shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-11 13:27:06 +09:00
Code Issues Packages Projects Releases Wiki Activity
996,830 Commits 55 Branches 2,486 Tags
60c8eb38c1b75e83194a07ec7acfe85852fcc0d8
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Mimi Zohar 60c8eb38c1 Merge branch 'ima-module-signing-v4' into next-integrity 
From the series cover letter:

Kernel modules are currently only signed when CONFIG_MODULE_SIG is enabled.
The kernel module signing key is a self-signed CA only loaded onto the
.builtin_trusted_key keyring.  On secure boot enabled systems with an arch
specific IMA policy enabled, but without MODULE_SIG enabled, kernel modules
are not signed, nor is the kernel module signing public key loaded onto the
IMA keyring.

In order to load the the kernel module signing key onto the IMA trusted
keyring ('.ima'), the certificate needs to be signed by a CA key either on
the builtin or secondary keyrings. The original version of this patch set
created and loaded a kernel-CA key onto the builtin keyring. The kernel-CA
key signed the kernel module signing key, allowing it to be loaded onto the
IMA trusted keyring.

However, missing from this version was support for the kernel-CA to sign the
hardware token certificate. Adding that support would add additional
complexity.

Since the kernel module signing key is embedded into the Linux kernel at
build time, instead of creating and loading a kernel-CA onto the builtin
trusted keyring, this version makes an exception and allows the
self-signed kernel module signing key to be loaded directly onto the
trusted IMA keyring.
2021-04-09 10:55:05 -04:00
arch
Merge tag 'irq-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-03-14 13:33:33 -07:00
block
block: Discard page cache of zone reset target range
2021-03-11 11:49:25 -07:00
certs
ima: enable loading of build time generated key on .ima keyring
2021-04-09 10:40:20 -04:00
crypto
crypto: mips/poly1305 - enable for all MIPS processors
2021-03-08 11:52:17 +01:00
Documentation
Merge tag 'irq-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-03-14 13:33:33 -07:00
drivers
Merge tag 'irq-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-03-14 13:33:33 -07:00
fs
Merge branch 'akpm' (patches from Andrew)
2021-03-14 12:23:34 -07:00
include
ima: enable loading of build time generated key on .ima keyring
2021-04-09 10:40:20 -04:00
init
ima: enable signing of modules with build time generated key
2021-04-09 10:40:20 -04:00
ipc
fs: make helpers idmap mount aware
2021-01-24 14:27:20 +01:00
kernel
prctl: fix PR_SET_MM_AUXV kernel stack leak
2021-03-14 14:33:27 -07:00
lib
kasan: fix KASAN_STACK dependency for HW_TAGS
2021-03-13 11:27:31 -08:00
LICENSES
LICENSES: Add the CC-BY-4.0 license
2020-12-08 10:33:27 -07:00
mm
Merge branch 'akpm' (patches from Andrew)
2021-03-14 12:23:34 -07:00
net
Merge tag 'nfs-for-5.12-2' of git://git.linux-nfs.org/projects/anna/linux-nfs
2021-03-12 14:19:35 -08:00
samples
Merge git://git.kernel.org:/pub/scm/linux/kernel/git/netdev/net
2021-03-09 17:15:56 -08:00
scripts
kbuild: fix ld-version.sh to not be affected by locale
2021-03-13 11:12:13 +09:00
security
ima: enable loading of build time generated key on .ima keyring
2021-04-09 10:40:20 -04:00
sound
ALSA: hda/hdmi: Cancel pending works before suspend
2021-03-10 12:52:01 +01:00
tools
Merge tag 'objtool-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-03-14 13:15:55 -07:00
usr
Merge tag 'kbuild-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2021-02-25 10:17:31 -08:00
virt
KVM: x86/mmu: Consider the hva in mmu_notifier retry
2021-02-22 13:16:53 -05:00
.clang-format
Merge tag 'cxl-for-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2021-02-24 09:38:36 -08:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
2019-12-04 19:44:11 -08:00
.gitignore
Merge tag 'clang-lto-v5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2021-02-23 09:28:51 -08:00
.mailmap
treewide: Miguel has moved
2021-02-26 09:41:03 -08:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
treewide: Miguel has moved
2021-02-26 09:41:03 -08:00
Kbuild
kbuild: rename hostprogs-y/always to hostprogs/always-y
2020-02-04 01:53:07 +09:00
Kconfig
kbuild: ensure full rebuild when the compiler is updated
2020-05-12 13:28:33 +09:00
MAINTAINERS
Merge branch 'akpm' (patches from Andrew)
2021-03-14 12:23:34 -07:00
Makefile
keys: cleanup build time module signing keys
2021-04-09 10:40:15 -04:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 7.9 GiB
Languages
C 97.7%
Assembly 1.6%
Makefile 0.3%
Perl 0.1%