From 8a052bf240d0b95d9c255ca9291a0669e5e28ac5 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Fri, 20 May 2016 11:23:45 -0700 Subject: Linux v4.6-6148-g03b979d - Docs, i2c, md, iommu, sound, pci, pinctrl, dmaengine, kvm, security merges --- ...-EFI-signature-blob-parser-and-key-loader.patch | 29 +++++++++++----------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'Add-an-EFI-signature-blob-parser-and-key-loader.patch') diff --git a/Add-an-EFI-signature-blob-parser-and-key-loader.patch b/Add-an-EFI-signature-blob-parser-and-key-loader.patch index 86a285581..78f482b39 100644 --- a/Add-an-EFI-signature-blob-parser-and-key-loader.patch +++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch @@ -1,4 +1,4 @@ -From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001 +From 8cd53548ce7b88b08cc6345c8fca7d28d1f3a7f2 Mon Sep 17 00:00:00 2001 From: Dave Howells Date: Tue, 23 Oct 2012 09:36:28 -0400 Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader. @@ -6,20 +6,21 @@ Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader. X.509 certificates are loaded into the specified keyring as asymmetric type keys. +[labbott@fedoraproject.org: Drop KEY_ALLOC_TRUSTED] Signed-off-by: David Howells --- crypto/asymmetric_keys/Kconfig | 8 +++ crypto/asymmetric_keys/Makefile | 1 + - crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++ + crypto/asymmetric_keys/efi_parser.c | 108 ++++++++++++++++++++++++++++++++++++ include/linux/efi.h | 4 ++ - 4 files changed, 122 insertions(+) + 4 files changed, 121 insertions(+) create mode 100644 crypto/asymmetric_keys/efi_parser.c diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig -index 4870f28403f5..4a1b50d73b80 100644 +index e28e912..94024e8 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig -@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION +@@ -60,4 +60,12 @@ config SIGNED_PE_FILE_VERIFICATION This option provides support for verifying the signature(s) on a signed PE binary. @@ -33,10 +34,11 @@ index 4870f28403f5..4a1b50d73b80 100644 + endif # ASYMMETRIC_KEY_TYPE diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile -index cd1406f9b14a..d9db380bbe53 100644 +index 6516855..c099fe1 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile -@@ -7,5 +7,6 @@ asymmetric_keys-y := asymmetric_type.o signature.o +@@ -10,6 +10,7 @@ asymmetric_keys-y := \ + signature.o obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o @@ -45,10 +47,10 @@ index cd1406f9b14a..d9db380bbe53 100644 # X.509 Certificate handling diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c new file mode 100644 -index 000000000000..424896a0b169 +index 0000000..636feb1 --- /dev/null +++ b/crypto/asymmetric_keys/efi_parser.c -@@ -0,0 +1,109 @@ +@@ -0,0 +1,108 @@ +/* EFI signature/key/certificate list parser + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. @@ -139,8 +141,7 @@ index 000000000000..424896a0b169 + esize - sizeof(*elem), + (KEY_POS_ALL & ~KEY_POS_SETATTR) | + KEY_USR_VIEW, -+ KEY_ALLOC_NOT_IN_QUOTA | -+ KEY_ALLOC_TRUSTED); ++ KEY_ALLOC_NOT_IN_QUOTA); + + if (IS_ERR(key)) + pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", @@ -159,10 +160,10 @@ index 000000000000..424896a0b169 + return 0; +} diff --git a/include/linux/efi.h b/include/linux/efi.h -index fac43c611614..414c3c3d988d 100644 +index b80227a..18443e3 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -941,6 +941,10 @@ extern bool efi_poweroff_required(void); +@@ -1050,6 +1050,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm, char * __init efi_md_typeattr_format(char *buf, size_t size, const efi_memory_desc_t *md); @@ -174,5 +175,5 @@ index fac43c611614..414c3c3d988d 100644 * efi_range_is_wc - check the WC bit on an address range * @start: starting kvirt address -- -2.4.3 +2.5.5 -- cgit