History log of /linux/security/integrity/Kconfig (Results 101 – 125 of 274)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# eceb995e 20-May-2019 Mark Brown <broonie@kernel.org>

Merge tag 'v5.2-rc1' into spi-5.3

Linux 5.2-rc1


# 96d82e9d 20-May-2019 Mark Brown <broonie@kernel.org>

Merge tag 'v5.2-rc1' into regulator-5.3

Linux 5.2-rc1


# 1c7c3237 20-May-2019 Mark Brown <broonie@kernel.org>

Merge tag 'v5.2-rc1' into asoc-5.3

Linux 5.2-rc1


# 2a267e7c 10-May-2019 Dmitry Torokhov <dmitry.torokhov@gmail.com>

Merge tag 'v5.1' into next

Sync up with mainline to bring in the latest APIs.


# 82045dd8 13-May-2019 Ingo Molnar <mingo@kernel.org>

Merge branch 'linus' into core/urgent, to merge in dependent changes

Signed-off-by: Ingo Molnar <mingo@kernel.org>


# 14be4c61 07-May-2019 Linus Torvalds <torvalds@linux-foundation.org>

Merge tag 's390-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 updates from Martin Schwidefsky:

- Support for kernel address space layout randomization

- Add suppor

Merge tag 's390-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 updates from Martin Schwidefsky:

- Support for kernel address space layout randomization

- Add support for kernel image signature verification

- Convert s390 to the generic get_user_pages_fast code

- Convert s390 to the stack unwind API analog to x86

- Add support for CPU directed interrupts for PCI devices

- Provide support for MIO instructions to the PCI base layer, this will
allow the use of direct PCI mappings in user space code

- Add the basic KVM guest ultravisor interface for protected VMs

- Add AT_HWCAP bits for several new hardware capabilities

- Update the CPU measurement facility counter definitions to SVN 6

- Arnds cleanup patches for his quest to get LLVM compiles working

- A vfio-ccw update with bug fixes and support for halt and clear

- Improvements for the hardware TRNG code

- Another round of cleanup for the QDIO layer

- Numerous cleanups and bug fixes

* tag 's390-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (98 commits)
s390/vdso: drop unnecessary cc-ldoption
s390: fix clang -Wpointer-sign warnigns in boot code
s390: drop CONFIG_VIRT_TO_BUS
s390: boot, purgatory: pass $(CLANG_FLAGS) where needed
s390: only build for new CPUs with clang
s390: simplify disabled_wait
s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR
s390/unwind: introduce stack unwind API
s390/opcodes: add missing instructions to the disassembler
s390/bug: add entry size to the __bug_table section
s390: use proper expoline sections for .dma code
s390/nospec: rename assembler generated expoline thunks
s390: add missing ENDPROC statements to assembler functions
locking/lockdep: check for freed initmem in static_obj()
s390/kernel: add support for kernel address space layout randomization (KASLR)
s390/kernel: introduce .dma sections
s390/sclp: do not use static sccbs
s390/kprobes: use static buffer for insn_page
s390/kernel: convert SYSCALL and PGM_CHECK handlers to .quad
s390/kernel: build a relocatable kernel
...

show more ...


Revision tags: v5.1, v5.1-rc7, v5.1-rc6, v5.1-rc5, v5.1-rc4, v5.1-rc3, v5.1-rc2, v5.1-rc1, v5.0, v5.0-rc8
# 9641b8cc 21-Feb-2019 Martin Schwidefsky <schwidefsky@de.ibm.com>

s390/ipl: read IPL report at early boot

Read the IPL Report block provided by secure-boot, add the entries
of the certificate list to the system key ring and print the list
of components.

PR: Adjus

s390/ipl: read IPL report at early boot

Read the IPL Report block provided by secure-boot, add the entries
of the certificate list to the system key ring and print the list
of components.

PR: Adjust to Vasilys bootdata_preserved patch set. Preserve ipl_cert_list
for later use in kexec_file.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

show more ...


# 95d002e0 16-Apr-2019 Zhenyu Wang <zhenyuw@linux.intel.com>

Merge tag 'drm-intel-next-2019-04-04' into gvt-next

Merge back drm-intel-next for engine name definition refinement
and 54939ea0bd85 ("drm/i915: Switch to use HWS indices rather than addresses")
tha

Merge tag 'drm-intel-next-2019-04-04' into gvt-next

Merge back drm-intel-next for engine name definition refinement
and 54939ea0bd85 ("drm/i915: Switch to use HWS indices rather than addresses")
that would need gvt fixes to depend on.

