- 26 10月, 2013 9 次提交
-
-
由 Mimi Zohar 提交于
The TPM v1.2 limits the template hash size to 20 bytes. This patch differentiates between the template hash size, as defined in the ima_template_entry, and the file data hash size, as defined in the ima_template_data. Subsequent patches add support for different file data hash algorithms. Change log: - hash digest definition in ima_store_template() should be TPM_DIGEST_SIZE Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
-
由 Dmitry Kasatkin 提交于
For each inode in the IMA policy, an iint is allocated. To support larger hash digests, the iint digest size changed from 20 bytes to the maximum supported hash digest size. Instead of allocating the maximum size, which most likely is not needed, this patch dynamically allocates the needed hash storage. Changelog: - fix krealloc bug Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
For possibility to use xattr type for new signature formats, pass full xattr to the signature verification function. Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
All files on the filesystem, currently, are hashed using the same hash algorithm. In preparation for files from different packages being signed using different hash algorithms, this patch adds support for reading the signature hash algorithm from the 'security.ima' extended attribute and calculates the appropriate file data hash based on it. Changelog: - fix scripts Lindent and checkpatch msgs - Mimi - fix md5 support for older version, which occupied 20 bytes in the xattr, not the expected 16 bytes. Fix the comparison to compare only the first 16 bytes. Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
In preparation of supporting more hash algorithms with larger hash sizes needed for signature verification, this patch replaces the 20 byte sized digest, with a more flexible structure. The new structure includes the hash algorithm, digest size, and digest. Changelog: - recalculate filedata hash for the measurement list, if the signature hash digest size is greater than 20 bytes. - use generic HASH_ALGO_ - make ima_calc_file_hash static - scripts lindent and checkpatch fixes Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
This patch makes use of the newly defined common hash algorithm info, replacing, for example, PKEY_HASH with HASH_ALGO. Changelog: - Lindent fixes - Mimi CC: David Howells <dhowells@redhat.com> Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
This patch provides a single place for information about hash algorithms, such as hash sizes and kernel driver names, which will be used by IMA and the public key code. Changelog: - Fix sparse and checkpatch warnings - Move hash algo enums to uapi for userspace signing functions. Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Mimi Zohar 提交于
This reverts commit 4c2c3927. Everything in the initramfs should be measured and appraised, but until the initramfs has extended attribute support, at least measured. Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Cc: Stable Kernel <stable@kernel.org>
-
由 Dmitry Kasatkin 提交于
Fix checkpatch, lindent, etc, warnings/errors Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 23 10月, 2013 15 次提交
-
-
由 Peter Huewe 提交于
just like the other entries Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Peter Huewe 提交于
This patch changes the displayed module name from tpm_tis_i2c_infineon to its actual name tpm_i2c_infineon. Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
This is based on the work of Teddy Reed <teddy@prosauce.org> published on GitHub: https://github.com/theopolis/tpm-i2c-atmel.git 34894b988b67e0ae55088d6388e77b0dbf10c07d That driver was never merged, I have taken it as a starting port, forward ported, tested and revised the driver: - Make it broadly textually similar to the Infineon and Nuvoton I2C driver - Place everything in a format suitable for mainline inclusion - Use high level I2C functions i2c_master_send and i2c_master_recv for data xfer - Use the timeout system from the core code, by faking out a status register - Only I2C transfer the number of bytes in the reply, not a fixed message size. - checkpatch cleanups - Testing on ARM Kirkwood, with this device tree, using a AT97SC3204T-X1A180 tpm@29 { compatible = "atmel,at97sc3204t"; reg = <0x29>; }; Signed-off-by: NTeddy Reed <teddy@prosauce.org> [jgg: revised and tested] Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> [phuewe: minor whitespace changes] Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
