On Wed, Jun 6, 2018 at 11:17 AM Hans de Goede <hdegoede@xxxxxxxxxx> wrote: > > Hi, > > On 05-06-18 22:46, Luis R. Rodriguez wrote: > > On Fri, Jun 01, 2018 at 02:53:25PM +0200, Hans de Goede wrote: > >> Hi All, > >> > >> Here is v6 of my patch-set to add support for EFI embedded fw to the kernel. > >> > >> This patch-set applies on top of the "[PATCH v7 00/14] firmware_loader > >> changes for v4.18" series from mcgrof. > >> > >> It now also depends on the series from Andy Lutomirski which allow using the > >> sha256 code in a standalone manner. Andy what is the status of those? > >> > >> Changes since v5: > >> -Rework code to remove casts from if (prefix == mem) comparison > >> -Use SHA256 hashes instead of crc32 sums > > > > Nice! I see no updates on this progress, but it would seem this > > may then mean this cannot be merged until the release after? > > Once the sha256 bits are in place the subsys tree which has them > merged can create an immutable branch for Greg to merge and > then these can be applied on top of that merge. > > But yes this means that these probably won't go in for another > cycle or 2, that is fine. > > >> -Add new READING_FIRMWARE_EFI_EMBEDDED read_file_id and use it > >> -Call security_kernel_read_file(NULL, READING_FIRMWARE_EFI_EMBEDDED) > >> to check if this is allowed before looking at EFI embedded fw > > > > There's a discussion over having security_kernel_read_file(NULL, > > READING_WHATEVER) become another LSM hook. So your series would conflict with > > that at the moment. > > > > So yet another piece of code which this series depends on. > > Ah well, I'm in no big hurry to get this merged. OTOH if this is > ready and that discussion is not yet finished it might be better > to merge this as is and then have the security_kernel_read_file / LSM > hook series fix this up as necessary when it is merged. > Let's give Jason a bit longer to reply. I know he's actively working on this thing, but it's part of a bigger project. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