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>

show more ...


Revision tags: v5.0-rc7, v5.0-rc6
# 82ffd045 07-Feb-2019 Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next

Linux 5.0-rc5

Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to
prepare a

Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next

Linux 5.0-rc5

Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to
prepare a base for fbdev-v5.1 changes.

show more ...


Revision tags: v5.0-rc5, v5.0-rc4, v5.0-rc3, v5.0-rc2
# 23d19ba0 11-Jan-2019 Maxime Ripard <maxime.ripard@bootlin.com>

Merge drm/drm-next into drm-misc-next

drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage
helper for dirtyfb series from Noralf Trønnes.

Signed-off-by: Maxime Ripard <maxime.

Merge drm/drm-next into drm-misc-next

drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage
helper for dirtyfb series from Noralf Trønnes.

Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>

show more ...


# 49e41801 10-Jan-2019 James Morris <james.morris@microsoft.com>

Merge tag 'v5.0-rc1' into next-general

Linux 5.0-rc1

Sync to pick up LSM stacking work (which is based on -rc1).


# 3eb0930a 08-Jan-2019 Jani Nikula <jani.nikula@intel.com>

Merge drm/drm-next into drm-intel-next-queued

Generally catch up with 5.0-rc1, and specifically get the changes:

96d4f267e40f ("Remove 'type' argument from access_ok() function")
0b2c8f8b6b0c ("i91

Merge drm/drm-next into drm-intel-next-queued

Generally catch up with 5.0-rc1, and specifically get the changes:

96d4f267e40f ("Remove 'type' argument from access_ok() function")
0b2c8f8b6b0c ("i915: fix missing user_access_end() in page fault exception case")
594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")

Signed-off-by: Jani Nikula <jani.nikula@intel.com>

show more ...


Revision tags: v5.0-rc1
# d538d94f 04-Jan-2019 Michael Ellerman <mpe@ellerman.id.au>

Merge branch 'master' into fixes

We have a fix to apply on top of commit 96d4f267e40f ("Remove 'type'
argument from access_ok() function"), so merge master to get it.


# f218a29c 02-Jan-2019 Linus Torvalds <torvalds@linux-foundation.org>

Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull integrity updates from James Morris:
"In Linux 4.19, a new LSM hook named security_kernel_

Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull integrity updates from James Morris:
"In Linux 4.19, a new LSM hook named security_kernel_load_data was
upstreamed, allowing LSMs and IMA to prevent the kexec_load syscall.
Different signature verification methods exist for verifying the
kexec'ed kernel image. This adds additional support in IMA to prevent
loading unsigned kernel images via the kexec_load syscall,
independently of the IMA policy rules, based on the runtime "secure
boot" flag. An initial IMA kselftest is included.

In addition, this pull request defines a new, separate keyring named
".platform" for storing the preboot/firmware keys needed for verifying
the kexec'ed kernel image's signature and includes the associated IMA
kexec usage of the ".platform" keyring.

(David Howell's and Josh Boyer's patches for reading the
preboot/firmware keys, which were previously posted for a different
use case scenario, are included here)"

* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
integrity: Remove references to module keyring
ima: Use inode_is_open_for_write
ima: Support platform keyring for kernel appraisal
efi: Allow the "db" UEFI variable to be suppressed
efi: Import certificates from UEFI Secure Boot
efi: Add an EFI signature blob parser
efi: Add EFI signature data types
integrity: Load certs to the platform keyring
integrity: Define a trusted platform keyring
selftests/ima: kexec_load syscall test
ima: don't measure/appraise files on efivarfs
x86/ima: retry detecting secure boot mode
docs: Extend trusted keys documentation for TPM 2.0
x86/ima: define arch_get_ima_policy() for x86
ima: add support for arch specific policies
ima: refactor ima_init_policy()
ima: prevent kexec_load syscall based on runtime secureboot flag
x86/ima: define arch_ima_get_secureboot
integrity: support new struct public_key_signature encoding field

show more ...