This chip is/was also branded as a Winbond WPCT301. Originally written by Dan Morav <dmorav@nuvoton.com> and posted to LKML: https://lkml.org/lkml/2011/9/7/206 The original posting was not merged, I have taken it as a starting point, forward ported, tested and revised the driver: - Rework interrupt handling to work properly with level triggered interrupts. The old version just locked up. - Synchronize various items with Peter Huewe's Infineon driver: * Add durations/timeouts sysfs calls * Remove I2C device auto-detection * Don't fiddle with chip->release * Call tpm_dev_vendor_release in the probe error path * Use MODULE_DEVICE_TABLE for the I2C ids * Provide OF compatible strings for DT support * Use SIMPLE_DEV_PM_OPS * Use module_i2c_driver - checkpatch cleanups - Testing on ARM Kirkwood with GPIO interrupts, with this device tree: tpm@57 { compatible = "nuvoton,npct501"; reg = <0x57>; interrupt-parent = <&gpio1>; interrupts = <6 IRQ_TYPE_LEVEL_LOW>; }; Signed-off-by: NDan Morav <dmorav@nuvoton.com> [jgg: revised and tested] Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> [phuewe: minor whitespace changes, fixed module name in kconfig] Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
Now that we can have multiple .c files in the tpm module there is no reason for tpm-bios. tpm-bios exported several functions: tpm_bios_log_setup, tpm_bios_log_teardown, tpm_add_ppi, and tpm_remove_ppi. They are only used by tpm, and if tpm-bios is built then tpm will unconditionally require them. Further, tpm-bios does nothing on its own, it has no module_init function. Thus we remove the exports and merge the modules to simplify things. The Makefile conditions are changed slightly to match the code, tpm_ppi is always required if CONFIG_ACPI is set. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
-
由 Jason Gunthorpe 提交于
This is preparation for making the tpm module multi-file. kbuild does not like having a .c file with the same name as a module. We wish to keep the tpm module name so that userspace doesn't see this change. tpm-interface.c is chosen because the next several commits in the series migrate items into tpm-sysfs.c, tpm-dev.c and tpm-class.c. All that will be left is tpm command processing and interfacing code. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
-
由 Peter Huewe 提交于
before we rename the file it might be a good idea to cleanup the long persisting checkpatch warnings. Since everything is really trivial, splitting the patch up would only result in noise. For the interested reader - here the checkpatch warnings: (regrouped for easer readability) ERROR: trailing whitespace + * Specifications at www.trustedcomputinggroup.org^I $ + * $ +^I/* $ +^I parameters (RSA 12->bytes: keybit, #primes, expbit) $ WARNING: unnecessary whitespace before a quoted newline + "invalid count value %x %zx \n", count, bufsiz); ERROR: do not use assignment in if condition + if ((rc = chip->vendor.send(chip, (u8 *) buf, count)) < 0) { ERROR: space required after that ',' (ctx:VxV) + len = tpm_transmit(chip,(u8 *) cmd, len); ^ ERROR: "foo * bar" should be "foo *bar" +ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_temp_deactivated(struct device * dev, + struct device_attribute * attr, char *buf) WARNING: please, no space before tabs + * @chip_num: ^Itpm idx # or ANY$ + * @res_buf: ^ITPM_PCR value$ + * ^I^Isize of res_buf is 20 bytes (or NULL if you don't care)$ + * @chip_num: ^Itpm idx # or AN&$ + * @hash: ^Ihash value used to extend pcr value$ ERROR: code indent should use tabs where possible +^I TPM_ORD_CONTINUE_SELFTEST);$ WARNING: line over 80 characters +static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask, bool check_cancel, ERROR: trailing whitespace + * Called from tpm_<specific>.c probe function only for devices $ total: 16 errors, 7 warnings, 1554 lines checked Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
The version of the TPM should not depend on the bus it is connected through. 1.1, 1.2 and soon 2.0 TPMS will be all be able to use the same bus interfaces. Make tpm_show_caps try the 1.2 capability first. If that fails then fall back to the 1.1 capability. This effectively auto-detects what interface the TPM supports at run-time. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJoel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: NPeter Huewe <peterhuewe@gmx.de> Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
