Merge tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
Pull tpm updates from Jarkko Sakkinen: "In order to split the work a bit we've aligned with David Howells more or less that I take more hardware/firmware aligned keyring patches, and he takes care more of the framework aligned patches. For TPM the patches worth of highlighting are the fixes for refcounting provided by Lino Sanfilippo and James Bottomley. Eric B. has done a bunch obvious (but important) fixes but there's one a bit controversial: removal of asym_tpm. It was added in 2018 when TPM1 was already declared as insecure and world had moved on to TPM2. I don't know how this has passed all the filters but I did not have a chance to see the patches when they were out. I simply cannot commit to maintaining this because it was from all angles just wrong to take it in the first place to the mainline kernel. Nobody should use this module really for anything. Finally, there is a new keyring '.machine' to hold MOK keys ('Machine Owner Keys'). In the mok side MokListTrustedRT UEFI variable can be set, from which kernel knows that MOK keys are kernel trusted keys and they are populated to the machine keyring. This keyring linked to the secondary trusted keyring, which means that can be used like any kernel trusted keys. This keyring of course can be used to hold other MOK'ish keys in other platforms in future" * tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (24 commits) tpm: use try_get_ops() in tpm-space.c KEYS: asymmetric: properly validate hash_algo and encoding KEYS: asymmetric: enforce that sig algo matches key algo KEYS: remove support for asym_tpm keys tpm: fix reference counting for struct tpm_chip integrity: Only use machine keyring when uefi_check_trust_mok_keys is true integrity: Trust MOK keys if MokListTrustedRT found efi/mokvar: move up init order KEYS: Introduce link restriction for machine keys KEYS: store reference to machine keyring integrity: add new keyring handler for mok keys integrity: Introduce a Linux keyring called machine integrity: Fix warning about missing prototypes KEYS: trusted: Avoid calling null function trusted_key_exit KEYS: trusted: Fix trusted key backends when building as module tpm: xen-tpmfront: Use struct_size() helper KEYS: x509: remove dead code that set ->unsupported_sig KEYS: x509: remove never-set ->unsupported_key flag KEYS: x509: remove unused fields KEYS: x509: clearly distinguish between key and signature algorithms ...
Showing
此差异已折叠。
想要评论请 注册 或 登录