# 769e4709 29-Dec-2018 Linus Torvalds <torvalds@linux-foundation.org>

Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kconfig updates from Masahiro Yamada:

- support -y option for merge_config.sh to avoid downgr

Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kconfig updates from Masahiro Yamada:

- support -y option for merge_config.sh to avoid downgrading =y to =m

- remove S_OTHER symbol type, and touch include/config/*.h files correctly

- fix file name and line number in lexer warnings

- fix memory leak when EOF is encountered in quotation

- resolve all shift/reduce conflicts of the parser

- warn no new line at end of file

- make 'source' statement more strict to take only string literal

- rewrite the lexer and remove the keyword lookup table

- convert to SPDX License Identifier

- compile C files independently instead of including them from zconf.y

- fix various warnings of gconfig

- misc cleanups

* tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (39 commits)
kconfig: surround dbg_sym_flags with #ifdef DEBUG to fix gconf warning
kconfig: split images.c out of qconf.cc/gconf.c to fix gconf warnings
kconfig: add static qualifiers to fix gconf warnings
kconfig: split the lexer out of zconf.y
kconfig: split some C files out of zconf.y
kconfig: convert to SPDX License Identifier
kconfig: remove keyword lookup table entirely
kconfig: update current_pos in the second lexer
kconfig: switch to ASSIGN_VAL state in the second lexer
kconfig: stop associating kconf_id with yylval
kconfig: refactor end token rules
kconfig: stop supporting '.' and '/' in unquoted words
treewide: surround Kconfig file paths with double quotes
microblaze: surround string default in Kconfig with double quotes
kconfig: use T_WORD instead of T_VARIABLE for variables
kconfig: use specific tokens instead of T_ASSIGN for assignments
kconfig: refactor scanning and parsing "option" properties
kconfig: use distinct tokens for type and default properties
kconfig: remove redundant token defines
kconfig: rename depends_list to comment_option_list
...

show more ...


Revision tags: v4.20, v4.20-rc7
# 8636a1f9 11-Dec-2018 Masahiro Yamada <yamada.masahiro@socionext.com>

treewide: surround Kconfig file paths with double quotes

The Kconfig lexer supports special characters such as '.' and '/' in
the parameter context. In my understanding, the reason is just to
suppor

treewide: surround Kconfig file paths with double quotes

The Kconfig lexer supports special characters such as '.' and '/' in
the parameter context. In my understanding, the reason is just to
support bare file paths in the source statement.

I do not see a good reason to complicate Kconfig for the room of
ambiguity.

The majority of code already surrounds file paths with double quotes,
and it makes sense since file paths are constant string literals.

Make it treewide consistent now.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Ingo Molnar <mingo@kernel.org>

show more ...


# 5580b4a1 17-Dec-2018 James Morris <james.morris@microsoft.com>

Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity

From Mimi:

In Linux 4.19, a new LSM hook named security_kernel_load_data was

Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity

From Mimi:

In Linux 4.19, a new LSM hook named security_kernel_load_data was
upstreamed, allowing LSMs and IMA to prevent the kexec_load
syscall.  Different signature verification methods exist for verifying
the kexec'ed kernel image.  This pull request adds additional support
in IMA to prevent loading unsigned kernel images via the kexec_load
syscall, independently of the IMA policy rules, based on the runtime
"secure boot" flag.  An initial IMA kselftest is included.

In addition, this pull request defines a new, separate keyring named
".platform" for storing the preboot/firmware keys needed for verifying
the kexec'ed kernel image's signature and includes the associated IMA
kexec usage of the ".platform" keyring.

(David Howell's and Josh Boyer's patches for reading the
preboot/firmware keys, which were previously posted for a different
use case scenario, are included here.)

show more ...


Revision tags: v4.20-rc6
# 9dc92c45 08-Dec-2018 Nayna Jain <nayna@linux.ibm.com>

integrity: Define a trusted platform keyring

On secure boot enabled systems, a verified kernel may need to kexec
additional kernels. For example, it may be used as a bootloader needing
to kexec a ta

integrity: Define a trusted platform keyring

On secure boot enabled systems, a verified kernel may need to kexec
additional kernels. For example, it may be used as a bootloader needing
to kexec a target kernel or it may need to kexec a crashdump kernel. In
such cases, it may want to verify the signature of the next kernel
image.

It is further possible that the kernel image is signed with third party
keys which are stored as platform or firmware keys in the 'db' variable.
The kernel, however, can not directly verify these platform keys, and an
administrator may therefore not want to trust them for arbitrary usage.
In order to differentiate platform keys from other keys and provide the
necessary separation of trust, the kernel needs an additional keyring to
store platform keys.

This patch creates the new keyring called ".platform" to isolate keys
provided by platform from keys by kernel. These keys are used to
facilitate signature verification during kexec. Since the scope of this
keyring is only the platform/firmware keys, it cannot be updated from
userspace.

This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

show more ...