For some reason this driver thinks that chip->data_buffer needs to be set before it can call tpm_pm_*. This is not true. data_buffer is used only by /dev/tpmX, which is why it is managed exclusively by the fops functions. Cc: Mathias Leblanc <mathias.leblanc@st.com> Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJoel Schopp <jschopp@linux.vnet.ibm.com>
-
由 Jason Gunthorpe 提交于
TPM drivers should not call dev_set_drvdata (or aliases), only the core code is allowed to call dev_set_drvdata, and it does it during tpm_register_hardware. These extra sets are harmless, but are an anti-pattern that many drivers have copied. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJoel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: NPeter Huewe <peterhuewe@gmx.de> Acked-by: NAshley Lai <adlai@linux.vnet.ibm.com> Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
misc_open sets the file->private_date to the misc_dev when calling open. We can use container_of to go from the misc_dev back to the tpm_chip. Future clean ups will move tpm_open into a new file and this change means we do not have to export the tpm_chip list. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJoel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: NPeter Huewe <peterhuewe@gmx.de> Acked-by: NAshley Lai <adlai@linux.vnet.ibm.com> Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
Just put the memory directly in the chip structure, rather than in a 2nd dedicated kmalloc. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJoel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: NPeter Huewe <peterhuewe@gmx.de> Signed-off-by: NPeter Huewe <peterhuewe@gmx.de> Acked-by: NAshley Lai <adlai@linux.vnet.ibm.com>
-
由 Jason Gunthorpe 提交于
Commit e0dd03ca ("tpm: return chip from tpm_register_hardware") changed the code path here so that ateml_get_base_addr no longer directly altered the tpm_vendor_specific structure, and instead placed the base address on the stack. The commit missed updating the request_region call, which would have resulted in request_region being called with 0 as the base address. I don't know if request_region(0, ..) will fail, if so the driver has been broken since 2006 and we should remove it from the tree as it has no users. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJoel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: NPeter Huewe <peterhuewe@gmx.de> Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jason Gunthorpe 提交于
This suppresses compile warnings on 32 bit builds. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJoel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: NPeter Huewe <peterhuewe@gmx.de> Signed-off-by: NPeter Huewe <peterhuewe@gmx.de> Acked-by: NAshley Lai <adlai@linux.vnet.ibm.com>
-
由 Peter Huewe 提交于
Since I'm actively maintaining the tpm subsystem for a few months now, it's time to step up and be an official maintainer for the tpm subsystem, atleast until I hear something different from my company. The maintaining is done solely in my private time, out of private interest. Speaking only on behalf of myself, trying to be as vendor neutral as possible. Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
-
- 22 10月, 2013 1 次提交
-
-
- 27 9月, 2013 2 次提交
-
-
由 Paul Moore 提交于
The SELinux/NetLabel glue code has a locking bug that affects systems with NetLabel enabled, see the kernel error message below. This patch corrects this problem by converting the bottom half socket lock to a more conventional, and correct for this call-path, lock_sock() call. =============================== [ INFO: suspicious RCU usage. ] 3.11.0-rc3+ #19 Not tainted ------------------------------- net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 2 locks held by ping/731: #0: (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect #1: (rcu_read_lock){.+.+..}, at: [<...>] netlbl_conn_setattr stack backtrace: CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 0000000000000001 ffff88006f659d28 ffffffff81726b6a ffff88003732c500 ffff88006f659d58 ffffffff810e4457 ffff88006b845a00 0000000000000000 000000000000000c ffff880075aa2f50 ffff88006f659d90 ffffffff8169bec7 Call Trace: [<ffffffff81726b6a>] dump_stack+0x54/0x74 [<ffffffff810e4457>] lockdep_rcu_suspicious+0xe7/0x120 [<ffffffff8169bec7>] cipso_v4_sock_setattr+0x187/0x1a0 [<ffffffff8170f317>] netlbl_conn_setattr+0x187/0x190 [<ffffffff8170f195>] ? netlbl_conn_setattr+0x5/0x190 [<ffffffff8131ac9e>] selinux_netlbl_socket_connect+0xae/0xc0 [<ffffffff81303025>] selinux_socket_connect+0x135/0x170 [<ffffffff8119d127>] ? might_fault+0x57/0xb0 [<ffffffff812fb146>] security_socket_connect+0x16/0x20 [<ffffffff815d3ad3>] SYSC_connect+0x73/0x130 [<ffffffff81739a85>] ? sysret_check+0x22/0x5d [<ffffffff810e5e2d>] ? trace_hardirqs_on_caller+0xfd/0x1c0 [<ffffffff81373d4e>] ? trace_hardirqs_on_thunk+0x3a/0x3f [<ffffffff815d52be>] SyS_connect+0xe/0x10 [<ffffffff81739a59>] system_call_fastpath+0x16/0x1b Cc: stable@vger.kernel.org Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Duan Jiong 提交于
