Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp360213ybe; Wed, 4 Sep 2019 22:00:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqxohoSAGykK7U3V9PtU/eUWdTqEmvDccOkfRWyoZkxNriS5GqJfcggNFyn2Oe1qUUVUJ8Zg X-Received: by 2002:a17:90a:9486:: with SMTP id s6mr1885869pjo.0.1567659630660; Wed, 04 Sep 2019 22:00:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567659630; cv=none; d=google.com; s=arc-20160816; b=Q/p84AXey2oPYImB8Fkl1IOa4WuMu8craxF8k892V1A5HUIb7hWP23bLZaWALdVxDk fYozDJuPtMV3iXWdbaUWWMgA+PSM0wIf6Lk7csPcPrPwiKKsjN2zxA9vlYVXDE+kp9rH l7Dv67EOxkPABSVPPyYbdk30QrLu5+HtYZUGCWD48tKWnzWfE/Nx5euLBq16hZZBE24V Zb8ysolHs+FNFJqWWUyuucGPLnFSkGUyhFq4wxvTPYFJ4Cq3RqR67QfKPrTb3tkF5VX6 h7aOwpgqaLdlElqTuvdU8vUM3YHsvtEJHVhzVO2hZFL7OVkVQcuwX9Jwx2y2j6WYymY+ pwcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:subject:cc:to:from; bh=0NHm3WYjVrDkk3fhbMFIAp+wyHO99oMI4vr6F3d1jLM=; b=Q4m4Re2ZLNeDVy77S7KrN2rOti6Ul93wN9xKKfPGczgCMgxDoAPiaNY79GodezNy5p PBvkUWaU4+8vYsouFwHo3mqv85KSCf5Ga2TGtKa30Bot/UZxSGcj1L+kibN4jt5F+3gq s42OrSP9nZ2DpvEJpo8TMvktQJJme1ZNPdYW1ld7/xSqJWqDK/uwg4+bRXh0vzQTkwvl YInu+lxZ0Hd6fqGbY4LDHmX/oqTT2tOdAHYMZBovuzwDZzfxmC4jZCdm2gz33owOqr3y h/4dr0l2n1rpkNxjQZOAGiYLVBQA1I0QrpgDTka3Tkf9eNfu8qf2s/oqUyctMldjd3VW eMhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h45si1061024pjb.0.2019.09.04.22.00.08; Wed, 04 Sep 2019 22:00:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730848AbfIED7g convert rfc822-to-8bit (ORCPT + 99 others); Wed, 4 Sep 2019 23:59:36 -0400 Received: from ozlabs.org ([203.11.71.1]:52957 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727562AbfIED7g (ORCPT ); Wed, 4 Sep 2019 23:59:36 -0400 Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 46P6QF30c0z9s7T; Thu, 5 Sep 2019 13:59:33 +1000 (AEST) From: Michael Ellerman To: Mimi Zohar , Nayna Jain , linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Benjamin Herrenschmidt , Paul Mackerras , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Greg Kroah-Hartman , Claudio Carvalho , George Wilson , Elaine Palmer , Eric Ricther , Oliver O'Halloran , Josh Boyer , David Howells Subject: Re: [PATCH v3 3/4] x86/efi: move common keyring handler functions to new file In-Reply-To: <1567551071.4937.5.camel@linux.ibm.com> References: <1566825818-9731-1-git-send-email-nayna@linux.ibm.com> <1566825818-9731-4-git-send-email-nayna@linux.ibm.com> <87pnkisyiv.fsf@mpe.ellerman.id.au> <1567551071.4937.5.camel@linux.ibm.com> Date: Thu, 05 Sep 2019 13:59:33 +1000 Message-ID: <87blvzpf4q.fsf@mpe.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Mimi Zohar writes: > (Cc'ing Josh Boyer, David Howells) > > On Mon, 2019-09-02 at 21:55 +1000, Michael Ellerman wrote: >> Nayna Jain writes: >> >> > The handlers to add the keys to the .platform keyring and blacklisted >> > hashes to the .blacklist keyring is common for both the uefi and powerpc >> > mechanisms of loading the keys/hashes from the firmware. >> > >> > This patch moves the common code from load_uefi.c to keyring_handler.c >> > >> > Signed-off-by: Nayna Jain > > Acked-by: Mimi Zohar > >> > --- >> > security/integrity/Makefile | 3 +- >> > .../platform_certs/keyring_handler.c | 80 +++++++++++++++++++ >> > .../platform_certs/keyring_handler.h | 32 ++++++++ >> > security/integrity/platform_certs/load_uefi.c | 67 +--------------- >> > 4 files changed, 115 insertions(+), 67 deletions(-) >> > create mode 100644 security/integrity/platform_certs/keyring_handler.c >> > create mode 100644 security/integrity/platform_certs/keyring_handler.h >> >> This has no acks from security folks, though I'm not really clear on who >> maintains those files. > > I upstreamed David's, Josh's, and Nayna's patches, so that's probably > me. > >> Do I take it because it's mostly just code movement people are OK with >> it going in via the powerpc tree? > > Yes, the only reason for splitting load_uefi.c is for powerpc.  These > patches should be upstreamed together.   Thanks. cheers