Revision tags: v4.20-rc5, v4.20-rc4, v4.20-rc3, v4.20-rc2, v4.20-rc1, v4.19, v4.19-rc8, v4.19-rc7, v4.19-rc6, v4.19-rc5, v4.19-rc4, v4.19-rc3, v4.19-rc2, v4.19-rc1, v4.18, v4.18-rc8, v4.18-rc7, v4.18-rc6, v4.18-rc5, v4.18-rc4, v4.18-rc3, v4.18-rc2, v4.18-rc1, v4.17, v4.17-rc7, v4.17-rc6, v4.17-rc5, v4.17-rc4, v4.17-rc3, v4.17-rc2, v4.17-rc1, v4.16, v4.16-rc7, v4.16-rc6, v4.16-rc5, v4.16-rc4, v4.16-rc3, v4.16-rc2, v4.16-rc1, v4.15, v4.15-rc9, v4.15-rc8, v4.15-rc7, v4.15-rc6, v4.15-rc5, v4.15-rc4, v4.15-rc3, v4.15-rc2, v4.15-rc1, v4.14, v4.14-rc8, v4.14-rc7, v4.14-rc6, v4.14-rc5, v4.14-rc4, v4.14-rc3, v4.14-rc2, v4.14-rc1, v4.13, v4.13-rc7, v4.13-rc6, v4.13-rc5, v4.13-rc4, v4.13-rc3, v4.13-rc2, v4.13-rc1, v4.12, v4.12-rc7, v4.12-rc6, v4.12-rc5, v4.12-rc4, v4.12-rc3, v4.12-rc2, v4.12-rc1, v4.11, v4.11-rc8, v4.11-rc7, v4.11-rc6, v4.11-rc5, v4.11-rc4, v4.11-rc3, v4.11-rc2, v4.11-rc1, v4.10, v4.10-rc8, v4.10-rc7, v4.10-rc6, v4.10-rc5, v4.10-rc4, v4.10-rc3, v4.10-rc2, v4.10-rc1
# f26e8817 16-Dec-2016 Dmitry Torokhov <dmitry.torokhov@gmail.com>

Merge branch 'next' into for-linus

Prepare input updates for 4.10 merge window.


Revision tags: v4.9, v4.9-rc8, v4.9-rc7, v4.9-rc6, v4.9-rc5, v4.9-rc4, v4.9-rc3, v4.9-rc2, v4.9-rc1
# 4a7126a2 14-Oct-2016 Dmitry Torokhov <dmitry.torokhov@gmail.com>

Merge tag 'v4.8' into next

Sync up with mainline to bring in I2C host notify changes and other
updates.


Revision tags: v4.8, v4.8-rc8, v4.8-rc7, v4.8-rc6, v4.8-rc5, v4.8-rc4, v4.8-rc3, v4.8-rc2, v4.8-rc1
# e82a82c1 28-Jul-2016 Jiri Kosina <jkosina@suse.cz>

Merge branches 'for-4.8/alps', 'for-4.8/apple', 'for-4.8/i2c-hid', 'for-4.8/uhid-offload-hid-device-add' and 'for-4.8/upstream' into for-linus


Revision tags: v4.7
# 8c57a5e7 19-Jul-2016 Dmitry Torokhov <dmitry.torokhov@gmail.com>

Merge branch 'for-linus' into next

Sync up to bring in wacom_w8001 changes to avoid merge conflicts later.


Revision tags: v4.7-rc7
# 946e0f6f 08-Jul-2016 Ingo Molnar <mingo@kernel.org>

Merge tag 'v4.7-rc6' into x86/mm, to merge fixes before applying new changes

Signed-off-by: Ingo Molnar <mingo@kernel.org>


# b6d90158 07-Jul-2016 Rafael J. Wysocki <rafael.j.wysocki@intel.com>

Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-debug-fixes'

* acpica-fixes:
ACPICA: Namespace: Fix namespace/interpreter lock ordering

* acpi-pci-fixes:
ACPI,PCI,IRQ: separate ISA pe

Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-debug-fixes'

* acpica-fixes:
ACPICA: Namespace: Fix namespace/interpreter lock ordering

* acpi-pci-fixes:
ACPI,PCI,IRQ: separate ISA penalty calculation
Revert "ACPI, PCI, IRQ: remove redundant code in acpi_irq_penalty_init()"
ACPI,PCI,IRQ: factor in PCI possible

* acpi-debug-fixes:
ACPI / debugger: Fix regression introduced by IS_ERR_VALUE() removal

show more ...


# ea1a25c3 06-Jul-2016 James Bottomley <James.Bottomley@HansenPartnership.com>

Merge branch 'jejb-fixes' into fixes


1234567891011