superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Linux kernel source tree
662,696 Commits
1 Branch
911 Tags
8.2 GiB
C 97.1%
Assembly 1%
Shell 0.6%
Rust 0.4%
Python 0.4%
Other 0.3%
 
 
 
 
 
 
Go to file
David Howells 734114f878 KEYS: Add a system blacklist keyring 
Add the following:

 (1) A new system keyring that is used to store information about
     blacklisted certificates and signatures.

 (2) A new key type (called 'blacklist') that is used to store a
     blacklisted hash in its description as a hex string.  The key accepts
     no payload.

 (3) The ability to configure a list of blacklisted hashes into the kernel
     at build time.  This is done by setting
     CONFIG_SYSTEM_BLACKLIST_HASH_LIST to the filename of a list of hashes
     that are in the form:

	"<hash>", "<hash>", ..., "<hash>"

     where each <hash> is a hex string representation of the hash and must
     include all necessary leading zeros to pad the hash to the right size.

The above are enabled with CONFIG_SYSTEM_BLACKLIST_KEYRING.

Once the kernel is booted, the blacklist keyring can be listed:

	root@andromeda ~]# keyctl show %:.blacklist
	Keyring
	 723359729 ---lswrv      0     0  keyring: .blacklist
	 676257228 ---lswrv      0     0   \_ blacklist: 123412341234c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46

The blacklist cannot currently be modified by userspace, but it will be
possible to load it, for example, from the UEFI blacklist database.

A later commit will make it possible to load blacklisted asymmetric keys in
here too.

Signed-off-by: David Howells <dhowells@redhat.com>
 		2017-04-03 16:07:24 +01:00
Documentation Char/Misc driver fixes for 4.11-rc4 2017-03-26 11:15:54 -07:00
arch powerpc fixes for 4.11 #6 2017-03-26 10:34:10 -07:00
block blk-mq: don't complete un-started request in timeout handler 2017-03-22 08:03:35 -06:00
certs KEYS: Add a system blacklist keyring 2017-04-03 16:07:24 +01:00
crypto net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
drivers Char/Misc driver fixes for 4.11-rc4 2017-03-26 11:15:54 -07:00
firmware WHENCE: use https://linuxtv.org for LinuxTV URLs 2015-12-04 10:35:11 -02:00
fs driver core fix for 4.11-rc4 2017-03-26 11:05:42 -07:00
include KEYS: Add a system blacklist keyring 2017-04-03 16:07:24 +01:00
init Change get_random_{int,log} to use the CRNG used by /dev/urandom and 2017-03-11 09:08:47 -08:00
ipc Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
kernel LSM: Revive security_task_alloc() hook and per "struct task_struct" security blob. 2017-03-28 11:05:14 +11:00
lib mm: convert generic code to 5-level paging 2017-03-09 11:48:47 -08:00
mm mm, swap: Remove WARN_ON_ONCE() in free_swap_slot() 2017-03-21 14:13:19 -07:00
net A fix for a writeback deadlock caused by a GFP_KERNEL allocation on the 2017-03-24 14:35:39 -07:00
samples Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
scripts Merge branch 'akpm' (patches from Andrew) 2017-03-10 08:34:42 -08:00
security security, keys: convert key_user.usage from atomic_t to refcount_t 2017-04-03 10:49:06 +10:00
sound ALSA: hda - Adding a group of pin definition to fix headset problem 2017-03-23 09:39:55 +01:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-03-23 11:29:49 -07:00
usr kbuild: initramfs cleanup, set target from Kconfig 2017-01-05 09:40:16 -08:00
virt KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled 2017-03-07 15:44:08 +00:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-08-02 16:48:52 -04:00
.mailmap mailmap: add codeaurora.org names for nameless email commits 2017-01-10 18:31:55 -08:00
COPYING
CREDITS MAINTAINERS: Remove old e-mail address 2017-02-13 12:24:56 -05:00
Kbuild scripts/gdb: provide linux constants 2016-05-23 17:04:14 -07:00
Kconfig
MAINTAINERS enic: update enic maintainers 2017-03-22 12:48:55 -07:00
Makefile Linux 4.11-rc4 2017-03-26 14:15:16 -07:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.