-05
[PATCH v10a 1/9] powerpc: detect the secure boot mode of the system · Eric Richter <hidden> · 2019-11-05
Re: [PATCH v10a 1/9] powerpc: detect the secure boot mode of the system · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 4/9] powerpc/ima: define trusted boot policy · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 4/9] powerpc/ima: define trusted boot policy · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 6/9] certs: add wrapper function to check blacklisted binary hash · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 6/9] certs: add wrapper function to check blacklisted binary hash · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 7/9] ima: check against blacklisted hashes for files with modsig · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 7/9] ima: check against blacklisted hashes for files with modsig · Michael Ellerman <hidden> · 2019-11-14
[RFC PATCH v10 9/9] powerpc/ima: indicate kernel modules appended signatures are enforced · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [RFC PATCH v10 9/9] powerpc/ima: indicate kernel modules appended signatures are enforced · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 8/9] powerpc/ima: update ima arch policy to check for blacklist · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 8/9] powerpc/ima: update ima arch policy to check for blacklist · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 3/9] powerpc: detect the trusted boot state of the system · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
[PATCH v10a 3/9] powerpc: detect the trusted boot state of the system · Eric Richter <hidden> · 2019-11-05
Re: [PATCH v10a 3/9] powerpc: detect the trusted boot state of the system · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 2/9] powerpc/ima: add support to initialize ima policy rules · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 2/9] powerpc/ima: add support to initialize ima policy rules · Michael Ellerman <hidden> · 2019-11-14
[PATCH v10 5/9] ima: make process_buffer_measurement() generic · Mimi Zohar <zohar@linux.ibm.com> · 2019-10-31
Re: [PATCH v10 5/9] ima: make process_buffer_measurement() generic · Lakshmi Ramasubramanian <hidden> · 2019-10-31
Re: [PATCH v10 5/9] ima: make process_buffer_measurement() generic · Lakshmi Ramasubramanian <hidden> · 2019-10-31
Re: [PATCH v10 5/9] ima: make process_buffer_measurement() generic · Michael Ellerman <hidden> · 2019-11-14
Re: [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies · Lakshmi Ramasubramanian <hidden> · 2019-12-09
Re: [PATCH v10 0/9] powerpc: Enabling IMA arch specific secure boot policies · Mimi Zohar <zohar@linux.ibm.com> · 2019-12-09

From: Michael Ellerman <hidden>
Date: 2019-11-14 09:09:21
Also in: linux-efi, linux-integrity, lkml

On Thu, 2019-10-31 at 03:31:31 UTC, Mimi Zohar wrote:

From: Nayna Jain <nayna@linux.ibm.com>

The -EKEYREJECTED error returned by existing is_hash_blacklisted() is
misleading when called for checking against blacklisted hash of a
binary.

This patch adds a wrapper function is_binary_blacklisted() to return
-EPERM error if binary is blacklisted.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/2434f7d2d488c3301ae81f1031e1c66c6f076fb7

cheers

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help