Signed-off-by: NDuan Jiong <duanj.fnst@cn.fujitsu.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 26 9月, 2013 13 次提交
-
-
由 Antonio Alecrim Jr 提交于
Signed-off-by: NAntonio Alecrim Jr <antonio.alecrim@gmail.com> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 Konstantin Khlebnikov 提交于
This patch fixes lack of license, otherwise x509_key_parser.ko taints kernel. Signed-off-by: NKonstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 Konstantin Khlebnikov 提交于
This patch fixes lack of license, otherwise mpi.ko taints kernel. Signed-off-by: NKonstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 Mimi Zohar 提交于
In order to create the integrity keyrings (eg. _evm, _ima), root's uid and session keyrings need to be initialized early. Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 Mimi Zohar 提交于
Only public keys, with certificates signed by an existing 'trusted' key on the system trusted keyring, should be added to a trusted keyring. This patch adds support for verifying a certificate's signature. This is derived from David Howells pkcs7_request_asymmetric_key() patch. Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 Mimi Zohar 提交于
Give the root user the ability to read the system keyring and put read permission on the trusted keys added during boot. The latter is actually more theoretical than real for the moment as asymmetric keys do not currently provide a read operation. Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Howells 提交于
The keyring expansion patches introduces a new search method by which key_search() attempts to walk directly to the key that has exactly the same description as the requested one. However, this causes inexact matching of asymmetric keys to fail. The solution to this is to select iterative rather than direct search as the default search type for asymmetric keys. As an example, the kernel might have a key like this: Magrathea: Glacier signing key: 6a2a0f82bad7e396665f465e4e3e1f9bd24b1226 and: keyctl search <keyring-ID> asymmetric id:d24b1226 should find the key, despite that not being its exact description. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Howells 提交于
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source or had a cryptographic signature chain that led back to a trusted key the kernel already possessed. Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to keys marked with KEY_FLAGS_TRUSTED. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org>
-
由 David Howells 提交于
Separate the kernel signature checking keyring from module signing so that it can be used by code other than the module-signing code. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Howells 提交于
Have make canonicalise the paths of the X.509 certificates before we sort them as this allows $(sort) to better remove duplicates. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Howells 提交于
Load all the files matching the pattern "*.x509" that are to be found in kernel base source dir and base build dir into the module signing keyring. The "extra_certificates" file is then redundant. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Howells 提交于
Remove the certificate date checks that are performed when a certificate is parsed. There are two checks: a valid from and a valid to. The first check is causing a lot of problems with system clocks that don't keep good time and the second places an implicit expiry date upon the kernel when used for module signing, so do we really need them? Signed-off-by: NDavid Howells <dhowells@redhat.com> cc: David Woodhouse <dwmw2@infradead.org> cc: Rusty Russell <rusty@rustcorp.com.au> cc: Josh Boyer <jwboyer@redhat.com> cc: Alexander Holler <holler@ahsoftware.de> cc: stable@vger.kernel.org
-
由 David Howells 提交于
Handle certificates that lack an authorityKeyIdentifier field by assuming they're self-signed and checking their signatures against themselves. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org> Reviewed-by: NJosh Boyer <jwboyer@redhat.com>
-