)]}' { "log": [ { "commit": "62226983da070f7e51068ec2e3a4da34672964c7", "tree": "04a0e1bc11282cc966f7c7c0521fa1e0f70b8956", "parents": [ "7cfe5b3310a1b45f385ff18647bddb487a6c5525" ], "author": { "name": "Hendrik Brueckner", "email": "brueckner@linux.vnet.ibm.com", "time": "Thu Dec 05 14:48:22 2013 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 10 18:25:28 2013 +0000" }, "message": "KEYS: correct alignment of system_certificate_list content in assembly file\n\nApart from data-type specific alignment constraints, there are also\narchitecture-specific alignment requirements.\nFor example, on s390 symbols must be on even addresses implying a 2-byte\nalignment. If the system_certificate_list_end symbol is on an odd address\nand if this address is loaded, the least-significant bit is ignored. As a\nresult, the load_system_certificate_list() fails to load the certificates\nbecause of a wrong certificate length calculation.\n\nTo be safe, align system_certificate_list on an 8-byte boundary. Also improve\nthe length calculation of the system_certificate_list content. Introduce a\nsystem_certificate_list_size (8-byte aligned because of unsigned long) variable\nthat stores the length. Let the linker calculate this size by introducing\na start and end label for the certificate content.\n\nSigned-off-by: Hendrik Brueckner \u003cbrueckner@linux.vnet.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "af34cb0c3d16b46d88b661692b885d1d998a8ecb", "tree": "b6bf8abd1c4c052952a8230c9edb00a66ecf8aec", "parents": [ "cd0421dcd0230d3e402ae9c6d012610132c3f078" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Aug 20 14:36:26 2013 -0400" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 25 17:17:01 2013 +0100" }, "message": "KEYS: Make the system \u0027trusted\u0027 keyring viewable by userspace\n\nGive the root user the ability to read the system keyring and put read\npermission on the trusted keys added during boot. The latter is actually more\ntheoretical than real for the moment as asymmetric keys do not currently\nprovide a read operation.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "008643b86c5f33c115c84ccdda1725cac3ad50ad", "tree": "951ea0d3d7b84ce3570da17f03f45a53f3e4b35d", "parents": [ "b56e5a17b6b9acd16997960504b9940d0d7984e7" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Aug 30 16:07:37 2013 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 25 17:17:01 2013 +0100" }, "message": "KEYS: Add a \u0027trusted\u0027 flag and a \u0027trusted only\u0027 flag\n\nAdd KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source\nor had a cryptographic signature chain that led back to a trusted key the\nkernel already possessed.\n\nAdd KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to\nkeys marked with KEY_FLAGS_TRUSTED.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: Kees Cook \u003ckeescook@chromium.org\u003e\n" }, { "commit": "b56e5a17b6b9acd16997960504b9940d0d7984e7", "tree": "3041aadaf0eb3e79c0a5d1e7f9715489340f868a", "parents": [ "0fbd39cf7ffe3b6a787b66b672d21b84e4675352" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Aug 30 16:07:30 2013 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 25 17:17:01 2013 +0100" }, "message": "KEYS: Separate the kernel signature checking keyring from module signing\n\nSeparate the kernel signature checking keyring from module signing so that it\ncan be used by code other than the module-signing code.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" } ] }